Introduction
Aseer Development Authority was established by Royal Decree No. 27719, dated 10/06/1439 AH. The Authority is organizationally linked to the Council of Ministers in accordance with the provisions of Article 3 of the Regulation of Regional and Cities Development Authorities issued by Cabinet Resolution No. 475, dated 07/05/1439 AH.
Aseer Region Development Authority is concerned with achieving integrated regional development and ensuring effective coordination between development agencies to make Aseer a leading global tourist destination throughout the year. The Aseer Region Development Authority website is a website managed by the Authority and you can contact us through the available channels below:
Contact Information
You can contact the Authority through:
Name of the relevant department/team:
Data Management Office
Phone number:
+966 17 238 9666
Address:
Abha, Aseer 62512
Date of last update
The privacy policy was last updated on 01/15/2025
What personal data is collected, how it is collected and what is its purpose
The Authority collects and processes a number of personal data directly or indirectly from you according to the following:
First/ Personal data collected and how it is collected:
1. Identity data: Full name, username or similar identifier, date of birth, gender, identification number (such as passport number, national identification number or residence number), and other specific identity data that the Authority may need.
2. Contact data: Spatial addresses, email address and phone numbers.
3. Geospatial and geographical data: This means, but is not limited to – the time zone such as the country of the data subject and the city in which he lives, and the longitude and latitude of the endowment assets, And any relevant and related data that the Authority needs.
4. Technical data: Include, but are not limited to – Internet Protocol (IP) address, beneficiaries’ login data, browser type and settings, types and versions of browser add-ons, information collected through cookies when visiting the site ((Cookies, operating system, operating platform, crash reports, system activity, request history URL and other related technologies used by beneficiaries to access the site, or the Authority’s means and other official channels.
Secondly/ Purpose of collecting personal data:
The process of collecting user/beneficiary personal data through the Authority’s website or any other means through which the Authority deals aims for several regulatory purposes, which are:
1. Dealing with complaints and inquiries regarding the transactions and services provided and practiced by the Authority.
2. When submitting any external report outside the Authority to a specific party In the capacity of the Authority or any service provided by the Authority to those it deals with without affecting the rights and interests of the owner of personal data, the Authority guarantees the concealment of identities
3. Regular and periodic updating of protection procedures and controls that meet or exceed standard criteria
4. Strict procedures and measures to protect the security of information and technology it uses to prevent fraud and unauthorized entry into our systems
5. Monitoring and detecting potential violations and abuses when using the website or any of the official means and channels affiliated with the Authority
How do we disclose personal data?
We will not disclose any personal data to any other party for any purpose.
Or in the event of participation in the disclosure of any personal data with any other party, it will be dealt with in accordance with contractual obligations and the goal is to improve the service provided to beneficiaries, and it will be limited to the minimum.
Regulatory justification for collecting and processing personal data
The Authority will collect and process your data in accordance with the Personal Data Protection Law in the Kingdom. The regulatory justification we rely on to process this data is:
- Your explicit consent, and you can withdraw your consent at any time, provided that it does not affect the processing operations carried out based on other regulatory justifications. To do so, you can contact the data management office at the entity, as shown below.
- If the processing is necessary to achieve the interest of the Authority by virtue of the Cabinet’s decision to organize authorities and cities.
- In the event that the processing achieves a specific interest for you and it is impossible or difficult to contact you.
How do we store and destroy personal data?
Your personal data is stored securely within the Kingdom at the Authority’s headquarters or with a cloud computing service provider. These servers are protected with the best technologies in accordance with the policies and controls of the National Cybersecurity Authority and international standards to ensure that there is no unauthorized access and to reduce cyber risks. The Authority does not retain personal data unless it is necessary according to regulatory justifications. The Authority is also committed to destroying personal data if the owner of the personal data requests it, and if the purpose for which it was collected no longer exists, or the Authority learns that the personal data is being processed in an irregular manner, it will take the necessary measures that result from that.
Rights of personal data owners
Under the Personal Data Protection Law, you have the following rights, which depend mainly on the purpose of collecting and processing personal data:
1. Right to know: The owner of the personal data has the right to know the methods of collecting personal data and the legal justification for collecting and processing it, how it is processed, stored and destroyed and to whom it will be disclosed. You can view all the details through the privacy policy or you can contact us on the data shown below.
2. Right to access personal data: The owner of the personal data has the right to access his data by submitting an access request, taking into account that the legal justification is either approval, the legitimate interest of the Authority, or the implementation of an agreement The personal data owner is a party to it, with emphasis on not harming the rights of others from exercising this right, such as intellectual property rights or trade secrets.
3. The right to request access to personal data: The personal data owner has the right to submit a request to access his data, taking into account that the legal justification is either approval, the legitimate interest of the Authority, or the implementation of an agreement to which the personal data owner is a party. The personal data is provided to its owner in a commonly used electronic format, provided that it is readable and clear. The personal data owner may be provided with a printed copy whenever possible. With emphasis on not harming the rights of others from exercising this right, such as intellectual property rights or trade secrets.
4. The right to request correction of personal data: The personal data owner has the right to request correction of his data that he deems incomplete, inaccurate or incorrect, via e-mail. He will be notified via the same means within a period not exceeding 30 days from the date of the request. He also has the right to restrict the processing of his data for a period during which the accuracy of the data can be verified, provided that the restriction request does not conflict with the systems and regulations.
5. The right to request the destruction of personal data: The owner of personal data has the right to request the destruction of his personal data in specific circumstances, unless there is a regulatory text specifying the period of retention of personal data, or contractual requirements agreed to by the owner of personal data, provided that they do not negatively affect his rights or interests. The Authority automatically activates the right to destruction in the cases stipulated in the systems and regulations, such as its knowledge that personal data is being processed in a manner that violates the system.
6. The right to withdraw consent to the processing of personal data: The owner of personal data has the right to withdraw his consent to the processing and withdraw it at any time by notifying the Authority through the specified means of communication, including the Authority taking the necessary measures to stop the processing and request the destruction of personal data from those to whom it has been disclosed. In advance.
Acceptance of the Privacy Policy
You acknowledge that you have read this policy and agree to all its terms and conditions. Your use of the site means your acceptance of this policy and the terms and conditions that govern it.
For more details about processing your personal data, and how to exercise your rights, you can contact the Personal Data Protection Officer at the Authority, according to the contact details shown below:
Email: Data-Privacy@asda.gov.sa
Address: Abha, Aseer 62512
How to file a complaint or objection?
In case of complaints or inquiries related to the privacy policy or handling of personal data, contact the Personal Data Protection Officer via the following email: Data-Privacy@asda.gov.sa
If you are not satisfied with our handling of the complaint or if we do not respond within seven business days from the date of receipt of the complaint, you can submit a complaint to the competent authority, which is the Saudi Data and Artificial Intelligence Authority.
- Address of the Saudi Data and Artificial Intelligence Authority: Kingdom of Saudi Arabia, Riyadh
- Official website of the Authority: sdaia.gov.sa
- National Data Governance Platform: Dgp.sdaia.gov.sa
