Privacy and Policy

The National Council for Occupational Safety and Health is committed to protecting the confidentiality of your information and personal data when you use the Council’s platform or any of its digital services. No personal data is collected unless you voluntarily provide it through official channels such as the online portal, mobile application, surveys, or registration forms.

The Council affirms its commitment to safeguarding your data, storing it securely, restricting access to authorized and qualified personnel only, and refraining from sharing it with any unauthorized party in accordance with applicable regulations. The Council also commits to publishing its Privacy Policy on its official platforms to enable users to understand how their data is collected, stored, and accessed.

For general inquiries, you may contact the National Council for Occupational Safety and Health using the contact information provided below:

The Council collects various types of data when you use the platform, such as:

•  Personal data (full name, national ID or residency number, date of birth, age, gender, nationality).
• Contact information (mobile number, email address).
• Professional data (job title, employer).
• Cookies
• Geolocation data

This data is collected for the purpose of providing services related to user inquiries, suggestions, or complaints, verifying their authenticity, and carrying out necessary investigations and regulatory procedures.

The Council collects personal data provided directly by the user through electronic forms, which clearly indicate whether the requested information is mandatory or optional. Personal data may also be collected indirectly through cookie technologies, system integrations with other entities, and in cases where processing requests related to the personal data owner is required, in accordance with applicable laws and related regulations.

Personal data collected from the user—whether directly or indirectly—is processed to perform the duties and responsibilities assigned to the Council and in a manner that fulfills the purposes specified in this policy. Personal data will only be processed by authorized personnel, according to their roles and in line with the approved policies governing such processing. Failure to collect the user’s personal data may affect their ability to benefit from the services offered by the Council.

The Council adheres to the data-sharing policies and regulations issued by the competent authorities. Personal data is not shared with any external party except in accordance with the disclosure cases specified in the Personal Data Protection Law and its implementing regulations, whether by obtaining the user’s prior consent or by disclosing data for purposes and situations defined by law.

Personal data is securely stored within the geographic boundaries of the Kingdom to ensure the preservation of the digital national sovereignty of such data. The Council follows best standards and practices to ensure data security and protection. It also complies with national regulations relating to the disposal of personal data once the purpose for which it was collected no longer exists, or by archiving it for the required retention period in a secure manner that prevents misuse or unauthorized access.

Under the Personal Data Protection Law, the personal data owner has the following rights:

• Right to Be Informed: The data owner has the right to understand how their data is collected, the legal basis for its collection and processing, how it will be processed, stored, and destroyed, and with whom it may be shared. All details are available in this Privacy Policy or through the designated email.
• Right to Access Personal Data: The data owner may request a copy of their personal data through the email specified in this policy.
• Right to Correct Personal Data: The data owner may request correction of personal data they believe to be inaccurate, incorrect, or incomplete through the email provided. The data will be reviewed, corrected, and the data owner will be notified accordingly.
• Right to Delete Personal Data: The data owner may request deletion of their personal data under certain circumstances, unless a legal provision requires its retention for a specific period or contractual obligations apply.
• Right to Withdraw Consent: The data owner may withdraw their consent to the processing of their personal data at any time, unless there are legitimate purposes that require otherwise.

This Privacy Policy applies solely to the National Council for Occupational Safety and Health’s Website. If you navigate to external links, you should review the privacy policy of the respective website to understand its information security practices and privacy standards.

Your use of the National Council for Occupational Safety and Health’s Website constitutes your acceptance of this Privacy Policy and the terms and conditions governing it.

For more information about the related policies and laws referred to in this policy, you may use any of following links:

•  Policies issued by the National Data Management Office
• Controls issued by the National Data Management Office
• Controls issued by Cybersecurity Authority