Privacy policy


The Main Principles and General Rules ​​for Personal Data Protection, Data Handling, and Freedom​​


The main principles and general rules for personal data protection:

Saudi Standards, Metrology and Quality Organization(SASO) adopt a policy that protects the privacy of information, as the SASO portal places the confidentiality of information of its users and visitors at the top of its priority list. The portal administration exerts all its efforts to provide a high-quality service for all beneficiaries, and the privacy and confidentiality of information, described below, are part of the terms and conditions of SASO's electronic portal.

SASO does not gather personal information about you when you visit its portal, unless you choose, specifically and with your knowledge, to provide such information to us. If you choose to provide your information, we will only use it to fulfill your request for information or services in accordance with the present policy, and by using the portal of SASO, you agree to this privacy and confidentiality of information policy.

Visitors to the portal and the beneficiaries of its services shall continually review the terms and principles of privacy and the confidentiality of information to know its updates, noting that the portal administration is not obliged to announce any updates made to these terms and principles. Your use of the portal indicates that you are informed and accepted these terms and principles as well as its constant amendments.

SASO is not responsible under any circumstances for any direct, indirect, incidental, consequential, special, or exceptional damages arising from the misuse of the portal. 

Personal information security:

The privacy and confidentiality of information document has been prepared to help visitors and users understand the nature of the data collected from them when visiting the portal and how it is handled. The portal administration takes appropriate procedures and measures to maintain the personal information in a safe manner that guarantees its protection against loss, unauthorized access, misuse, or unauthorized modification and disclosure. Among the most important operational measures at SASO to protect the visitor's personal information:

  1. Strict procedures and measures to protect information security and the technology we use to prevent fraud and unauthorized access to our systems.
  2. Regular and periodic update of the protection procedures and controls that meet or exceed the standards.
  3. Our employees are qualified and trained to respect the confidentiality of our visitors’ personal information. 

Collecting personal information:

 Once the user visits the SASO portal, its server records the user's IP address, the date and time of the visit, and the address of any website refers you to the SASO portal.

Most websites place small files on the visitor's hard disk (the browser). These files are called "cookies", and cookies are text files. These text files contain retrievable information for the site in order to recover it when needed during the user's next visit to the site; such saved information include:

  • Recalling username and password-
  • Saving page settings, if available on the portal.
  • Saving the colors chosen by the user.
  • Not allowing overvote for the same user.

The portal visitor may not have to enter the password in each visit, as the site system will be able to identify it via the cookies. Cookies may also prevent the user from overvote if he has voted beforehand. On this basis, SASO portal will use the information of cookies files for technical purposes for repetitive visit. The portal may also change the information of cookies or add new information whenever the portal is visited.

If you use a direct application or send us an e-mail through SASO portal, providing us with personal data, we may share the necessary data with other bodies or departments in order to serve you more effectively. We will not share your personal data with non-government bodies unless they were authorized to perform specific government services. By submitting your data and personal information through the portal, you fully agree to the storage, processing and use of that data by the Saudi authorities. We are entitled at all times to disclose any information to the competent authorities when necessary to comply with any government demand in accordance with the requirements of Saudi regulations.

Protecting your privacy:​

In order to help you to protect your personal information, we recommend the following:

  • Contact us immediately when you think that someone was able to get your password, use code, PIN, or any other confidential information.
  • ​Do not give any confidential information over the phone or via the Internet unless you know the person's identity or the party receiving the information.
  • Use a secure browser when conducting online transactions, close unused applications on the network, and make sure that the antivirus software is regularly up-to-date.
  • Your inquiries and opinions about the privacy principles can be delivered by contacting the portal administration via the contact form on our Contact US page.
  • To protect your sent personal data, it is saved electronically using appropriate security technologies. This portal may contain electronic links to sites or portals that may use different data protection and we are not responsible for the contents, methods, and privacy of these other sites, and we recommend you to refer to the privacy notifications of those sites.​

Sending e-mails:

When you inquire or request information about a specific service or when you give additional information using any means of communication with SASO, whether electronic or non-electronic, such as the inquiry request on our site, we will use your email address to respond to your inquiries. Furthermore, it is possible to save your address, your message, and our response for quality control purposes. We may do so for legal and regulatory purposes. 

Main principles and general rules for data sharing:

  • We provide publishable data from the right sources and we ensure that it is not duplicated or conflicted with any other data.
  • We provide data for the practical objectives that achieve public interest without causing any harm to the activities of the bodies, the privacy of individuals, or the safety of the environment.
  • Access to data is available to qualify and properly trained people.
  • All the necessary information for data exchange is in circulation, including the data required, the purpose of collection, means of transmission, methods of preservation, controls used for its protection, and the disposal mechanism.
  • The security controls stipulated in the data circulation agreement shall be applied.
  • The appropriate security controls are applied to protect the data and its circulation in a safe and reliable environment in accordance with the relevant laws and regulations.
  • Ethical practices are applied during the data sharing process to ensure that it is used with fairness, integrity, honesty, and respect.

Main principles and general rules for the freedom of information:

  • ​The individual has the right to know the information about public activities to enhance the integrity and transparency system.​
  • The request for access to protected information must be accompanied by its justification in a clear and frank manner.
  • Everyone has the right to see the public (unprotected) information.
  • All requests for access or obtain public information shall be dealt with based on equality and non-discrimination between individuals.

Rights of individuals to access or obtain public information:

  • The right to access any unprotected information.
  • The right to know the reason of refusing access or obtain the requested information.
  • The right to appeal against the decision to reject the request for access or to obtain the requested information.

Related Legislation:

The Electronic Transactions Law

The Anti-Cyber Crime Law

The Essential Cybersecurity controls​




Last modified 28 Apr 2021
Rate content