- We may collect, depending on your use of the site, information about users “Personal Data”. The entity responsible for your Personal Data is Diriyah Gate Development Authority.
- Diriyah Gate Development Authority is a Saudi Arabian government entity registered pursuant to a Royal Order established in the Kingdom of Saudi Arabia.
- Diriyah Gate Development Authority, and our affiliates and branch offices (also referred to as "we" and "us"), take our data protection and privacy responsibilities seriously.
4. THIRD PARTY WEBSITES
- We may also, from time to time, partner with advertising networks and other online advertising providers in order to deliver advertisements on our behalf or on behalf of other non-afﬁliated parties on our websites and across the Internet. These advertisements may be presented to you based on products and services the advertising providers think are relevant to your interests. These preferences may be inferred based on information collected about your browsing behavior on our websites and other non-afﬁliated sites and apps across time.
- The information posted by you on public areas of Diriyah Gate Development Authority Websites or elsewhere on the internet may be seen and used by anyone including Diriyah Gate Development Authority. Please therefore be cautious before posting such information.
5. WHAT PERSONAL DATA WE COLLECT AND WHEN AND WHY WE USE IT
What is Personal Data
Purchasing tickets or other Diriyah Gate Development Authority products
- If you use the Diriyah Gate Development Authority Websites to purchase tickets, Diriyah Gate Development Authority merchandise etc., we will collect and use information about you as necessary to manage the purchase. This may include Personal Data such as your name, date of birth, address, contact information (such as phone number and e-mail address), billing information, as well as information collected about your navigation patterns on our websites. We may also seek to collect from you special categories of information in order to enhance your purchase and visitor experience. These special categories of information may include details such as whether you use a wheelchair and whether you have any food preferences or dietary requirements.
- Legal basis: Contract Performance, Legitimate Interests (to enable us to operate our business and perform our obligations). Where this includes special categories of information, we rely on Explicit Consent.
Customer Support and online services
- If you contact us by way of email, live chat, message boards or any other facility made available by Diriyah Gate Development Authority with a query or comment about any of our services or products, we will need to collect information about you (including your contact details) to help us respond to your query or request or provide our services to you. We may do this when you call our customer support center, or interact with us through our online support tools. This information may include identification data (such as your name, date of birth, gender, nationality etc.), contact details (such as email address and telephone number) and other information.
- We may also keep a record of any communications we have with you (including a recording of any calls you make). We do this to help monitor and improve the quality of our customer support services, to make and defend legal claims, and to comply with legal obligations to which we are subject. If you do not wish to have your calls recorded, please disconnect and contact us as follows: firstname.lastname@example.org.
- Legal basis: Contract Performance, Legitimate Interests (to enable us to provide our services and support), Legal Obligations (where applicable).
Creating registered accounts on Diriyah Gate Development Authority Websites
- There are a number of sections of the Diriyah Gate Development Authority Websites which we require you to register for in order to be able to make full use of the services available under them.
- If you register with us to create a Diriyah Gate Development Authority Websites account, we may process your Personal Data to manage your access to certain parts of Diriyah Gate Development Authority Websites and, if applicable, allow you to make certain purchases (such as tickets and merchandise) or receive certain services.
- If you register with us to create a Diriyah Gate Development Authority Websites account, the Personal Data we will collect from you may include identification data (such as your name, age, gender and country of residence), contact details (such as your email address, phone number and address), and may also include professional information about you and your photo. If you choose to register an account with us by using a third party app (such as Facebook or Twitter), you will be presented with a dialogue box which will ask your permission to allow Diriyah Gate Development Authority to access your Personal Data from that third party app (e.g. your full name, date of birth, email address and any other information you have made publicly accessible). Please note that any information that is not required will not be retained by Diriyah Gate Development Authority.
- If you create an account with us, we may use your Personal Data to verify your identity when using the Diriyah Gate Development Authority Websites. We may also use your contact details to send you transactional and other non-marketing email messages pertaining to your account and provide certain other account maintenance services to facilitate your transactions with Diriyah Gate Development Authority and/or your use of the services we offer on Diriyah Gate Development Authority Websites.
- Legal basis: Contract Performance, Legitimate Interests (to enable us to provide and manage your account and perform our obligations), Legal Obligations (where applicable).
To provide you with marketing communications
- Subject to your marketing preferences. we may use your Personal Data to market and promote our own and selected business partners’ products and services to you by post, email, SMS, social, media, phone and fax including:
- where you would like us to keep you informed about latest news and developments at Diriyah Gate Development Authority through our newsletter or other means;
- to offer you the opportunity to download digital souvenirs following your visit to Diriyah Gate Development Authority (if applicable); and
- from time to time we hold events and special promotions to introduce Diriyah Gate Development Authority to interested parties. If you come to one of these events, or take part in a promotion, we may ask for your personal details to help us run the promotion and keep in touch with you about our services and any special offers or competitions that we think may be of interest.
- For more information about direct marketing, please see section 8 below.
- Legal basis: Consent unless we can rely on Legitimate Interest (to keep you updated with news in relation to our products and services).
Participation in Diriyah Gate Development Authority as a volunteer
- If you use Diriyah Gate Development Authority Websites to apply to become a volunteer, we will collect and use information about you as necessary to manage the application process and, if successful, your participation in the volunteering program. This may include communicating information with you which we deem to be of relevance to your participation in Diriyah Gate Development Authority. The Personal Data we collect from you may include your name, date of birth, address, nationality, next of kin details, identification information (such as your Saudi or Iqama ID number or any other recognizable identification document), contact details (such as phone number and e-mail address), information about your health (such as whether or not you have a disability and dietary requirements), biometric information, employment and education history and third party data about you, for example, your Twitter, Facebook or other social media profiles.
- Legal basis: Contract Performance, Legitimate Interests (to enable us to evaluate your volunteer application). Where this includes special categories of information, we rely on Explicit Consent.
Participation in Diriyah Gate Development Authority
- If you contact us with a view to becoming a business partner of Diriyah Gate Development Authority or to attend Diriyah Gate Development Authority in a business capacity, we will need to collect information about your business, which may include Personal Data (for example, your contact details) to help us respond to your query or request. We may do this when you call us, or interact with us through our online support tools. The information we collect may include for example your name, date of birth, address, email, telephone number, your photograph, passport details, visa details (if applicable), bank account details.
- Legal basis: Legitimate Interests (to enable us to evaluate your business partner application).
In connection with legal or regulatory obligations
- We may process your Personal Data to prevent fraud, protect DGDA’s business, comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your Personal Data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.
- Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
- Legal basis: Legal Obligations, Legitimate Interests (to cooperate with law enforcement and regulatory authorities). Where this includes special categories of personal information, we rely on Substantial Public Interest (prevention or detection of crime), Legal Claims, or very rarely where necessary, Explicit Consent.
- Sometimes we will require you to provide additional Personal Data. When we do this, we will provide further information about why we are collecting it and how we will use it. Where we provide personalized content, we may ask your permission (and we therefore rely on Consent as our lawful basis) to review third party data about you, for example, your social media information to get to know you better and to provide more effective personalization.
Automatic Collection for the purpose of analytics, research and improvement
- Developing the design and style of our products and services to make improvements;
- Carrying out statistical, technical and logistical analysis and strategic development;
- Carrying out market research;
- Understanding more about you such as your location and demographic information;
- Providing you with personalized services, such as recommendations on our websites, apps and in direct marketing and tailored advertising; and
- If you purchase a ticket from us, to help you to create personalized pathways through the Diriyah Gate Development Authority site on the basis of your preferences which we will have ascertained from your navigation of Diriyah Gate Development Authority Websites and, once you are on the Diriyah Gate Development Authority site, through location tracking carried out through our mobile application.
- Diriyah Gate Development Authority Websites collect information about how you use our content online, and the device(s) you use to access the site. This includes collecting unique online identiﬁers such as IP addresses, which are numbers that can uniquely identify a speciﬁc computer or another network device on the internet. See section 11 for more information.
- Legal basis: Consent unless we can rely on Legitimate Interest (to keep you updated with news in relation to our products and services and to enable us to analyze how you interact with our communications).
To reorganize or make changes to our business
- In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organization, we may need to transfer some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analyzing any proposed sale or re-organization.
- Legal basis: Legitimate Interests (in order to allow us to change our business).
6. LEGAL BASIS FOR USING YOUR DATA
- A description of the legal basis used to process Personal Data referred to in section 5 above is set out below:
- Contract Performance: where we need to use your Personal Data to perform a contract or take steps to enter into a contract with you;
- Legitimate Interests: where we use Personal Data to fulfil our legitimate interests as an organization (or those of any third party) and these outweigh any prejudices to your data protection rights.,
- Legal Obligations: where we need to use your Personal Data to comply with a relevant legal or regulatory obligation that we have; and
- A description of the legal basis used to process special categories of personal information referred to in section 5 above is set out below:
- Legal Claims: where we are required to process the Personal Data for us to establish, defend, prosecute or make a claim against you, us or a third party;
- Substantial Public Interest: the processing is necessary for reasons of substantial public interest, on the basis of applicable law;
- If you would like to find out more about the legal bases upon which we process Personal Data please contact us.
7. HOW WE SHARE INFORMATION WITH OTHERS
- We work closely with a number of trusted partners with whom we may need to share your Personal Data for the purposes (and in accordance with the corresponding lawful bases) set out at section 5 above, including:
- our affiliates and advisors;
- banks and payment providers, to authorize and complete payments;
- international participants, to help manage access to their pavilions and for analytics purposes, if you sign up for fast pass entry into pavilions;
- third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents; and
- business partners.
- Where permitted to do so, we may share your Personal Data with our partners who may send you marketing and promotional information.
- From time to time we may share information about you with government organizations and agencies, including international organizations, to comply with applicable laws, regulations and rules, and legitimate requests from law enforcement, regulatory and other governmental or international agencies, or when to do so is in our legitimate interests, even if we are not compelled to share that information by applicable law.
8. MORE ABOUT DIRECT MARKETING, PROFILING AND AUTOMATED DECISION MAKING
- Direct marketing
- We are committed to keeping you informed about Diriyah Gate Development Authority and our products and services in line with your personal preferences.
- We will usually send this by email but, depending on your preferences, we may contact you in other ways for example by phone, post, SMS, social media and/or other electronic means if that is more appropriate.
- Managing your marketing preferences
- To protect privacy rights and to ensure you have control over how we manage marketing with you:
- where required by applicable data protection law, we will only send you marketing communications if you have provided your consent;
- we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- to stop receiving marketing material from us, you can click the "unsubscribe" link that you will find on any electronic communications which you receive from us, or, for other types of communications, by contacting us as per the details set out at section 16 below; and
- you can change the way your browser or device manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in the "Cookies" section (section 11) below.
- We recommend you routinely review the privacy policies and preference settings that are available to you on any social media platforms.
- More about profiling and analytics
- In order to assist us in conducting our processing purposes, we may apply profiles to you based on your Personal Data, including the Personal Data you have provided to us; behavioral information (such as pages on our website or app that you have interacted with); demographic data; and Personal Data that we have legitimately obtained from third parties or public sources. Such profiles may be used as part of the processing purposes of enhancing and improving our services, tailoring content to you, personalizing your experience and for our research and development purposes.
9. TRANSFERRING PERSONAL DATA INTERNATIONALLY
- You can contact us for more information about the safeguards we have put in place to ensure the adequate protection of your Personal Data when this is transferred as mentioned above.
10. HOW WE PROTECT AND STORE YOUR INFORMATION
- How we protect your information
- We take all reasonable and appropriate steps to protect your Personal Data but cannot guarantee the security of any data you disclose to us.
- Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorised access to your device.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our websites/mobile apps, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.
- Storing your Personal Data
- In some circumstances we may need to store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, reporting, regulatory, tax, accounting requirements, or in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. Should you require information about how we retain particular information you can contact us as per the details set out at section 16 below.
- Where your information is no longer required, we will ensure it is disposed of or anonymized in a safe manner.
- Our policy on "cookies"
- A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect Personal Data about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make Diriyah Gate Development Authority Websites more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.
- Cookies will be deployed on your device when you visit Diriyah Gate Development Authority Websites unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings.
- Only the issuer of the cookie concerned may read or modify the information contained therein.
- Cookies deposited by a third party on Diriyah Gate Development Authority Websites
- Our websites may contain cookies issued by third parties (e.g. communication agency, audience measurement company, targeted advertising provider, etc.) allowing them, during the validity period of their cookies:
- To collect browsing information about browsers browsing our websites; and
- To determine the advertising content that may correspond to your interests; and
- To send you targeted advertising, in view of your browsing history collected by the third party.
- At any time, you can prevent the collection of information about you via these third-party cookies, by clicking on the corresponding links (see section 11.3 below).
- You are always free to decline our cookies if your browser permits, however, if you choose to turn off cookies, you may not have access to many features that optimize your browsing of our Site, and some of our services may not function properly. You may at any time delete any cookies set by using the relevant option of your Internet browser or by deleting the cookies on your hard drive. The site www.allaboutcookies.org includes instructions for managing cookies on many commonly used Internet browsers, or you may consult the vendor documentation for your specific software.
12. YOUR RIGHTS
- We will use reasonable endeavours to ensure that your Personal Data is accurate. In order to assist us with this, you should notify us of any changes to the Personal Data that you have provided to us by contacting us using the contact details set out at section 16 below.
- In order to exercise such rights, you should contact us using the contact details set out at section 16 below. We will check your entitlement and respond in most cases within a month.
- By way of example, where you are located in the EEA or the UK, you may have the following rights (in certain circumstances);
- updating Personal Data as per section 12.1 above;
- requiring us to delete Personal Data (which we no longer have a lawful basis to use);
- being provided with a copy of Personal Data that you have provided to us;
- requesting that we stop using Personal Data (usually where the processing is based on consent);
- opting-out of marketing communications a per section 8 above;
- requesting that we transmit Personal Data we hold to a third party electronically;
- restricting how Personal Data is used whilst a complaint is being investigated; and
- contacting your local data protection regulator if you are not satisfied with our use of your Personal Data or response to the exercise of your rights. A list of the EEA data protection regulators can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
- For California residents,
- DGDA has not disclosed and/or sold personal information to third parties for a business or commercial purpose in the preceding 12 months. DGDA does not sell the personal information of minors under 16 years of age without affirmative authorization. If you wish to change personally identifiable information that you have provided DGDA, please Contact Us.
- Your California Privacy Rights. You have the right to request that DGDA disclose to you what information it collects, uses, discloses, and sells. You also have the right to request that a business delete any personal information about you which the business has collected about you. To submit either of the above requests, you may call us at 92 000 2622. You may also submit via email at email@example.com. You may also submit via web portal at https://www.dgda.gov.sa. Please note for your protection, any request sent to DGDA to delete your personal information will be subject a verification procedure. You have the right to direct DGDA to not sell your information. To exercise this right to opt-out of the sale of personal information, please email at firstname.lastname@example.org. DGDA shall not discriminate against you for exercising any of your above rights. You may designate an authorized agent to make a request to exercise your rights on your behalf. For your protection, we reserve the right to deny any request from an agent who does not submit proof that they have been authorized to act on your behalf. DGDA has no actual knowledge that it sells personal information of minors under age 16.]
- [California’s ‘Shine the Light’ Law. For California residents, under California’s “Shine the Light” law, a California resident with whom DGDA has an established relationship has the right to request information about DGDA’s disclosure of personal information to affiliated companies or third parties for their direct marketing purposes, within the immediately preceding calendar year, subject to certain exceptions. To exercise this right, please contact us by writing to us at email@example.com.
13. INFORMATION ABOUT YOUR DEPENDENTS AND RELATED PERSONS
14. COLLECTION OF DATA FROM MINORS
15. Limitation of Liability
16. ADDITIONAL RIGHTS
17. CONTACT US
- We will investigate and will attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible, in any event, within the timescales provided by applicable data protection laws.
- In some countries, you may have a right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before referring to your local supervisory authority.