Privacy Policy

This Privacy Policy (“Policy”) is a legally binding agreement between you (“User”, “you” or “your”) and the Digital Government Authority (DGA) (“DGA”, “we”, “us” or “our”) as a government entity of the Kingdom of Saudi Arabia (KSA) that developed and maintain the GOV.SA Portal (“Portal”). 
We respect your privacy and are committed to protecting it through our compliance with this Policy which describes the types of information we may collect from you or that you may provide (“Personal data”) on the Portal and any of its related services (“Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that Personal data. It also describes the choices available to you regarding our use of your Personal data and how you can access and update it. This Policy is aligned with the Personal Data Protection Law (‘’Law”) applicable in the Kingdom of Saudi Arabia.

Data Collection

You can access and use the Portal without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the features offered on the Portal, you may be asked to provide certain Personal data. You can choose not to provide us with your Personal data, but then you may not be able to take advantage of some of the features on the Portal. Users who are uncertain about what information is mandatory are welcome to contact us.
The purpose of collecting personal data is directly related to the purposes of the Portal and shall not conflict with any prescribed provision. The methods and means of collecting personal data be appropriate to the user's circumstances, direct, clear and secure, and free from deception, misinformation or extortion. If it turns out that the personal data collected is no longer necessary to achieve the purpose of its collection, the Portal will stop hoarding it and destroy the previously collected data immediately. 
The Portal will ensure fulfilment of the following criteria before collecting your personal data:
  • The justification for collecting your personal data.
  • The purpose of collecting your personal data, whether all or part of its collection, is mandatory or optional, with further information about processing the data which is not contrary to the purpose of its collection or otherwise provided by the Law.
  • The identity and reference address of the collector of personal data where appropriate, unless it is for security purposes.
  • The entity or entities to which the personal data will be disclosed, described, and whether the personal data will be transferred, disclosed or processed outside the Kingdom.
  • Possible effects and risks of non-compliance with the personal data collection procedure.
  • Your privacy and data protection rights as stipulated in the Law.
  • Other elements as determined by the regulations depending on the nature of the activity exercised by this entity.

In case personal data is collected from the non-users, the following conditions will be met:

  • If the owner of personal data agrees to do so, by the provisions of the Law.
  • If personal data is publicly available or collected from a publicly available source.
  • If the entity is a public entity, and the collection of personal data is not directly owned or processed for a purpose other than the one for which it was collected, is required for security purposes or to implement another system or to meet judicial requirements in accordance with the provisions specified by the regulations.
  • If compliance with this prohibition may harm the owner of personal data or affect his vital interests, by the provisions specified by the regulations.
  • If the collection or processing of personal data is necessary to protect the health or public safety or the life or health of a particular individual or individuals. 
  • If the personal data will not be recorded or stored in a format that makes it possible to identify and identify its owner directly or indirectly.

What Data we Collect

The Portal retrieves your personal data available on the Government Service Bus (GSB). The personal data, whatever its source or form, would expressly identify the individual or make it possible to identify it directly or indirectly, and includes name, personal identification number, addresses, contact numbers, license numbers, records and personal property, bank account and credit card numbers, fixed or moving images of the individual, and other data of a personal nature. 
It includes any process performed on personal data by any means, whether manual or automated, including collection, recording, preservation, indexing, arrangement, coordination, storage, modification, updating, integration, retrieval, use, disclosure, transmission, publication, data sharing or interconnection, blocking, scanning, and destruction.

Automatic collection of information

The Portal's servers automatically capture your Internet Protocol (IP) address when you visit the Portal. (Your Internet Protocol address is the number of the computer you are using, which allows other devices connected to the Internet to determine the destination of data from them, and to collect certain information such as browser type and search engine but without personally identifying you). The Portal's use of your Internet protocol helps to diagnose problems that occur in its servers, and also helps it to perform the necessary statistics to measure the use of the Portal (the number of visitors and the language of the computer you use), and the Portal does not allow anyone outside the framework of its technical team to see the protocol your internet.


The Portal may store cookies on your computer when you visit the Portal. Cookies are pieces of data that uniquely identifies you as a user and can be used to improve your knowledge of the Portal and better understand your needs and how you use the Portal and government digital services. Most browsers are initially set up to accept cookies, and you can also reset your browser to refuse all cookies or to alert you when cookies are being sent. 

Geographical Location

You may at times be required to consent use of your geolocation to use some of the services offered by the Portal. Identifying users' geolocation will benefit from the availability of specific services on the Platform.

Data Processing

Your personal data will not be processed without taking sufficient steps to verify its accuracy, completeness, novelty and relevance to the purpose for which the provisions of the regulations collected it.
The Portal applies the highest security standards to protect the data and information. The sensitive data and any data that should be kept confidential under legal requirements are encrypted and subject to additional controls and procedures. Sensitive data includes an individual’s ethnic or tribal origin, religious, intellectual or political belief, or indicates membership in civil associations or institutions, as well as criminal and security data, biometric data that identifies genetic data, insurance data, health data, location data, credit data and data indicating that the individual’s parents are anonymous or one of them.
Our technical staff is only permitted to handle this information to provide such services of that is consistent with your needs. We never let any party other than the technical team of the Portal to know your IP address.

Disclosure of Information

Your data may be made available to government officials in the exceptional circumstances that this need should arise; however, it will never be made available to the public without your prior consent.
Your personal data will be disclosed only in the following circumstances:
  • If you agree to disclose it in accordance with the provisions of the Law.
  • If your personal data has been collected from a publicly available source.
  • If the entity requesting the disclosure is a public entity, for security purposes, to implement another system, or to meet judicial requirements per the provisions specified by the regulations.
  • If disclosure is necessary to protect the public health or safety, the life of a particular individual or individuals, or their health. 
  • If the disclosure will be limited to its subsequent processing in a manner that does not lead to the identification of the owner of the personal data or any other individual specifically.  Will not be circulated, exchanged, or sold to any third party without your prior consent.
The Portal shall not disclose your personal data whenever the disclosure is characterized by any of the following:
  • It represents a threat to security, harms the reputation of the Kingdom, or conflicts with its interests.
  • It affects the Kingdom’s relations with other countries.
  • It prevents the disclosure of a crime or infringes on the rights of an accused to a fair trial or affects the integrity of existing criminal proceedings.
  • It endangers the safety of an individual or individuals.
  • It entails a violation of the privacy of an individual other than the owner of personal data as determined by the regulations.
  • It is contrary to an incomplete or incapable interest.
  • It violates established professional obligations.
  • It involves a breach of an obligation, proceeding or court ruling.
  • It discloses a confidential source of information that the public interest should not disclose.

Right to Access or Modification

Any user who provides the Portal with his/her personal data has the right to access or correct it. The user can modify his/her personal data through the Portal, and he/she can also request the modification of his/her personal data by sending an email to

Data Retention

We will retain and use your Personal data for the period necessary to comply with our legal obligations. We will destroy your personal data as soon as the purpose of collecting it has expired. However, it may retain such data after the purpose of collecting it has expired if everything that leads to the specific knowledge of the owner has been removed in accordance with the controls specified by the regulations.
This Portal shall retain personal data even after the purpose of collecting it has expired in the following cases only:
  • If there is a systemic justification that must be retained for a specified period, in which case it shall be destroyed after the end of this period or the expiry of the purpose of its collection, whichever is longer.
  • If the personal data is closely related to a case before a judicial body and its retention is required for this purpose, in which case it is destroyed after the completion of the judicial proceedings of the case.

Data Analytics

Our Portal may use third-party analytics tools that use cookies, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on User activity such as how often Users visit our Portal and Services, what pages they visit and for how long, etc. We use the information obtained from these analytics tools to monitor the performance and improve our Portal and Services. We do not use third-party analytics tools to track or to collect any personally identifiable information of our Users and we will not associate any information gathered from the statistical reports with any individual User. 

Links to Other Websites

This Policy applies to the Portal only. The Portal and Services contain links to other resources that are not owned or controlled by us. If you move to another website through the Portal, you should read that website's privacy policy; To determine the information security practices and privacy policy adopted there.

Protection of Personal Data

We are committed to protecting the privacy and confidentiality of personal data and not to view it without personal consent, except in the legal cases required by the system to disclose it. We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Data in our control. 

Changes to the Privacy Policy

The Portal has its own discretion to update this Privacy Policy at any time. An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Portal and Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. To find out the latest update, the user should review the update date at the bottom of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.

Agree to the Privacy Policy

You acknowledge that you have read this Policy and agree to all its terms and conditions. Your use of the Portal signifies your acceptance of this Policy, and the terms and conditions that govern it. If you do not agree to this policy, you must not use any of the content or the services offered through the Portal.

Contact Us

If you have any questions, concerns, or complaints regarding this Policy, the information we hold about you, or if you wish to exercise your rights, we encourage you to contact us using the details below:

Important Links