Terms & Conditions
Effective date: 22/08/2023
Privacy Notice
We, King Abdullah University of Science and Technology (“KAUST” or “we”), value the data privacy of personal data owners (“you” or “yours”) and are dedicated to the protection of your Personal Data (as defined below) and in Kaust’s Data Privacy Policy.
Who We Are
KAUST is a university based in the Kingdom of Saudi Arabia and the “Controller” of your Personal Data, which means that we decide how and why we process your Personal Data. We process your Personal Data for various reasons and in different manners, mostly depending on what relationship we have with you. In all cases, we are committed to inform you about how we use and process your Personal Data and to ensure that our processing aligns with applicable data privacy and protection laws (especially the Saudi Personal Data Protection Law or “PDPL”).
Definition of Personal Data
“Personal Data” are any information that relates to an identified or identifiable individual such as the name, the address, or the telephone number of an individual. This term may also include “sensitive data,” such as data about someone’s health, DNA, religious beliefs, ethnicity, or tribal origin, and/or criminal history. “Processing” means any operation which is performed on your Personal Data such as collecting, storing, or analyzing your Personal Data.
The sections below are dedicated to different categories of personal data owners, based on your relationship with KAUST. In these sections, you can find more information on:
- where we collect your Personal Data;
- what kinds of Personal Data we process about you, and for what purposes;
- what legal basis we rely on when processing your Personal Data;
- how long we store your Personal Data for; and
- whom we share your Personal Data with.
Contractor Workforce Employees
Security of Your Personal Data
KAUST maintains appropriate technical, physical, and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.
Non-public Personal Data is held strictly confidential, accessible only to those authorized to access the information, and strictly for the purpose of fulfilling their work duties. All KAUST employees are required to sign and comply with KAUST’s Confidentiality Agreement, which requires handling confidential information with diligence and carefulness, in compliance with data privacy laws, and prohibits disclosure beyond a strict need-to-know basis.
KAUST applies strict technical access-controls, password protection, encryption in transit and at rest, and firewall protection to non-public Personal Data. For more information about the technical measures KAUST applies to protect your Personal Data, please see KAUST’s Information Security Policy and Minimum Security Standard.
However, KAUST cannot guarantee that unauthorized third parties will never be able to defeat these measures or use your personal information for improper purposes.
Your Rights and How to Exercise Them
The PDPL and the General Data Protection Regulation (“GDPR”) (as well as other applicable data protection laws) provide you with certain rights regarding our processing of your Personal Data, which we would like to explain to you briefly below. KAUST will make a good faith effort to honor the rights of personal data owners and to fulfill legitimate and appropriate requests.
- Right to Be Informed. You have the right to be informed of the purpose and the valid legal basis or practical justification for collecting their Personal Data, and that your data shall not be processed later in a manner inconsistent with that purpose.
- Right to Request Access. You have the right to ask for access to, and copies of, your Personal Data. There are some exemptions or cases in which we cannot fulfill this request, for example, if the identity of the requestor cannot be verified, if the request is manifestly unfounded or excessive, if we have properly disposed of the Personal Data at the end of its retention period, if your Personal Data includes someone else’s Personal Data and redaction is not possible, and if a law provides another exception.
- Right to Request Correction. You always have the right to ask us to correct, update, or complete the Personal Data we are processing about you.
- Right to Request Destruction. This right allows you, under certain circumstances, to request that we delete your Personal Data.
- Right to Object. You have the right to object to the use of your Personal Data for direct marketing purposes.
- Right to Withdraw Consent. If we processed your Personal Data solely on the basis of consent, you have the right to revoke this consent at any time. Revoking consent, however, does not affect the lawfulness of the processing carried out up until this point.
- Right to Data Portability. In certain circumstances, you can ask to receive the Personal Data you provided us within a structured, common, and machine-readable format, or for us to transfer it to another Controller.
- Right to Request Restrictions on Processing. In certain circumstances, you may request the limitation of the processing of your Personal Data in the form of (i) suspension of processing, or (ii) limitation of the scope of processing to certain categories of Personal Data or purposes of processing.
- Right to Contest Automated Decision-Making. In certain circumstances, you have the right to be given an opportunity to express your views and contest a decision based solely on automated processing, including profiling, that significantly affects you.
- Right to Lodge a Complaint. If you feel our processing of your Personal Data violates the law, you have the right to lodge a complaint with the appropriate governmental regulatory authority.
Your exercise of the above rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged.
The response to requests should be provided within a maximum of 30 days (unless it is a particularly complex request).
Contact Information for KAUST’s DPO
You can exercise your rights very easily by reaching out to our DPO using the following contact details:
E-mail: [email protected]
Address: 4700 KAUST, Thuwal 23955-6900, Kingdom of Saudi Arabia
Disclosures Required by Law or for Health or Safety
Consistent with the Personal Data Protection Law, KAUST may disclose personal data if: (a) requested to do so by a governmental entity (i) for security purposes, (ii) to implement a law, or (ii) to meet judicial requirements; (b) disclosure is necessary to protect public health or safety, including to prevent a crime or protect national security; or (c) disclosure is necessary to protect the life or health of one or more individual(s).
Changes to Our Privacy Notices
KAUST reserves the right to modify its Privacy Notices from time to time, and such modification shall be effective upon posting by KAUST on this website. If KAUST makes any material changes to the way your personal data will be used under its Privacy Notices, you will be notified of such changes and given the opportunity to object to such new or different use. Such modifications will be denoted by the “last updated” notice at the top of the applicable page. Please check the Privacy Notices periodically for updates or changes.