Sign In

Privacy and Data Protection

Ncc is aware of the importance of your privacy and personal data; therefore, we commit to keeping all critical information and data of all Users safe, secure, and confidential.

The privacy policy and procedures of Ncc is governed by the Personal data protection law (Royal Decree No. (M/19) dated 1443/2/9 AH), the Main Principles of Personal Information Protection and the Main Principles and General Rules for Sharing Data issued by the Saudi Data and Artificial Intelligence Authority (SDAIA) and National Data Management Office (NDMO).

The Personal Data Protection Law and its executive regulations set the legal basis for the protection of your rights regarding the processing of personal data by all entities in the Kingdom, as well as all entities outside the Kingdom that process personal data related to individuals residing in the Kingdom using any means, including online personal data processing.

The fundamental principles of our data protection policy include:    

  • - Accountability by the head of the entity (or his designee) for the Data Controller's privacy policies and procedures.
  • - Transparency through Privacy Notice indicating the purposes for which personal data is collected.
  • - Choice and Consent obtained through implicit or explicit approval regarding the collection, use and disclosure of personal data before collection.
  • - ​Limiting Data Collection to minimum data that enables fulfilment of purposes.
  • - Use, Retention and Destruction strictly for the purpose, retained as long as necessary to achieve intended purposes or as required by laws and regulations and destroyed safely, preventing leakage, loss, theft, misuse or unauthorized access.
  • - Access to data by which any Data Subject can review, update and correct their personal data.
  • - Data Disclosure Limitation approved by Data Subject restricts third parties to the purposes provided in Privacy Notice. 
  • - Data security by protecting personal data from leakage, damage, loss, theft, misuse, modification, or unauthorized access; according to the controls issued by the National Cybersecurity Authority and other relevant authorities.​
  • - Data quality after verification of its accuracy, completeness and timeliness.
  • - Monitoring and Compliance with Data Controller's privacy policies and procedures, and any privacy-related inquiries, complaints, and disputes.

The National Data Management and Personal Data Protection Standards cover 15 Data Management and Personal Data Protection domains. The Standards apply to all government data regardless of form or type, including paper records, emails, data stored in electronic form, voice recordings, videos, maps, photos, scripts, handwritten documents, or other recorded data. The application of the provisions of the Personal Data Protection Law and its executive regulations is without prejudice to the competencies and tasks of the National Cyber Security Authority as a competent security authority for cybersecurity and its affairs in the Kingdom.