Sign In

ProjTitle.icon Privacy and Data Protection


 Privacy and Data Protection

The Public Consultation Platform (Istitlaa) is aware of the importance of your privacy and personal data; therefore, we commit to keeping all critical information and data of all Users safe, secure, and confidential.

The privacy policy and procedures of the Istitlaa is governed by the Personal data protection law (Royal Decree No. (M/19) dated 1443/2/9 AH), the Main Principles of Personal Information Protection and the Main Principles and General Rules for Sharing Data issued by the Saudi Data and Artificial Intelligence Authority (SDAIA) and National Data Management Office (NDMO).

The Personal Data Protection Law and its executive regulations set the legal basis for the protection of your rights regarding the processing of personal data by all entities in the Kingdom, as well as all entities outside the Kingdom that process personal data related to individuals residing in the Kingdom using any means, including online personal data processing.

The fundamental principles of our data protection policy include:    

  • - Accountability by the head of the entity (or his designee) for the Data Controller's privacy policies and procedures.
  • - Transparency through Privacy Notice indicating the purposes for which personal data is collected.
  • - Choice and Consent obtained through implicit or explicit approval regarding the collection, use and disclosure of personal data before collection.
  • - ​Limiting Data Collection to minimum data that enables fulfilment of purposes.
  • - Use, Retention and Destruction strictly for the purpose, retained as long as necessary to achieve intended purposes or as required by laws and regulations and destroyed safely, preventing leakage, loss, theft, misuse or unauthorized access.
  • - Access to data by which any Data Subject can review, update and correct their personal data.
  • - Data Disclosure Limitation approved by Data Subject restricts third parties to the purposes provided in Privacy Notice. 
  • - Data security by protecting personal data from leakage, damage, loss, theft, misuse, modification, or unauthorized access; according to the controls issued by the National Cybersecurity Authority and other relevant authorities.​
  • - Data quality after verification of its accuracy, completeness and timeliness.
  • - Monitoring and Compliance with Data Controller's privacy policies and procedures, and any privacy-related inquiries, complaints, and disputes.

The National Data Management and Personal Data Protection Standards cover 15 Data Management and Personal Data Protection domains. The Standards apply to all government data regardless of form or type, including paper records, emails, data stored in electronic form, voice recordings, videos, maps, photos, scripts, handwritten documents, or other recorded data. The application of the provisions of the Personal Data Protection Law and its executive regulations is without prejudice to the competencies and tasks of the National Cyber Security Authority as a competent security authority for cybersecurity and its affairs in the Kingdom.

Privacy policy​

​​​The National Competitiveness Center takes all the necessary measures and procedures that help to protect the user's data and prevent unauthorized access.

​This policy, along with the terms of use of the Public Consultation Platform and other documents referred to in these conditions, defines the law according to which the National Competitiveness Center will enable the public and government entities to participate and submit their feedback on draft laws presented on the platform. 

When you visit the platform, you accept and agree to the terms and conditions described in this Agreement.

1.      Who collects the user's data? 

When visiting the Public Consultation Platform, the platform's server automatically logs your Internet Protocol (IP) address. (Your IP address is the number of the computer you are using. Your IP address allows other devices connected to the internet to determine the data source. The IP address also allows to collect certain information such as browser and search engine type, date and time of your visit, and the URL of any website from which it directs you to the Public Consultation Platform, but without identifying you personally).​ 

2.      What information do we collect from users through our website?  

- You provide us with information; when you register to our site, fill out a form on the platform, or communicate with us by phone, email, when creating your user account on the platform or when reporting a problem about the platform. NCC also collects your information in connection with all your visits to the site. 

- ​NCC's platform may collect information about you automatically, such as: 

  • Technical information, including your IP address.
  • Information about your visit to the site, including the URL address.
  • Personal data received by the NCC from other sources by using any websites operated by the Center or using any of its services. 

3.      What is the purpose of collecting your data?  

The platform uses your data in one of the following ways: 

​Information you provide to us or that the platform collects about you might be used by NCC to:

  • Enable us to improve the platform and its services.
  • Research purposes.
  • Improving customer service (your information helps us respond to your customer service requests and support needs more effectively).
  • To monitor and detect violations of the NCC's Terms of Use and other possible violations when using the platform.
  • Maintain improved platform performance and the security of its software, systems, and network.
  • NCC may combine the data provided by you with the data collected by the platform and may use this combined data in the manner that it deems appropriate.
  • The platform uses cookies to distinguish you from other users of the website. Collecting data helps us provide you with a unique experience when you visit the platform and develop it. By continuing to browse the platform, you agree to the use of cookies by the NCC. 

4. User rights 

All users have the right to provide the platform with the following personal data:

  • - Access to data.
  • - Receiving data.
  • - Reviewing and amending data.
  • - Withdrawal of approval and deletion of data. 

5. Contact us

If you have any questions regarding our Privacy Policy, request assistance, or file a complaint, please contact us via:

  • - Phone: 199077
  • - Email:​​​


Terms Of Use


This agreement is concluded between the National Competitiveness Center, the "Center" or "NCC," and whoever uses the online Public Consultation Platform, the "user."

All terms are applied whether the user is registered or not, and with the user agreeing to the terms of the platform, its use, or access.

The user can access the platform and use it according to the terms described, and this preamble is considered part of this agreement. The terms and conditions are: 

Terms and Conditions ​

The Center "NCC" is not responsible, in any way for direct or indirect, special or general damages resulting from the use or inability to use this platform. By using the platform, the user agrees to: 

  • Using the platform includes accessing, browsing, or logging in to the platform.
  •  by accessing the platform, the user waives any complaints or claims resulting from its use.
  •   The Center is not responsible for any delay, poor quality of service, performance, or service interruption for any reason, and the user must drop any claim against the Center in this regard.
  •   The user undertakes not to misuse the platform and shall bear sole responsibility for any misuse.
  •  when a discrepancy appears in the information shown on the platform as a result of a defect, then the approved information is the data held by the Center.
  •  The user acknowledges that he/she is familiar with the laws, regulations, and procedures applied in the Kingdom of Saudi Arabia and undertakes not to violate them.
  •  The user agrees to access and use the platform for lawful purposes only and agrees not to use the platform to commit crimes or encourage others to engage in any conduct that may be considered a crime or involve civil or criminal liability.
  •  The user undertakes not to submit or post any illegal content that discriminates, defames, abuses, or slanders any individual or entity.
  •  The user undertakes not to use the platform to impersonate other persons or parties.
  •  The user undertakes not to use the platform to upload any material that contains programs with viruses, spyware, or any computer code, files, or programs that may change, damage, or impede the platform or any device or software belonging to any person who accesses the platform.
  •  The user undertakes not to upload, input, transmit or broadcast any material that it is not entitled to transmit under any law or contractual relationship.
  •  The user undertakes not to alter, destroy or delete any content on the platform.
  •  The user undertakes not to claim affiliation with or represent any governmental entity, company, association, a body without being legally authorized to represent any of them.
  •  The user undertakes not to post or broadcast any advertisement, promotional material, or any form of promotion on the platform.
  •  The user undertakes not to publish any material that contradicts or conflicts with the intellectual property rights of others.
  •  The user undertakes not to collect or store personal information about others.
  •  When using the platform, the user is responsible for compensating the Center "NCC" for any loss or damage that it suffers due to misuse.
  •  The user is responsible for compensating the Center "NCC" if the user intentionally introduces any malicious or technologically harmful viruses to the platform, attacking the platform or blocking its services.
  •  The Center is not responsible for any loss or damage caused by viruses, distributed attacks to disable the services. The Center is also not responsible for any other harmful technological material that may infect the user's device, software, data, or other proprietary material due to using the platform, downloading or sharing any part of its content available, or using any of the websites linked to it.
  • The Center is not responsible for the website's content linked to the platform, and the Center is not responsible for any loss or damage that may result from the use of these links.
  •  The feedback summary report published within the proposed draft laws is prepared by the government entity presenting the draft law. The views and observations contained in the report do not represent the Center's point of view.
  •   Some services on the platform are only available for registered members. The user can request support or services electronically by submitting the required personal data, and the user acknowledges that any information provided through those parts is complete and accurate. The user also will not attempt to access the platform by using the name of another person and will not adopt a username that the Center may deem inappropriate.
  •  The platform is committed to providing adequate protection for the submitted personal data in accordance with electronic and legal protection procedures to preserve the confidentiality of data.
  •   Confidential personal data are only available to the Center employees according to the nature of their work that requires them to know these data, and these data will not be available to the public or any other party without the user's approval.
  • The Center has the right to terminate or suspend the access of the user to the platform without prior notice when the user violates these terms and conditions or laws or as a result of any behavior that the Center may deem to violate international agreements and norms, or harmful to others.
  • The user acknowledges and clearly understands that any use of the platform or any available material is subject to the user's responsibility. Neither the Center nor any of its employees can provide the full guarantee that the platform will not be subject to interruption or will be free from problems or errors, and there is no guarantee concerning the result that the user will obtain from using the platform.
  • The Center owns all copyrights to this platform's content. The user agrees to abide by all terms and conditions and retain all copyright and other notifications on any content obtained through the website. The user also agrees not to use any of the platform's content for any commercial or other purposes without written approval from the Center.
  • The Center has the right to amend these terms and conditions at its discretion, and such amendments shall take effect once they are published. After making such amendments, if the user uses the platform, it means he/she approves the amendments, as the user must periodically review these conditions.

Relevant Legislations:

  • Essential Cybersecurity Controls​​



This privacy and data protection policy applies to only You should carefully read their privacy and data protection policy when transferring to another website through this platform. The provisions and procedures in the law shall not prejudice any provision granting a right to the owner of personal data or deciding to protect it better, provided for by another regime or international agreement to which the Kingdom is a party. 

1- Use at Your Own Risk: The Platform contains links to other websites that are not subordinate to the Digital Government Authority supervisors and so are not responsible for the content of those sites. Any dangers arising from browsing sites through the links provided on the Platform are the User's responsibility. The Platform contains links to other websites or portals that may attempt to protect information and privacy using tools different from those used by the Platform; consequently, we are not responsible for the content or the means of privacy protection used. We advise Users to review the privacy policies of these websites. Some of the Authority’s websites use Cookies; these files give Users full access to websites. If desired, Cookies can be used to remember passwords and simplify accessing the website. Cookies files are stored on the computer's hard disk if they have been accepted and coded.

2- Limits of Liability: Users hereby acknowledge their awareness that online communications can be spied upon or hacked by third parties. As confirmed, Users are aware that the Platform will not alter information made available by official government agencies and that, in addition, all online applications and administrative procedures can also be made directly and executed in person. The platform takes no responsibility for any loss or damage Users may suffer from using and visiting the Platform, including as the result of any information, statement or view announced on it. Further, the Platform is not responsible for any problems that may arise in accessing the Internet and any damages to machines or software, nor can it be held accountable for any misconduct or malicious comment made by other users logged in to it.

3- Protection from Viruses: Users shall avail themselves of the appropriate Antivirus Programs when attempting to download any content from the Platform. We are not responsible for any loss or damage to data or the User computer that may arise during the use of this Platform or any of its content.

4- Assignment of Claims: Istitlaa and all its services, sources of information and other materials are for personal use without acknowledgement or warranty. The Platform is not responsible for errors or excesses that may arise due to the use of its content or links, whether known or unknown. Any communication or information sent by Platform Users is not the possession of the sender nor guaranteed concerning privacy. In addition, any interactive use by Platform Users does not secure any rights, licenses, or privileges.

5- Compensations: Users hereby acknowledge never to act against the Digital Government Authority or its administrators, including all agencies, employees or authorised agents responsible for managing or updating the GOV.SA Platform of Unified Government Services. This clause is considered a legal exemption of obligations or responsibilities regarding claims resulting from user violation of terms, conditions of use, or other relevant regulations inside and outside Saudi Arabia.

known or unknown, and this clause is considered a legal exemption from the claim resulting from the use of the platform. ​

National Cybersecurity Strategy

With the significant acceleration of digital transformation, the rates of cyber attacks and the risks of data breaches have increased, making the Kingdom keener to provide a secure environment for data and digital operations through a robust security system. Here comes the role of the National Cybersecurity Authority in developing, implementing, and supervising strategies.


National Cybersecurity Strategy

The National Cybersecurity Strategy was developed to reflect the strategic ambition of the Kingdom in a manner that is balanced between security, trust, and growth. It is created to achieve the concept of (a safe and reliable Saudi cyberspace that enables growth and prosperity) It also includes six main concepts:

1- Integration

2- Regulation

3- Assurance

4- Defense

5- Cooperation

6- Construction

The national strategy aims to:

  • - Integrated cybersecurity governance at a national level

  • - Effective management of cyber risks at the national level

  • - Protecting cyberspace

  • - Strengthening national capabilities in defense against cyber threats

  • - Strengthening partnerships and cooperation in Cybersecurity

  • - Building national human capabilities and developing the cybersecurity industry in the Kingdom

Controls and policies

Basic Cybersecurity Controls

In order to reduce the cyber risks on the information and technology assets of the entities at the internal or external level, the authority has worked on 114 basic cybersecurity officers divided into five main components:

  • Cyber Security Governance

  • Enhancing Cybersecurity

  • Cybersecurity resilience

  • Third-party Cybersecurity and cloud computing

  • Cybersecurity for industrial control systems

Cybersecurity Legislation

Anti-Cyber Crime Law

The Anti-Cyber Crime Law aims at preventing cybercrimes by identifying such crimes and defining their punishments. The objective is to ensure information security, protection of public interest, morals, protection of rights of the legitimate use of computers and information networks, and protection of the national economy.

Cybersecurity Regulation

Related Links

 Security of Website and Its Related System

Ncc has a department specialized in information security that works on the security of the Website and its related systems according to strategic objectives related to compliance with international standards, security policies and procedures to protect information assets from security risks. Penetration test is performed periodically on NCC systems, and the two-factor verification feature is applied to access the Authority's Website and its related systems to enhance security in access and data protection. 

Public consultation platform's Website imposes a high degree of security on all the Website's equipment and servers, as the latest protection devices are equipped, and NCC makes every effort to examine and test the contents of the Website, and the user must commit to running anti-virus programs in all materials that he/she downloads from the Website.​

By continuing to use our website, you acknowledge the use of cookies Privacy Policy