The purpose of the personal data protection policy is to maintain the confidentiality of personal information in a way to first ensure that the rights of individuals are preserved, secondly to regulate, process, share and organize the personal data, and thirdly to maintain digital national sovereignty over it, as well as to comply with national data governance policies and basic legislation for the protection of the rights and privacy of individuals with respect to their personal data, which is subject to a system of personal data protection. Definitely, the policy aims to comply with the relevant data management and governance, legislative and regulatory requirements, which is a legislative requirement in the National Data Management and Governance specification (No.DG.1.2) and Personal Data Protection (Version No. 1.5) issued by the Office of National Data Management.
The conditions of this policy apply to all control units processing, whether wholly or partially, personal data, as well as external entities processing the UNI's staff personal data via the Internet or any other means. However, the personal data that have been collected with the absence of its owner or have been processed to serve a different purpose or disclosed or even transferred abroad without the approval of the owner, would be excluded from the scope of this policy, as in the following cases:
1- If collecting or processing personal data is required to meet systemic requirements in accordance with the effective laws, regulations and policies of the Kingdom or to meet judicial requirements or to even perform an obligation under an agreement in which the Kingdom is a party.
2- If collecting or dealing with personal data is necessary for the protection of public health, safety or individuals' vital interests.