Privacy Policy

Under the KSA Basic Law of Governance, the privacy rights of individuals are protected in accordance with Sharia law to the extent that telegraphic, postal, telephone and other means of communications are safeguarded and cannot be confiscated, delayed, read or breached. In October 2019, Royal Decree No. M/126, the E-Commerce Law, came into force. The law applies to e-commerce service providers with the goal of enhancing trust in online transactions. The law also contains provisions aimed at protecting the personal data of e-commerce customers. Specifically, the law specifies that service providers will be responsible for protecting the personal data of customers in their possession or ‘under their control’. ‘Control’ in a data protection context exists where an organisation can make decisions concerning that personal data, such as why to collect it in the first place, what to do with it, how long to keep it, and who to share it with. A service provider may still have ‘control’ of personal data where it passes the data on to a third party as part of an outsourcing or other arrangement.