سياسة الخصوصية

Security of Personal Information:

Al Madinah Al Munawarah Chamber prioritizes the confidentiality of the information of its users and visitors. It also does everything in its power to provide high-quality service to all beneficiaries. Privacy and confidentiality of the information described below is an integral part of the terms and conditions of use of the website.

Al Madinah Al Munawarah Chamber does not gather personal information about you when you visit the website unless you voluntarily decide to submit this information to us. If you choose to provide your information, we only use it to respond to your request for information or services in accordance with what is set forth in such policies. Once you use the Chamber of Commerce website, you agree to such privacy policy and confidentiality of information.

Visitors to the website and beneficiaries of the services shall constantly read the terms and principles of privacy and confidentiality of information to know any updates made to them. You shall also bear in mind that the website administrators are not required to announce any updates made to such terms and principles. Your use of the website means that you are aware of and agree on such terms and principles and their constant modifications.

Al Madinah Al Munawarah Chamber is not liable under any circumstances for any direct, indirect, incidental, consequential, special or exceptional damages arising from the use of or inability to use this website.

Privacy and confidentiality of information p5

Security of Personal Information:

• The 'Privacy and Confidentiality of Information' document was created to provide clarity to visitors and users regarding the type of data collected from them when they visit the Al Madinah Al Munawarah Chamber website and the manner in which it is handled.
• The website administrators take appropriate procedures and measures to maintain the personal data they have in a manner that protects them from loss, unauthorized access, misuse, or unauthorized adjustment and disclosure. The main measures applicable on the website to protect the visitor’s personal data include:

1. Strict procedures and measures aimed at protecting the security of data and the technology that we use to prevent scams and unauthorized access to our systems.
2. Regular and periodic updating of protection procedures and controls that meet or exceed set standards.
3. Our employees are qualified and trained to respect the confidentiality of our visitors' personal data.

Gathering personal data:

• Once a user visits Al Madinah Al Munawarah Chamber website, the website server records the user’s IP address, the date and time of the visit, and the URL of any website from which you are referred to Al Madinah Al Munawarah Chamber website.
• Most websites place a small file on the hard disk of the visitor’s device (the browser) once they are visited. This file is called “cookies.” Cookies are text files containing information that allows the website that stored them to retrieve them when needed during the user's next visit to the website. This saved information includes:

1. Remember your username and password.
2. Save page settings if available on the portal.
3. Save the colors chosen by the user.
4. Not allowing the same user to vote more than once.

• The browser (visitor) may not have to enter the password on every visit, as the website system will be able to detect it through cookies or it may prevent the user from repeating the voting process if he has voted previously, and so on. On that basis, the website will use the information contained in the cookies for their own technical purposes when you visit them more than once. The website administrators can also change the information contained in the cookies or add new information whenever you access the website.
• If you send us an email through the e-portal of Al Madinah Al Munawarah Chamber website to provide us with personal data, we may share the necessary data with other entities or departments, in order for them to serve you more effectively. We will not share your personal data with non-governmental entities unless they are among the authorities competent to offer specific government services. Once you submit your personal data via the website, you entirely agree that the Saudi authorities can store, process and use such data. We reserve the right at all times to disclose any information to the competent authorities, where necessary to comply with any law, regulation or a government request.
• You are solely responsible for the completeness, correctness and veracity of the data you submit via this website.

Protecting Your Privacy:

• In order for us to assist you in protecting your personal data, we recommend the following:

1. Contact us immediately when you think that someone has accessed your password, usage code, PIN, or any other confidential information 920028910.
2. Do not give confidential information on the phone or the Internet unless you know the identity of the person or party receiving the information.
3. Use a secure browser when you accomplish online transactions while closing unused applications on the network. Make sure that your antivirus software is updated on an ongoing basis.
4. If you have any inquiries or views about privacy principles, you can contact the portal administrators via the contact form on the Contact Us page.
5. To preserve your personal data, electronic storage and transmitted personal data are secured using appropriate security technologies.
6. This website may contain electronic links to other websites or portals that may use methods to protect information and its privacy that differ from the methods we use. We are not liable for the contents, methods, and privacy of these other websites. We advise you to refer to the privacy notices of those websites.

Sending E-mails:

When you inquire or request information about a specific service or give additional information using any of the electronic or non-electronic means of communication with Al Madinah Al Munawarah Chamber such as requesting an inquiry on our website, we will use your email address to respond to your inquiries. It is also possible to save your email address, your message and our reply to it for quality control purposes. We may also do this for legal and regulatory purposes.

Main Principles of Personal Data Protection:

- The first principle: Responsibility

The privacy policies and procedures of the controller shall be determined and documented, approved by the controller’s senior official (or his deputy), and published to all parties concerned with their implementation.

- The second principle: transparency

A notice of the controller’s privacy policies and procedures shall be developed to specify the purposes for which personal data are processed in a specific, clear and explicit manner.

- The third principle: choice and consent

All possible options of the personal data subject and obtain his consent (implicit or explicit) regarding the collection, use or disclosure of his data shall be specified

- Fourth principle: Limit data collection

The collection of personal data is limited to the minimum amount of data that enables achieving the purposes specified in the Privacy Notice.

- The fifth principle: Limit the use, retention, and disposal of data

The processing of personal data shall be restricted to the purposes specified in the privacy notice to which the data subject has given implicit or explicit consent and be retained as long as necessary to achieve the specified purposes or as required by the laws, regulations and policies applicable in the Kingdom and be destroyed in a safe way that prevents leakage or loss, embezzlement, misappropriation, or legally unauthorized access to them.

- The six principle: access to data

The means through which the data subject can access his or her personal data to review, update and correct them shall be determined.

-The seventh principle: limiting data disclosure

Disclosure of personal data to third parties shall be restricted to the purposes specified in the privacy notice and to which the data subject has given implicit or explicit consent.

- The eighth principle: Data Security

Personal data shall be protected from leakage, damage, loss, embezzlement, misuse, modification or unauthorized access - in accordance with what is issued by the National Cybersecurity Authority and the competent authorities.

- The ninth principle:: data quality

Personal data shall be retained in a way that is accurate, complete, and directly relevant to the purposes specified in such privacy notice.

- The tenth principle: Monitoring and Compliance

Compliance with the controller’s privacy policies and procedures shall be monitored. Privacy-related inquiries, complaints and disputes shall be addressed.

Rights Of The Data Subject:

First, the right to be informed. This includes being notified of the legal basis or actual need to gather personal data, the purpose for that and that subject’s data will not be subsequently processed in a way that is incompatible with the purpose of their collection and to which he gave his implicit or explicit consent.

Second, the right to withdraw his consent to processing his personal data - at any time - unless there are legitimate purposes that require otherwise.

Third, the right to access his personal data with the controller in order to review it, request their correction, completion, or update, request the destruction of what is no longer needed, and obtain a copy of them in a clear format.

General Conditions:

First, the regulators shall align the provisions of such policy with their regulatory documents and circulate it to all of their affiliated or associated entities in a way that achieves integration and ensures the achievement of the desired goal of developing such policy.

Second, regulators shall monitor compliance with this policy periodically.

Third, the controllers shall adhere to such policy and document adherence in accordance with the mechanisms and procedures specified by the regulators.

Fourth, the controllers shall notify the regulators immediately and without delay, and not later than 72 hours from the occurrence or discovery of any personal data leakage incident, in accordance with the mechanisms and procedures specified by the regulators.

Fifth, when contracting with processing entities, the controllers shall periodically verify the processing entities’ compliance with such policy in accordance with the mechanisms and procedures specified by the regulators, provided that this includes any subsequent contracts undertaken by the processing entities.

Sixth, the office shall carry out the roles and tasks of regulators over controllers that are not subject to regulators.

Seventh, regulators shall have the right to set further rules for processing specific types of personal data according to the nature and sensitivity of such data after coordination with the office.

Eighth, the regulators - after coordination with the office – shall develop the mechanisms and procedures that regulate the handling of complaints according to a specific time frame and in accordance with the organizational hierarchy of the entities.

Ninth, the office shall set the necessary standards that help controllers determine whether appointing a data protection officer is a basic or optional requirement.