Beta Version

About the Policy

King Abdulaziz University affirms its firm commitment to protecting the privacy of personal data of users of its website, digital platforms, applications, and electronic services. The University takes all necessary organizational, technical, and administrative measures to ensure that personal data is collected, processed, stored, shared, and disposed of in a secure and responsible manner, in compliance with the Personal Data Protection Law of the Kingdom of Saudi Arabia, its Implementing Regulations, applicable regulatory controls and instructions, and recognized international standards and best practices.

As part of its institutional responsibility, the University is committed to promoting the principles of governance, transparency, and compliance, and to continuously enhancing controls and procedures related to personal data protection. This includes risk management, access control, cybersecurity enhancement, awareness raising, compliance monitoring, and ensuring the lawful and fair use of personal data across all academic, research, administrative, and service activities.

This Policy has been developed to clarify the general framework governing how the University handles personal data, to outline the rights of data subjects, and to strengthen trust and transparency for beneficiaries when using the University’s websites, digital platforms, applications, or any of its electronic services.

Definitions

For the purposes of this Policy, the following terms shall have the meanings assigned to them below, unless the context requires otherwise:

  • University: King Abdulaziz University.
  • Personal Data: Any data, regardless of its source or form, that may lead to identifying an individual specifically, or make it possible to identify them directly or indirectly.
  • Data Subject: The natural person to whom the personal data relates.
  • Processing: Any operation performed on personal data by any means, whether manual or automated, including collection, recording, storage, amendment, use, sharing, disclosure, linking, or destruction.
  • Processor: Any entity that processes personal data on behalf of the University in accordance with its legal and contractual instructions.
  • Electronic Services: All digital services, systems, platforms, or applications provided or supervised by the University.
  • Applicable Regulations: Laws, regulations, controls, and directives in force in the Kingdom of Saudi Arabia relating to data protection, privacy, cybersecurity, and digital government.

Scope of Application

This Policy applies to all personal data processed through the University’s websites, digital platforms, applications, systems, and electronic services, or those operated on its behalf, including but not limited to:

  • The main University website and websites of sectors, colleges, deanships, departments, centers, and institutes.
  • Electronic portals and academic, administrative, research, and service systems.
  • University mobile applications.
  • Digital platforms dedicated to communication, registration, learning, self-services, technical support, and beneficiary management.
  • Official websites and webpages affiliated with University entities.
  • Any future digital services launched by the University or in cooperation with approved entities.

Principles of Personal Data Protection

The University is committed to the following principles when processing personal data:

  • Lawfulness, fairness, and transparency.
  • Purpose limitation.
  • Data minimization.
  • Accuracy and updating where necessary.
  • Confidentiality, integrity, and protection of data.
  • Retention for legally approved periods only.
  • Accountability, compliance, and demonstrable governance.
  • Respect for data subject rights.
  • Privacy and security by design and by operation.

Data Collection and Categories

First: Personal Data

The University may collect personal data voluntarily provided by the data subject when using the website or related services, including:

  • Full name.
  • National ID, residence permit number, University ID, or employee number where required.
  • Email address.
  • Mobile number.
  • Registered address.
  • Academic data related to study and registration.
  • Employment data of faculty members and employees.
  • Applicant data for admission.
  • Job applicant data.
  • Trainee data for training programs offered by the University.
  • Data received from government entities or trusted relevant parties in accordance with approved regulations and agreements.
Second: Non-Personal Data

Certain data may be collected automatically when using websites or digital services, including:

  • IP Address.
  • Device type, browser type, and operating system.
  • Pages visited and viewed content.
  • Browsing duration.
  • Electronic transaction logs.
  • Performance and digital analytics data.
  • Clicked links.
  • Traffic patterns and usage trends.
  • Cookies and similar tracking technologies.
Third: Data Obtained from Other Parties

The University may, in accordance with applicable laws and approved controls, obtain data from governmental, educational, regulatory, or contractual entities when necessary to achieve a legitimate purpose.

Legal Basis and Purposes of Data Use

Personal data is processed for legitimate purposes related to the University’s functions, including:

  • Providing academic, administrative, research, and support services.
  • Executing user requests and completing electronic transactions.
  • Improving websites, platforms, and digital services, and enhancing user experience.
  • Conducting studies, analytics, and statistics to support institutional development and decision-making.
  • Communicating with users regarding news, events, services, and important notifications.
  • Identity verification and access management.
  • Human resources, financial, and operational management.
  • Admission processes and academic journey management.
  • Sending awareness messages or service-related notifications.
  • Compliance with legal, regulatory, and judicial obligations.
  • Protecting systems, managing risks, strengthening cybersecurity, and ensuring business continuity.
  • Scientific research in accordance with approved ethical and regulatory frameworks.

Data Sharing and Disclosure

The University may share or disclose personal data within the necessary limits and in accordance with applicable regulations in the following cases:

  • With authorized internal entities within the University.
  • With competent governmental authorities to fulfill legal obligations.
  • With contracted service providers or processors under binding agreements.
  • To protect legal rights or comply with judicial orders.
  • In cases permitted by law or based on legally valid consent where required.
The University ensures that any sharing is limited to the minimum necessary data and subject to appropriate security and contractual safeguards.

Cross-Border Data Transfer

Personal data shall not be transferred outside the Kingdom of Saudi Arabia except as permitted by applicable laws, regulations, and controls, and after fulfilling all legal requirements and implementing appropriate safeguards for personal data protection.

Personal Data Security

The University is committed to implementing appropriate security controls and measures to protect personal data against loss, unlawful use, unauthorized access, alteration, disclosure, or destruction, including where appropriate:

  • Identity and access management.
  • Encryption and protection of communications and sensitive data.
  • Continuous monitoring and security surveillance.
  • Backup and disaster recovery.
  • Vulnerability management and security patching.
  • Data classification and handling based on sensitivity.
  • Incident management and response.
  • Awareness, training, and compliance enhancement.

Data Retention and Disposal

The University retains personal data only for the period necessary to fulfill the purpose of collection or for periods required by law or contract. Upon expiry of such period, the data shall be securely destroyed or anonymized in a manner that prevents access, recovery, or misuse.

Rights of the Data Subject

In accordance with the Personal Data Protection Law and applicable regulations, the data subject shall enjoy, as applicable, the following rights:

  • The right to be informed.
  • The right to access personal data held by the University.
  • The right to request correction, completion, or updating of personal data.
  • The right to request destruction of personal data where legally permissible.
  • The right to object to processing in cases not based on a lawful ground.
  • Requests shall be processed within a period not exceeding 30 business days from receipt, and the data subject shall be notified of the outcome.

Cookies and Similar Technologies

The University may use cookies and similar technologies to improve user experience, measure performance, and enhance digital services. Users may manage such settings through their browser or device settings, noting that some service functions may be affected.

External Links

The University’s website or platforms may include links to external websites or services for reference or integration purposes. Such entities are subject to their own privacy policies, and the University is not responsible for their content or privacy practices. Users are encouraged to review those policies.

Governance and Responsibilities

The relevant entities within the University shall be responsible for implementing this Policy, monitoring compliance, and periodically reviewing and updating it. This includes the entities responsible for cybersecurity, technology, the General Administration of Institutional Governance and Compliance, and business owners of processes and services, each within its respective mandate.

The Data Management Office shall serve as the designated Personal Data Protection Officer function within the University and shall oversee personal data governance, monitor compliance with applicable laws and policies, coordinate data subject requests, and support continuous improvement and compliance efforts.

Policy Review and Updates

  • The University reserves the right to update or amend this Policy whenever necessary in line with regulatory, operational, or technical requirements.
  • The version published through the University’s official channels shall be the approved and effective version.
  • This Privacy Policy was last updated on 1 April 2026.
  • Arabic shall be the governing language for the interpretation and application of this Policy. In the event of any discrepancy between the Arabic text and any translated version, the Arabic text shall prevail.

Contact and Inquiries

For inquiries or complaints related to privacy, personal data protection, or the handling of personal data at the University, or to exercise data subject rights, including access, correction, or destruction requests where legally permitted, you may contact the Data Management Office through the official channels or via email:

DMO@kau.edu.sa

Acknowledgment and Acceptance

Your use of the websites, digital platforms, applications, or electronic services of King Abdulaziz University constitutes acknowledgment that you have read and understood this Policy. Personal data shall be processed in accordance with applicable legal grounds and relevant laws and regulations. If you do not agree with any part of this Policy, you should discontinue use of any service you do not wish to use.

image

About the University

Acceptance

Quick Links

King Abdulaziz University, All rights reserved. © 2026

Search King Abdulaziz University