Policies

An Overview of the Terms, Conditions, and Policies Privacy Policy KFU Cybersecurity Policy Publishing Policy and Terms of Use General Terms and Conditions for e-Services

An Overview of the Terms, Conditions, and Policies

King Faisal University (KFU) is a comprehensive educational, research, and service ecosystem. It was established by Royal Decree No. (H/67) on Rajab 28, 1395 AH. The University strives to serve as a developmental engine and a key knowledge partner in supporting vital sectors locally and regionally. This is achieved by providing future-empowering education, research that catalyzes development and change, community partnerships that foster mutual enrichment, and sustainable business development.

King Faisal University is committed to protecting the data of its beneficiaries when accessing the University's electronic services and systems. KFU ensures the preservation of privacy by implementing the necessary administrative controls and technical measures, in accordance with relevant laws, regulations, and policies. This Privacy Policy has been formulated to help beneficiaries understand the nature and type of data collected through the University’s various channels, the purpose of its collection and processing, and how it is protected. The use of King Faisal University's services constitutes the data subject’s acknowledgment and acceptance of this Privacy Policy and any subsequent amendments. Therefore, the University urges its beneficiaries to periodically review the Privacy Policy to stay informed of any updates via the Data Management and Decision Support Office page on the University's website. To enhance workflow quality, the University also endeavors to notify beneficiaries of policy updates via email notifications.

Contact Information

Data Management and Decision Support Office

Address: Al-Ahsa Governorate – Eastern Province
P.O. Box: 400
Postal Code: 31982
Phone: 0135896729
Email: dmo@kfu.edu.sa

What Personal Data Is Collected?

The University collects the minimum amount of personal data necessary to achieve the intended purposes. The personal data collected includes the following categories:

Basic Personal Data:This includes identification data such as name, gender, national ID number, nationality, marital status, and other identity-defining information that the University may require.
Contact Information:This includes data such as phone numbers, email addresses, and physical addresses.
Account Credentials:This includes login details for accounts on the University's platforms and applications, such as usernames and passwords.
Technical Data:This includes, but is not limited to, Internet Protocol (IP) addresses, login data, browser type and version, time zone settings and location, browser plug-in types and versions, and information collected through cookies.
Financial Information:This includes data collected for payment processing purposes, such as bank account numbers and credit card details.

How and why is your personal data collected?

(Data Collection Methods and Purposes)

The University obtains personal data directly from beneficiaries through several channels, including:

Service Enrollment: Registering via the University’s electronic platforms or various digital services.
Communication:Contacting the University through its official communication channels.
Surveys.
Electronic Registration Forms.

The University obtains personal data directly from beneficiaries through several channels, including:

Third-Party Providers: Data provided by other entities, such as government or private organizations that offer or support services for the University's beneficiaries.
Automated Technical Data: Data recorded automatically upon visiting the University’s website, which includes Internet Protocol (IP) addresses, login details, browser type and version, time zone and location settings, browser plug-in types and versions, and information collected through cookies.
Statutory Cases:Situations provided for under Article 10 of the Personal Data Protection Law (PDPL) and its Implementing Regulations.

How Do We Use Your Personal Data?

We use the personal data collected, whether directly or indirectly, for the following purposes:

Service Fulfillment: To complete the data requirements necessary for providing our services.
Access and Transactions: To enable beneficiaries to access services and perform various transactions securely.
Support and Experience Enhancement: To address and process inquiries or complaints and improve the overall user experience across all communication channels.
Regulatory Compliance: To collect and process personal data in fulfillment of all applicable legal and regulatory requirements.
Decision Support: To provide analytics and statistics to decision-makers within the University.
Notifications and Outreach: To send awareness messages or notifications related to the services provided to you.
Academic and Institutional Research: To conduct studies and research that serve the University’s mission and development.

Legal Bases for Collecting and Processing Your Personal Data

In accordance with the Personal Data Protection Law (PDPL), we rely on the following legal bases for processing your data:

The explicit consent of the data subject, and the beneficiary may withdraw such consent at any time.
When the processing of data is necessary to provide a service or benefit and is directly related to a clearly established relationship involving the processing of personal data.
Legal obligation, such as compliance with applicable laws and regulatory requirements.
The cases stipulated in Article (10) of the Personal Data Protection Law and its Implementing Regulations.
The cases stipulated in Article (27) of the Personal Data Protection Law and its Implementing Regulations.

Your Rights Regarding Personal Data Processing

Under the PDPL, you are entitled to the following rights:

Legal Bases for Collecting and Processing Your Personal Data

In accordance with the Personal Data Protection Law (PDPL), we rely on the following legal bases for processing your data:

Right to be Informed: To know the methods of collection, the legal basis, and the purpose of processing.
Right of Access: To request access to your personal data available at the University.
Right to Data Portability: To obtain your personal data in a readable and clear format, whenever technically feasible.
Right to Rectification: To request the correction of inaccurate or incomplete personal data.
Right to Destruction: To request the disposal of your personal data after the purpose of collection is met, unless there is a legal justification for its retention.
Right to Withdraw Consent: To revoke your consent for data processing, unless laws require otherwise.

How Can You Submit a Complaint or Objection?

If you have concerns regarding non-compliance with the PDPL, you may lodge a complaint with the Data Management and Decision Support Office at King Faisal University through the communication channels provided above. You may also escalate your complaint to the National Data Management Office (NDMO) if you are unsatisfied with how your data is used or if your complaint is not resolved within 30 days.

National Data Management Office Address – Riyadh, Kingdom of Saudi Arabia” https://sdaia.gov.sa/ndmo

Data Collection and Usage

The application uses Apple Pay as a secure payment method for settling outstanding bills.
The application does not collect, store, or process any payment card data (such as card number, expiration date, or security code).
All Apple Pay transactions are securely processed exclusively through Apple’s systems.

Data Received

The application receives only a notification of whether the payment was successful or unsuccessful, without having access to any sensitive financial information.

No payment data is shared with any third party.

We may update this Privacy Policy from time to time, and any updates will be posted on this page.