Introduction

Princess Nourah bint Abdulrahman University is a leading institution for women, focused on education, research, and building a knowledge-based economy. In line with the university's commitment to protecting users' data and ensuring the confidentiality of personal information, a privacy policy has been developed. This policy explains how personal data is handled, this policy outlines the types of data collected, the purposes for its use, the methods of sharing, exchanging, and storing it, and the rights of data owners.

By using the university's website, you consent to the terms of this privacy policy, in accordance with the Personal Data Protection Law and its executive regulations.

The university encourages users to regularly review this privacy notice to stay informed of any updates. For further inquiries, please feel free to contact us using the available communication channels provided below.

 

Contact Information:

Office:

Data Management and Governance Office, Princess Nourah bint Abdulrahman University

Address:

Riyadh – Airport Road

Email:

dmo@pnu.edu.sa

 

Last Updated:
The privacy policy was last updated on 27-01-2025.

 


What Personal Data Will Be Collected?

The university collects only the minimum personal data necessary for the services a user wishes to access or use. The collected personal data includes the following categories:

Basic Personal Data:

Includes essential identity details such as name, gender, ID number, nationality, marital status, and other relevant information required by the university.

Contact Information:

Includes phone numbers, email addresses, and physical addresses.

Account Information:

Includes login details for university platforms and applications, such as usernames, passwords, and contact information (phone numbers, email addresses, physical addresses).

Financial Data:

Includes data required for payment transactions, such as bank account numbers, credit card information, and health insurance details.​

Educational Data:

Includes information about the user's educational qualifications and academic background.

​ 


How Is Your Personal Data Collected, and What Is the Purpose?

We collect some personal data directly from you when you register through the university's official channels, use mobile apps, access services or products, or interact with customer service. Additionally, data may be provided by other sources. The data is collected for the following purposes:

 

Methods of Collection:

  1. Direct Collection:
    • Online Forms:
      Personal data is collected through online forms when registering or interacting with the university's services.
    • Communication Channels:
      Data is gathered when you contact the university via communication channels for inquiries or services.

Types of Personal Data Collected:

  1. Account Data:
    • Data collected: Name, ID/ residence number, email, mobile number, nationality, gender.
    • Purpose: To create an account and facilitate communication for services or inquiries.
  2. Financial Data:
    • Data collected: Bank card number, cardholder name, card expiration date, health insurance details.
    • Purpose: To process transactions and complete service-related activities.
  3. Personal Identification Data:
    • Data collected: Name, educational qualifications, date of birth, photo.
    • Purpose: To review applications for university admission or job opportunities.
  4. Contact Data:
    • Data collected: Phone numbers, email addresses, physical addresses.
    • Purpose: To improve service quality, ensure the accuracy of provided information, and support research and development initiatives.

Indirect Methods of Data Collection:

1.   Integration with Internal Systems:

Personal data is collected through integration with internal university systems.

2.   Integration with Nafath (National Authentication System):

Data is collected through the linking of systems with Nafath for authentication purposes.

3.   Automatic Collection of Technical Data:

Data such as IP address, device type, and operating system is automatically collected in log files.

4.   Communication Data:

Audio conversations conducted through the beneficiary service center are recorded indirectly through service systems. This data is used for improving service quality, ensuring information accuracy, and for research and development purposes.

5.   Identity Verification Data:

Information such as ID number, mobile number, and email address is collected indirectly via the system to verify the identity of the applicant.

6.   Payment Transaction Data:

Information such as transaction amount, date of the transaction, and transaction reference number is collected indirectly via the university's electronic billing systems. This data allows the university to track transactions, provide post-payment services, and offer additional related services.​​


How Do We Use Your Personal Data?

We use the personal data collected directly or indirectly in the following ways:​

    • To collect the necessary data to provide services to users.
    • To allow beneficiaries to access services and complete transactions.
    • To resolve and address any inquiries or complaints, as well as to improve the beneficiary experience across all communication channels.
    • To collect and process personal data in order to comply with legal and regulatory obligations.

 

How Do We Disclose Your Personal Data?

We may disclose your personal data to the following entities:

  1. Other Public Entities:
    To serve public interest, for security purposes, to comply with legal requirements, or to protect public health, public safety, or individual lives, including specific individuals or protecting their health.
  2. University Data Processing Entities:
    To entities processing data on behalf of the university, ensuring the university's legitimate interests without infringing upon the rights or interests of the data owner.
  3. Entities Inside or Outside the Kingdom of Saudi Arabia:
    To fulfill any local or international agreements that serve the legitimate interests of the university or public interest, while adhering to the legal and regulatory frameworks.

 

Legal Grounds for Collecting and Processing Your Personal Data

In line with the Personal Data Protection Law, the legal grounds we rely on for processing your data are as follows:

  • Your Explicit Consent:
    You provide consent, which you can withdraw at any time. To withdraw, please contact us using the contact details provided above.
  • Compliance with Legal Obligations:
    To fulfill statutory requirements and comply with applicable laws and regulations.
  • Enabling and Providing Services at Princess Nourah bint Abdulrahman University:
    To facilitate and deliver university services and meet its requirements.
  • Issuing Policies and Preparing Studies:
    To create policies and conduct studies that support operational needs.
  • Addressing Inquiries and Complaints:
    To resolve and manage any inquiries or complaints from beneficiaries of the university's services.
  • Improving Service Quality:
    To enhance the performance, development, and user experience, ensuring the continuous delivery of services with the required quality.
  • User Identity Verification:
    To authenticate the identity of users when registering for various university services.
  • Meeting Legal and Regulatory Requirements:
    To fulfill certain legal and regulatory obligations.

 

How Do We Store Your Personal Data?

Your personal data is securely stored in a storage unit hosted on servers located within the university's premises. The storage devices and servers containing personal data are regularly monitored, updated, and backed up. Please note that your data is not deleted or discarded unless it is no longer needed for the purposes for which it was collected.

 

Your Rights Regarding the Processing of Your Personal Data

Under the Personal Data Protection Law, you are entitled to the following rights, which depend on the purpose for which your personal data was collected and processed:

  1. Right to Be Informed:
    You have the right to be informed about the legal or practical grounds for collecting your personal data, the purpose behind it, and to ensure that it will not be processed in ways that contradict the original purpose, except as stated in Article 10 of the Personal Data Protection Law.
  2. Right to Access Your Personal Data:
    You can request access to your personal data held by the university, including reviewing and obtaining a copy of it in a clear and accurate format. This can be done at no charge, in accordance with applicable regulations, and excluding any fees related to the Credit Information System as per Article 9 of the law.
  3. Right to Correct Your Personal Data:
    If you believe any of your personal data is inaccurate, incomplete, or incorrect, you have the right to request that we correct it.
  4. Right to Erase Your Personal Data:
    You have the right to request the deletion of your personal data once it is no longer necessary for the purposes for which it was collected, in line with Article 18 of the Personal Data Protection Law.

Please note that some or all of these rights may be subject to certain exceptions and exemptions under the law. Each request will be assessed individually to determine its appropriateness.

 

How to File a Complaint or Objection

If you have concerns or believe that we have not complied with the Personal Data Protection Law, you can submit a complaint to the Data Management and Governance Office using one of the contact channels provided above.

If you are not satisfied with how your complaint is handled, or if you do not receive a response within 10 business days, you may escalate your complaint to the Saudi Data and Artificial Intelligence Authority (SDAIA).

​ 

Saudi Data and Artificial Intelligence Authority (SDAIA) Contact Information:

 

​ 

​​