27 February 2026

Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy:

The oversight and Anti-Corruption Authority recognizes the importance of privacy and the protection of personal data, and is committed to maintaining the confidentiality of such data. This policy is designed to help data subjects understand the nature of the data the Authority collects, how it is handled, the purpose for its collection, and the rights of data subjects. By using the Authority's website or providing personal data through any of the communication channels provided by the Authority, the data subject explicitly and unconditionally agrees to this privacy policy and the rules and regulations contained herein.

Personal Data Collected:

When a data subject fills out any form or provides the Authority with any information and submits it via the browser, or communicates with the Authority via phone, email, or social media channels, the data is stored on the Authority servers. The personal data collected includes names, identification numbers, addresses, contact numbers, and all data exchanged through communication between the data subject and the Authority, such as reports, inquiries, observations, and complaints. Additionally, data from cookies, such as information collected through website logs, cookies, or similar technologies, and the data subject’s IP address, are collected. Registered users on the Authority's website are responsible for maintaining the confidentiality of their username and password, and bear full responsibility for any activities conducted under their username. The Authroity is not responsible for any loss, alteration, or damage to users’ data arising from unauthorized access to user data stored by the Authority. The Authority is also not liable under any circumstances for any direct, indirect, incidental, consequential, special, or exceptional damages arising from the use or inability to use its website. The Authority may share necessary personal data with other entities or departments in order to serve the data subject more effectively. The Authority will not share personal data with non-governmental entities except for authorized entities that are permitted by relevant authorities to perform specific government services.

How Personal Data is Collected:

Personal data is collected as soon as the data subject visits the Authority website. The Authority's server logs the data subject’s Internet Protocol (IP) address, the date and time of the visit, and the URL of any website that referred the data subject to the Authority's website. Data is also collected directly via information provided through the communication channels provided by the Authority, such as in-person visits or phone calls.

Purpose of Data Collection and Use:

The purpose of collecting personal data through the Authority's website or other communication channels includes several objectives, such as:

  • Enabling the Authority to perform its duties in dealing with data subjects.
  • Handling reports submitted to the Authority and ensuring the completion of related data.
  • Achieving the primary purpose for which the user provided the information, such as submitting a report or responding to comments, inquiries, or complaints.
  • Allowing the data subject to access the services provided by the Authority and perform necessary procedures.
  • Analyzing and researching the data to diagnose issues and generate statistical reports that help improve the user experience.
  • Monitoring the use of the website to detect security threats and attacks that may harm the website or other communication channels of the Authority.

This is in compliance with the restrictions specified in Article 9 of the Personal Data Protection Law.

Legal Basis for Data Collection and Processing:

In accordance with the laws and regulations issued regarding the protection of personal data, the Authority collects and processes personal data based on the explicit consent of the data subject, for public interest, or when processing is required by another law, or in the execution of a prior agreement in which the data subject is a party. Data processing may also be necessary for security purposes or to meet judicial requirements or when processing is necessary to achieve the legitimate interests of the Authority.

Rights of Data Subjects:

The data subject has several rights concerning the collection and processing of their data, in compliance to the restrictions set forth in the Personal Data Protection Law. These rights include:

  • The right to be informed, which includes being informed of the legal basis for collecting their personal data and the purpose of its collection.
  • The right to access their personal data held by the Authority, without prejudice to the provisions of Article 9 of the Personal Data Protection Law.
  • The right to request the correction, completion, or updating of their personal data held by the Authority.
  • The right to request the deletion of their personal data held by the Authority when it is no longer needed, without prejudice to the provisions of Article 18 of the Personal Data Protection Law.

This can be done through the available communication channels of the Authority.

Rights of the Authority:

The terms of use of the e-portal of the Oversight and Anti-Corruption Authority and all associated websites and subdomains apply to all visitors and users of the portal. The authority may suspend, prevent, or terminate access to the portal for any user in case of any violation or breach of the terms and conditions of use. The rights of the Authority can be clarified by requiring users to refrain from the following actions:


1. Using this website in a manner that causes or may cause a violation of the rights of the Oversight and Anti-Corruption Authority and/or any third party.
2. Sending, transmitting, or publishing any information that is or may be harmful, immoral, malicious, or illegal.
3. Attempting to interfere with the operation or functionality of the site, including using any software, procedure, or device to interfere with the website.
4. Providing or uploading files to the e-portal that contain viruses or corrupted data.
5. Taking any action that results in excessive or unreasonable load on the website’s infrastructure.
6. Accessing data that is not intended for the user or visitor, or accessing servers or accounts that the user is not authorized to access.
7. Unauthorized access to the website, whether by using a false password, impersonating another user, or attempting to act on behalf of someone else, or otherwise.
8. Attempting to conduct tests, scans, or checks for vulnerabilities in any of the systems or websites of the Oversight and Anti-Corruption Authority.
9. Sending spam emails to the website, including advertising or promoting products or services.
10. Using the e-portal of the Oversight and Anti-Corruption Authority in any way to send emails, or any matters on its behalf, or by referencing it, or impersonating its name or identity, in a manner that involves defamation or disparagement of the Authority, its websites, any person, or the dissemination of false news or information attributed to the Authority without authorization.
11. Violating the terms of use of the website in any other form.

Personal Data Storage and Disposal:

The Authority stores and processes the personal data of website users securely within the Kingdom using appropriate security technologies to ensure the confidentiality of personal data and the protection of the privacy of its owners. The Authority does not retain personal data unless it is necessary for legal reasons, such as for judicial requirements or security procedures. The Authority commits to disposing of the personal data once the purpose of its collection has been fulfilled, except in cases specified in applicable regulations, laws, decisions, and policies in the Kingdom.

Amendments to the Privacy Policy of the Authority:

The Authority reserves the right to update and modify its privacy and data protection policy from time to time as needed, without the obligation to provide prior notice.