Sign In

Privacy policy

​​​Last updated [15/09/2024]
The Institute of Public Administration (IPA) was established pursuant to Royal Decree No. (93) dated 24/10/1380 AH (corresponding to 10 April 1961), as an autonomous public institution with legal personality. Its mission is to enhance the competence of government employees, prepare them academically to shoulder their tasks, improve administrative performance, and contribute to the nation's economic development. IPA is also entrusted with contributing to the administrative structure of government entities, providing advisory services on administrative issues referred by ministries and government agencies, conducting research on administrative topics, and fostering cultural ties in the field of public administration.

IPA is committed to safeguarding the personal data of individuals who utilize its services and systems, ensuring their privacy through the implementation of administrative, security, and technical measures that fully comply with the regulatory and legal frameworks established by relevant authorities.

This Privacy Policy aims to provide beneficiaries with clear information about the nature and types of personal data collected through IPA’s various channels and platforms, the purposes for which such data is collected and processed, and the measures implemented to ensure its protection. Beneficiaries are encouraged to understand how their personal data is handled by IPA and to be aware of the rights granted to them under the applicable laws and regulations of the Kingdom of Saudi Arabia.

By accessing or using IPA’s services, you confirm your acknowledgement and acceptance of the terms and conditions outlined in this Privacy Policy, including any amendments made thereto. Beneficiaries are advised to regularly review this Privacy Policy to stay updated on any revisions.

For inquiries regarding this Privacy Policy, you may contact IPA through the following channels:
  • Responsible Department/Team: [Data Management Office – Personal Data Protection Officer]
  • Address: [Riyadh – Institute of Public Administration]
  • Phone Number: [8001248877]
  • Email: DPO@ipa.edu.sa
Definitions:
For the purposes of this Privacy Policy, the following terms shall have the meanings assigned thereto:
  • "You" or "Your": Refers to the individual utilizing IPA’s website or benefiting from its services through any recognized official channel.
  • "We," "Us," or "Our": Refers to the Institute of Public Administration (IPA).
  • "Website": Refers to the official website operated by IPA.
  • "Official Channels": Refers to IPA’s applications, social media platforms, paper-based interactions, or any other authorized methods used by IPA to handle personal data.
Personal data collected:
IPA collects personal data essential for delivering its services, which may include:
  • Basic beneficiary information: Such as name, ID number, date of birth, gender, contact information (phone numbers, email addresses, residential address), and website login credentials.
  • Payment details: Information collected for payment processing purposes.
  • Cookies: Information obtained through website logs, cookies, or similar technologies.
  • Status identification data: Information relating to beneficiaries’ use and interaction with IPA’s services.
  • Third-party data: Personal information provided to IPA by external entities.
Methods of Personal Data Collection:
The IPA collects personal data through both direct and indirect methods: ​Direct Methods:
  • Service access: When beneficiaries register via IPA’s official platforms to utilize its products or services.
  • Communication: When beneficiaries engage with IPA through its electronic communication systems.
  • Surveys: When beneficiaries participate in surveys, personal data may be collected for analytical and research purposes to improve IPA’s services and enhance user experience.
Indirect Methods:
  • Cookies: User information is regularly collected and stored to enhance the website's user interface and overall browsing experience, as well as to support the efficient development and management of the platform. This data collection facilitates improvements in retaining user preferences, such as browsing habits or login credentials.
    • Information gathered include the pages visited on the website, the user's Internet Protocol (IP) address, the geographic location of access, browser type and language settings, timestamps for requests, and the search strategies employed within the site's search engines.
    • Cookies data will neither be shared with third parties nor utilized for purposes beyond those outlined in the Privacy Policy, except in cases where a valid legal request requires otherwise.
  • Information shared by the beneficiaries during their use of smartphone applications developed by the IPA.
  • Personal data obtained from external entities or third parties duly authorized to act on behalf of the individual to whom the data pertains.
  • Technological integration and collaborative efforts undertaken with other government entities.
Purpose of Collecting Personal Data:
The collection of personal data, whether through direct or indirect means, is undertaken to achieve the following objectives:
  • To facilitate the provision of services offered by the IPA and ensure compliance with its operational mandates.
  • To effectively address inquiries from beneficiaries and resolve complaints pertaining to the IPA services.
  • To continually enhance service quality and operational efficiency, improve user experience, and maintain high standards of service delivery.
  • To ensure the security and integrity of the IPA information and services by employing advanced technological tools aimed at preventing fraud and unauthorized system access.
  • To conduct data analysis, produce statistical evaluations, and enhance internal reporting.
  • To disseminate awareness or promotional materials to beneficiaries, which may be discontinued upon request by the data subject. Such requests can be made by contacting the IPA through the communication channels outlined in this policy.
Legal Basis for Data Collection and Processing:
In accordance with the stipulations of the Personal Data Protection Law, the legal foundations upon which we rely to collect and process your personal data includes the following:
  • Your Explicit Consent: You shall have the right to withdraw consent concerning the processing of your personal data at any time, subject to exceptions outlined in applicable legal and regulatory provisions. To exercise this right, you may reach out to us through the designated communication channels specified in this policy. It is noteworthy that, under certain conditions, the IPA is authorized to process your personal data without requiring your explicit consent, as permitted under Article 6 of the Personal Data Protection Law.
  • Advancing the Public Interest: By working towards the enhancement and optimization of unified governmental procedures, provided such efforts adhere to the boundaries and stipulations articulated within applicable legal frameworks and regulatory provisions.
  • Attaining the Legitimate Interests of the IPA or the Individual: Contingent upon strict compliance with the stipulations outlined in the Personal Data Protection Law and its associated executive regulations.
  • Fulfilling the obligations stemming from a contractual agreement wherein the data subject is one of the parties involved.
  • Using the personal data that has been made accessible to the public or obtained from publicly available sources.
  • Ensuring the preservation of essential interests or providing protection from potential harm.
Utilization of Personal Data:
In accordance with applicable laws and regulations governing the protection of personal data, the IPA processes your personal information through its authorized websites, communication channels, and platforms. This processing is conducted with the objective of enhancing service quality and executing the IPA’s public obligations as per its legally mandated responsibilities. The IPA may integrate personal data and/or perform analytical assessments to tailor and provide services and content aligned with your specific needs. Furthermore, it reserves the right to retain your personal data within its records and to communicate with you using any channels deemed permissible under relevant legal provisions. To ensure the safeguarding of your personal data, the IPA may anonymize such information by adopting organizational, cybersecurity, and technical safeguards consistent with cutting-edge practices. These measures are implemented to mitigate potential risks associated with data processing. The IPA reiterates its commitment to adhering to the principles of lawful, ethical, and optimal utilization of your personal data.

Furthermore, the IPA applies strict measures to ensure full compliance with the provisions of the Personal Data Protection Law and its associated regulations. This adherence facilitates the implementation of the following fundamental principles of data protection:
  • Processing personal data in a lawful, fair, and transparent manner.
  • Restricting data processing to specified, explicit purposes while ensuring data minimization.
  • Updating data continuously to maintain the accuracy, relevance, and integrity.
  • Retaining personal data solely for as long as necessary and ensuring secure disposal upon the achievement of its intended purpose.
  • Storing data securely in a manner that upholds privacy, aligning with data governance and protection directives issued by the National Data Management Office, cybersecurity standards established by the National Cybersecurity Authority, and other applicable legislative and regulatory frameworks.
Sharing Your Personal Data:
We aim to adopt and uphold the fundamental principles of data sharing as outlined by the National Data Management Office. These principles include:
  1. Promoting data sharing culture.
  2. Adhering to “single-use” principle.
  3. Purpose legitimacy.
  4. Authorized access.
  5. Transparency.
  6. Shared accountability.
  7. Data security.
  8. Ethical use.
The following outlines the provisions concerning sharing your personal information:
  • Your personal information may be disclosed to governmental bodies or authorized non-governmental organizations executing governmental services for specific purposes. Such disclosure shall align with legal requisites or justified operational requirements designed to advance the public interest. It shall not infringe upon national security, institutional operations, individual privacy rights, or environmental safety, except in cases explicitly excluded by Royal Orders.
  • Disclosure of data may occur under circumstances necessitated by security concerns, law enforcement requirements, or compliance with judicial mandates.
  • Data may be disclosed when deemed necessary to safeguard public health or safety, or to preserve the life and well-being of individuals.
  • Disclosure of data shall be permissible to fulfill the legitimate interests of the IPA, provided that such actions do not infringe upon the rights or interests of the concerned data subject and exclude any processing or dissemination of sensitive personal data.
  • In instances where your personal data is shared, appropriate measures shall be taken to ensure that it is transmitted within a secure, reliable framework. This process adheres to the standards established by the Saudi Data and Artificial Intelligence Authority (SDAIA), the National Cybersecurity Authority, and other applicable legislative and regulatory provisions.
  • Additional protective measures shall be taken to ensure the safeguarding of data. These include strict adherence to data-sharing protocols and the establishment of formalized agreements with relevant entities, consistent with SDAIA guidelines and cybersecurity regulatory requirements.
  • It should be noted that the IPA shall bear no liability for the data protection practices implemented by external entities. You may review the privacy policies applicable to such third parties to fully understand their respective safeguards and terms governing data handling.
Methods of Personal Data Storage:
The processing and storage of your personal data are carried out in strict adherence to national data protection regulations, ensuring compliance with standards of digital sovereignty within the territorial jurisdiction of the Kingdom of Saudi Arabia. Measures are implemented to safeguard the security of personal information, including its systematic disposal and destruction, thereby preventing any form of loss, misuse, or unauthorized access, in accordance with applicable laws and regulations.
Your Legal Rights Regarding the Processing of Personal Data:
Pursuant to the Personal Data Protection Law, you are afforded specific rights in connection with the collection and processing of your personal data. These rights are subject to the intended purposes of data collection and processing activities:
  • Right to Information: This includes your right to be informed about the legal standards and intended purposes governing the collection and processing of your personal data.
  • Right of Access: You are entitled to request access to the personal data held by the IPA, provided such access complies with legitimate legal bases, including but not limited to consent, legitimate interests, or necessity arising from contractual obligations. Such access shall not infringe upon the rights of third parties, including but not limited to intellectual property rights or trade secrets.
  • Right to Obtain a Copy of Your Personal Data: You shall be entitled to request access to your personal data held by the IPA. Such requests can be made via the customer service form based on one of the following legal grounds: explicit consent from the data subject, the legitimate interest pursued by the IPA, or the fulfillment of a contract to which the data subject is a party. The requested data will be provided in a commonly used electronic format that is both clear and readable. Where feasible, a printed copy of the data may also be provided upon request. However, it must be ensured that the exercise of this right does not infringe upon the rights of third parties, such as those related to intellectual property or trade secrets.
  • Right to Rectification: You may request corrections or updates in instances where your personal data is inaccurate, incorrect, or incomplete. Such requests will be evaluated and acted upon within a maximum period of 30 business days, and additional supporting documentation may be required. Alternatively, you may request restrictions on processing while the accuracy of your data is being verified, subject to existing legal limitations.
  • Right to Deletion: You may ask for the deletion of your personal data held by the IPA unless its retention is mandated by legal or contractual obligations. Deletion requests will only be honored if they do not infringe upon your rights or interests.
  • Right to Withdraw Consent: At any stage, you may retract any previously granted consent, provided no overriding legitimate grounds necessitate the continued processing of your personal data. Any withdrawal of consent can be submitted through the designated communication channels. Upon receiving such a request, the Institute of Public Administration is obligated to take appropriate steps to terminate the processing of your personal data and ensure its deletion from any third parties with whom it was previously shared.
  • Right to File a Complaint: You may lodge a formal complaint with the relevant competent authority in cases of alleged non-compliance with applicable personal data protection laws or regulations.
  • Right to Compensation: You may claim compensation for any material or moral harm incurred due to violations of the law or its implementing regulations.
The exercise of these rights may be governed by certain exceptions or restrictions as stipulated by the applicable legal framework. Each submitted request shall undergo a case-by-case assessment to ensure compliance with the relevant limitations. This document sets forth the mechanisms for the execution of statutory rights related to the protection of personal data. It also includes instructions for reaching out to the Institute’s designated Personal Data Protection Officer via the specified communication channels provided herein.
Website Protection:
In accordance with the cybersecurity directives promulgated by the National Cybersecurity Authority and with the objective of safeguarding the integrity, availability, and confidentiality of information and services, the IPA carries out continuous monitoring of data traffic to and from its official website. Furthermore, essential security protocols are implemented to mitigate risks associated with unauthorized access, data tampering, service interruptions, or any potential threats to the digital infrastructure.

The IPA shall reserve the right to take all necessary measures to secure its information assets and technical systems. Additionally, it retains the authority to initiate legal proceedings against individuals or entities found in violation of these measures, in accordance with the Anti-Cybercrime Law and other relevant regulatory frameworks applicable within the Kingdom of Saudi Arabia.
Privacy Policy Updates:
The IPA has the right to amend or update the provisions of the Privacy Policy including its contents, at its sole discretion and without prior notification, except in cases of significant changes, where you will be duly informed. Accordingly, you are required to remain informed of any updates to this policy. Your continued use of this website or any other affiliated official platforms constitutes your consent and agreement to the terms outlined herein.
Final Provisions:
The Privacy Policy of the IPA is formulated in accordance with the stipulations of the Personal Data Protection Law and its executive regulations. Moreover, it is aligned with the data governance frameworks promulgated by the National Data Management Office and the cybersecurity standards established by the National Cybersecurity Authority concerning data protection. These regulatory frameworks collectively form the main principles governing the provisions, conditions, and various components enshrined within the Privacy Policy.
Submission Guidelines for Inquiries or Complaints Concerning the Privacy Policy:
For inquiries, complaints, or requests concerning your rights related to the processing of personal data or issues outlined in the Privacy Policy, you may reach out to the Personal Data Protection Officer at IPA through the designated email address (DPO@ipa.edu.sa ) Or you may contact the Data Management Office team at IPA by using the customer service form available for such purposes.

If you find the resolution to your complaint unsatisfactory, or if no response is provided within a period of thirty (30) days, you are entitled to escalate the issue by filing a formal grievance with the Saudi Data and Artificial Intelligence Authority. The Authority can be contacted via the following channels:

Address:
  • Kingdom of Saudi Arabia, Riyadh.
Website: