share this
The University of Hafr Al-Batin was established by Royal Decree No. (20937) on 02/06/1435 AH to complement other Saudi universities in serving the educational process and to be a supporting and assisting entity in translating the Kingdom of Saudi Arabia’s ambitious developmental plans.
The University of Hafr Al-Batin launched carrying an academic legacy from two distinguished institutions: Imam Abdulrahman Bin Faisal University (formerly University of Dammam) through the Colleges of Education for Girls in Hafr Al-Batin, Al-Nairyah, Al-Ulya, and Khafji—all under its umbrella—and King Fahd University of Petroleum and Minerals through the Community College and male university colleges under the parent university in Dhahran, which continued from its inception until the official announcement of the university.
From its commitment to upholding full privacy, as emphasized in Article 12 of the Personal Data Protection Law, the university collects various types of data directly and indirectly across its administrative, academic, research, and developmental projects, all aimed at benefiting users and protecting their privacy. It employs the best modern technical systems through its multiple channels, publicly listed on its website and other communication platforms.
The University collects the following data:
Employment Data: All information related to employment inside and outside the university from application to the end of service, such as job descriptions, ranks and grades, decisions, promotions, appointments, contracts, and other related information.
Academic Data: All information within the scope of the academic educational process, including records, enrollment, schedules, and teaching allocations.
Research Data: Research projects, their funding, research partnerships, surveys, and scientific statistics, with identity anonymization when required under the Personal Data Protection Law.
Financial Data: Data collected for the purposes of payments and rewards, such as account numbers and IBANs.
Basic Personal Data: Includes name, gender, ID number, nationality, marital status, and other identifying data necessary for the university to perform its operations.
Demographic Data: Includes the country of residence, age, and educational level.
Medical and Health Data: The university has a medical center that manages various medical and health data of beneficiaries, as well as data related to student health care. The university also receives medical excuses in cases of illness or medical leave.
Contact and Electronic Channel Data: Includes phone numbers, email addresses, personal addresses (national address), and login data for accounts on university platforms and applications, such as usernames and passwords.
Contractual Data: Data related to developmental projects within the university, implementing entities, and other information relevant to contractual operations.
Personal data is collected through direct means from the data subject or indirectly from other entities with various specializations, in accordance with Article 1, Paragraph 6 of the Personal Data Protection Law.
These direct and indirect means include, but are not limited to:
Official university channels during communication in academic, research, or employment matters.
Surveys and evaluations.
Inquiries and suggestions.
Electronic registration and its forms.
Services related to data collection.
Obtaining data from multiple other governmental and private entities within their areas of responsibility.
Technical data recorded through IP addresses or cookies during visits to the website.
The purposes of personal data collection vary depending on the entity and the nature of its work and data processing. Therefore, the university’s purpose in collecting and processing data is limited to its responsibilities and serves academic, research, administrative, and employment aspects, as well as internal developmental projects, improving outputs, and providing the best services to beneficiaries. This is in accordance with Article 13, Paragraph 2 of the Personal Data Protection Law, for the interests outlined in Article 1, Paragraphs 4, 5, and 6 of the Executive Regulations of the Personal Data Protection Law.
Additionally, Article 13, Paragraph 5 of the Personal Data Protection Law addresses the potential effects and risks resulting from the failure to complete the personal data collection process.
Personal data is processed within the university in accordance with university policies and its compliance with the Personal Data Protection Law, specifically Article 1, Paragraph 5, Article 13, and the Executive Regulations of the same law, particularly Article 21.
Accordingly, some of these uses and processing activities include, but are not limited to:
Organizational and administrative purposes.
Fulfilling requests and services for academic, administrative, and student personnel.
Conducting data analysis and statistics to support decision-making.
Sending awareness or guidance messages related to provided services.
Using personal data to complete student admissions, monitor their educational journey, and provide data to employers after graduation.
Responding to requests and inquiries.
Developing and improving the beneficiary experience.
Preparing activities and studies that serve the university and its beneficiaries.
The university may share your personal data after collection and processing with judicial, legal, or security authorities, as well as other governmental or non-governmental entities, but strictly within the framework of university policies and applicable regulations. The university emphasizes its full compliance with all measures that ensure the privacy and protection of personal data in accordance with the laws and regulations governing data privacy and protection, including the Personal Data Protection Law, its executive regulations, and related policies such as data sharing policies. The main objective is to regulate the sharing and handling of personal data and protect it from exposure to risks that may affect its owners.
Therefore, data concerning beneficiaries within the university can only be accessed, exchanged, or shared according to the controls and channels defined by the aforementioned regulations. Some cases require explicit consent, while others are exempt to meet judicial or security requirements, or when it serves the legitimate interest of the data owner, in accordance with Article 1, Paragraph 5 of the Executive Regulations and Articles 5, 6, and 7 of the Personal Data Protection Law.
This data sharing is preceded by various procedures governed by the data sharing policy, including a Data Sharing Agreement and a Data Sharing Controls Form. This is one of the university’s priorities to build trust in privacy and protect data owners.
Examples of sharing your personal data include:
Judicial and security authorities.
Governmental entities related to the university’s activities for purposes of integration, such as, but not limited to: the Ministry of Education, the Ministry of Human Resources and Social Development, and the National Information Center.
Entities that cooperate with the university based on agreements or memoranda of understanding for data exchange for legitimate purposes, including education, employment, or other services.
Employers (we share graduates’ data with them for job coordination and employment opportunities).
Other training providers or entities benefiting from training (we share personal data with them for training purposes).
The Personal Data Protection Law issued by Royal Decree No. M/19 dated 9/2/1443 AH, and amended by Royal Decree No. M/148 dated 5/9/1444 AH.
The Executive Regulations of the Personal Data Protection Law issued by Resolution No. 1516 dated 19/2/1445 AH.
The Data Sharing Policy issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), updated to version 2.0.
Your explicit consent in accordance with Article 5 of the Personal Data Protection Law, which you may withdraw at any time without affecting processing carried out based on other legal grounds. Exceptions to this explicit consent are confirmed in Article 6, Paragraphs 1-4, and Article 7 of the same law.
The aforementioned legal grounds may serve as a sole legal basis or collectively for processing certain personal data.
Your personal data is stored, processed, retained, and disposed of in a secure manner that prevents loss, misuse, or unauthorized access, in accordance with the university’s applicable laws and policies. This is carried out within the geographic boundaries of the university in the Kingdom of Saudi Arabia to ensure the protection of the national digital sovereignty of this data.
| Location | Storage Method |
Within the university boundaries. |
|
Under the Personal Data Protection Law, you have the following rights, which primarily depend on the purpose of collecting and processing personal data:
Right to be Informed: This includes knowing the legal basis for collecting your personal data and the purpose of such collection. You can review all details through the privacy policy or contact us using the information provided below.
Right to Access Your Personal Data: You have the right to access your personal data held by us in a readable format, in accordance with the controls and procedures defined by the regulations, without prejudice to the provisions of Article 9 of the law.
Right to Request Your Personal Data: You have the right to obtain your personal data in a clear and readable format, in accordance with the controls and procedures defined by the regulations.
Right to Rectify Your Personal Data: You have the right to request correction, completion, or updating of your personal data by contacting the responsible entity within the university. The data will be reviewed and updated within a specified period, and you will be notified accordingly.
Right to Erase Your Personal Data: You have the right to request the destruction of your personal data held by us that is no longer needed, without prejudice to Article 18 of the Personal Data Protection Law. The university may assess and determine the feasibility of data destruction without affecting its ability to provide future services or meet any legal requirements.
Right to Withdraw Consent: You have the right to withdraw your consent for the processing of your personal data at any time, unless there are legal grounds requiring otherwise.
If a request to exercise any of these rights is submitted, you will receive a response within thirty (30) days from the date the complete request is received.
For more details about the processing of your personal data and how to exercise your rights, you can contact the Personal Data Protection Officer at the University of Hafr Al-Batin, using the contact details provided below.
Security:
The University of Hafr Al-Batin adheres to fundamental cybersecurity controls and follows appropriate technical, physical, and organizational measures to protect personal information against unauthorized access and unlawful processing. However, the university does not guarantee that unauthorized external parties may not be able to breach these measures and use your personal information for inappropriate purposes.
If you have any objections, questions, or concerns regarding the privacy notice, you can submit a complaint to the relevant authority through one of the following channels:
Personal Data Protection Officer
Email: albader@uhb.edu.sa
Contact Number: 0137205426
Data Management Officer
Email: sattamturki@uhb.edu.sa
Contact Number: 0137205426
If you are not satisfied with how your objection or complaint is handled within thirty (30) days, you may file a complaint with:
Saudi Data and Artificial Intelligence Authority (SDAIA): sdaia.gov.sa
National Data Governance Platform: dgp.sdaia.gov.sa
The university reserves the right to update the privacy policy as necessary from time to time, and you are required to review updates to this policy.
In the event of a material change to this policy, a notification will be issued.
Comments and Suggestions
For any inquiries or comments about our services or colleges, please fill out the required information.
Contact Us