Privacy Policy – Document Classification: Restricted

Version Number: 1.0

Date: 30/09/2024 – Data Management Office

 Privacy Policy and Data Protection

As part of its commitment to protecting the data of its service beneficiaries, the General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque is committed to safeguarding their privacy, ensuring compliance with the Personal Data Protection Law, and implementing measures to prevent data breaches and unauthorised access to personal information.

Contact information

Responsible Office: Data Management Office

Email: admin@mosles.top

 :Information We Collect

1. We collect your personal data only to the extent necessary to provide high-quality, tailored services in compliance with relevant regulations and laws. Failure to provide this information may affect your ability to use our website and benefit from our services.

2. We collect different types of data about you, as outlined below:

  • National Identity Information, including full name, phone number, date of birth (Gregorian and Hijri), issuance and expiration date of the national ID/residency permit, gender, and nationality.
  •  Cookies Data, including information collected through web logs and cookie technologies, such as IP address or similar technologies.
  •  User’s Geographical Location, collected to enable access to certain services provided on the Authority’s website.

 ?How We Store Your Personal Data

  • Data Collected Directly from the Data Subject, provided by the individual to the General Authority for the Care & Management of the Affairs of the Grand Mosque and the Prophet’s Mosque through registration on the website or any of the platforms or services available on the site
  • Indirectly Collected Data, gathered when visiting the website (cookies). This includes information sent by the user’s browser upon visiting the General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque website, such as logging the user’s IP address, date, and time of visit. This data is used to distinguish between users, collect statistics, and enhance the user experience on the website.
  • Personal data is collected and processed based on the consent of the data subject.
  • The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque is committed to collecting only the minimum necessary personal data, ensuring it is strictly relevant and directly necessary for its intended purpose.
  • The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque does not collect any personal data from third parties.

 :Purpose of Collecting Personal Data

  • Personal data is collected, used, and processed for regulatory and improvement purposes.
  • Personal data is collected, used, and processed to follow up on user inquiries, suggestions, or complaints.
  • Personal data is collected, used, and processed to provide services by the General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque to users.
  • Personal data is collected, used, and processed to fulfill the Authority’s legal responsibilities and obligations.
  • Personal data is collected, used, and processed to provide requested information, process job applications, or respond to inquiries about employment opportunities.

 ?How We Process Your Personal Data

Personal data is processed after implementing the necessary measures in accordance with the purposes for which it was collected and in compliance with regulations. To ensure information security, the The The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque applies the highest security standards to maintain data confidentiality and prevent unauthorized access. Sensitive data and any information requiring confidentiality are encrypted in accordance with regulatory requirements.

 ?With Whom We Share Your Information

The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque reserves the right to share personal data with other entities or departments to serve users more effectively. Personal data will not be shared with non-governmental entities unless they are authorized or designated to perform specific governmental services.

The Authority also reserves the right to disclose any information to the relevant authorities or concerned entities whenever necessary, in accordance with the legal provisions outlined in the Personal Data Protection Law and the data-sharing regulations.

By providing their personal data and information to the The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque through any official channel—including platforms, email, or direct submission at the Authority’s offices—the data subject explicitly consents to the storage, processing, and use of their data by the Authority.

Additionally, the Authority reserves the right to disclose any information to the relevant authorities or concerned entities whenever necessary to comply with any law or regulation or to serve the public interest.

 Purpose Limitation

The Authority collects and uses your personal data only for clear, lawful, and specific purposes, ensuring transparency and the protection of your privacy rights.

 Legal Basis for Collecting and Processing Personal Data

Your explicit consent is required for data collection and processing. You may withdraw your consent at any time, provided that this does not affect processing operations conducted based on other legal justifications. To do so, you can contact the Data Management Office at the details provided below.

 Storage, Retention, and Disposal of Personal Data

Personal data is stored within the Kingdom of Saudi Arabia on secure servers using the latest technologies, in compliance with the policies and regulations of the National Cybersecurity Authority and the security policies applied by the The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque.

This ensures protection against unauthorized access and minimizes cybersecurity risks. Data is retained for a specified period in accordance with legal and internal regulations. Once the retention period expires, the data is securely destroyed in a manner that prevents access or recovery, in line with the Authority’s internal policies.

The Authority employs encryption, anonymization, and tokenization techniques as needed to safeguard personal data from breaches, damage, or unauthorized access.

 Your Rights Regarding the Processing of Your Personal Data

The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque makes every effort to ensure the protection of personal data subjects’ rights in accordance with the provisions of the Personal Data Protection Law and its executive regulations. The Authority is committed to implementing best practices to ensure compliance with these laws and regulations, with a focus on transparency and data protection to foster trust and security for users. These rights include:

1. Right to Be Informed: You have the right to know how we collect your personal data, the legal basis for its collection and processing, how it is processed, stored, and disposed of, and to whom it may be disclosed. You can review all details in the Privacy Policy.

2. Right to Access Your Personal Data: You have the right to request access to your personal data held by the data controller in a readable and clear format, whenever technically possible.

3. Right to Rectify Your Personal Data: You have the right to request the correction of any personal data you believe is inaccurate, incorrect, or incomplete.

4. Right to Erasure of Personal Data: You have the right to request the deletion of your personal data under the following circumstances:

  • A direct request from the data subject.
  • The personal data is no longer necessary to fulfill the purpose for which it was collected.
  • The data subject withdraws consent for data collection, provided that consent was the sole legal basis for processing.
  •  If the Authority processes personal data in a manner that violates the law.

5.The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque reserves the right not to delete personal data if a legal provision mandates a specific retention period or if it deems that retaining the data for a longer period serves its interest. In such cases, the provisions of Article 18 of the Personal Data Protection Law shall be observed.

6. Right to Withdraw Consent for Data Processing: You have the right to withdraw your consent for the processing of your personal data at any time, unless there are legal justifications that require otherwise.

7. Right to File a Complaint Regarding the Application of the Law: If you have any objections or concerns about how the law is applied, you have the right to file a complaint with the relevant authority through the mechanisms, procedures, and channels designated for this purpose.

 Contact Us

If you have any concerns or believe we have not complied with the Personal Data Protection Law, you may file a complaint with the Data Management Office at the The General Authority for the Care & Management of the Grand Mosque and the Prophet’s Mosque via email: DMO@gph.gov.sa.

If you are not satisfied with our handling of your complaint or if you do not receive a response within 15 working days from the date of submission, you may escalate your complaint to the competent authority, the Saudi Data and Artificial Intelligence Authority (SDAIA).