Overview
Elaboration and Developing Privacy Policy Guideline — Third: Personal Data to Be Collected requires the Controller to clearly inform Data Subjects about the categories of Personal Data that will be collected.
It emphasizes transparency by organizing Personal Data into identifiable categories, clarifying data sources, and informing Data Subjects whether providing such data is mandatory or optional for processing purposes.
SDAIA's Official Text
The text below reproduces official PDPL law, regulation, or guideline issued by the Saudi Data & AI Authority, verified against the original SDAIA source. No changes or reinterpretation applied.
Third: Personal Data to Be Collected
The Controller shall clarify Personal Data to be collected either before or during the collection process. Such data can be divided into specific categories as per its type and sources, making it easier for the Data Subject to identify data to be collected clearly and accurately, including, but not limited to:
- Account Data: (Key data collected directly from the user to create an account or personal file, such as name, PIN, addresses, and contact numbers).
- Payment Data: (Data collected for payment purposes, such as bank card number, payment amounts, etc.). Data obtained from other parties.
- Cookies Data: (Data collected by website logs, cookies or similar technologies).
- Location Data
The Controller shall also inform the Data Subject whether collection of this data is mandatory or optional for processing purposes.
Plain-Language Explanation
The explanation below is provided to help you understand the SDAIA’s legal text and does not replace or override the official PDPL law, regulation, or guideline.
