Article 1: Introduction
The National Debt Management Center (NDMC) was initially established as the Public Debt Management Office in the fourth quarter of 2015 as part of the National Transformation Program initiatives. Subsequently, Cabinet Resolution No. (139), dated 16/02/1441 AH, was issued, converting the Public Debt Management Office at the Ministry of Finance into the National Debt Management Center (NDMC). The center was granted an independent legal personality, as well as financial and administrative autonomy, while being organizationally linked to the Minister of Finance. Its primary mandate is to manage public debt, which includes securing the Kingdom's financing needs at the best possible cost over the short, medium, and long term, while maintaining risks that align with the Kingdom's financial policies. Additionally, the NDMC aims to ensure sustainable access to various global markets at fair pricing.
Over time, the center has expanded its scope of work beyond addressing financing needs. It now also includes monitoring credit ratings, enhancing human capital, and empowering and supporting other entities, all to contribute to the realization of Saudi Arabia's Vision 2030.
Article 2: Data Collection and Purpose
First: Personal Data Collected
- User's first name
- User's last name
- Email address
- Mobile number
- Gender
- Nationality
- Location (City)
- Education degree
- Educational institution
- Major
- GPA
Second: Purpose of Collecting Personal Data: Personal data is collected to address user inquiries, suggestions, or complaints.
Article 3: Methods of Data Collection:
First: Personal data is collected directly from the user through registration on the website. No personal data is collected from third parties.
Second: Personal data is indirectly collected via cookies when users visit the website.
Article 4: Use of Personal Data:
Personal data is used for processing job and training applications and for sharing data as required.
Article 5: Storage and Disposal of Personal Data:
Personal data is stored within the Kingdom of Saudi Arabia on servers managed by the National Government Resource Planning Center. These servers are secured using advanced technologies compliant with the policies and regulations of the National Cybersecurity Authority and international standards to prevent unauthorized access and mitigate cyber risks.
Data will be securely destroyed within three years of storage in a manner that prevents access or recovery, in accordance with the policies of the National Debt Management Center.
Article 6: Legal Basis for Collecting and Processing Personal Data
Personal data is collected and processed based on the consent of the data subject. Consent may be withdrawn at any time, provided there is no other legal basis for retaining or processing the data.
For assistance with withdrawing consent, users may contact the Cybersecurity Governance and Data Management Department at the National Debt Management Center via email: CS@NDMC.GOV.SA.
Article 7: Rights of the Data Subject
- Right to Awareness: The data subject has the right to be informed about how their data is collected, the legal basis for its collection and processing, and how it is processed, stored, and destroyed.
- Right to Access Personal Data: The data subject has the right to request a copy of their personal data via the email provided in Article 10. The requested data will be provided free of charge within seven (7) business days through email.
- Right to Rectify Personal Data: The data subject has the right to request correction of their personal data if it is deemed inaccurate, incorrect, or incomplete. Requests can be submitted via the email specified in Article 6 and will be processed within seven (7) business days from the date of the request.
- Right to Erase Personal Data: The data subject has the right to request the deletion of their personal data under specific circumstances, unless legal or contractual obligations require retaining it for a specific duration.
- Right to Withdraw Consent for Data Processing: The data subject may withdraw consent for the processing of their personal data at any time, provided no legitimate purposes require otherwise.
Article 8: Sharing or Exchanging Personal Data
No personal data collected through the NDMC website is shared with or exchanged with other entities.
Article 9: External Links
The NDMC website provides links to other websites for the convenience of its users. However, the NDMC is not responsible for the content of these external websites, their proper functioning, or any issues that may arise from their use. Users are solely responsible for their actions while using these external websites accessed through the links provided on the NDMC website.
Article 10: Exercising Data Subject Rights
The data subject may request access, correction, or deletion of their personal data by contacting the NDMC via the following:
Article 11: Personal Data Protection Officer
- Name: Cybersecurity Governance and Data Management Department at the National Debt Management Center (NDMC).
- Email: CS@NDMC.GOV.SA
Article 12: Complaints and Inquiries
For complaints or inquiries related to the privacy policy or the handling of personal data, users may contact the website management via the following email: Info@ndmc.gov.sa. If no response is received within seven (7) business days, users may escalate their complaint or inquiry to the Cybersecurity Governance and Data Management Department.
Article 13: Privacy Policy Updates
- The latest update to this policy was made on 23/12/2024.
- The NDMC website management reserves the right to add or amend any provisions of this privacy policy, and the management retains the right to terminate a user's account if they do not accept the updated policy.
- Arabic is the official language for interpreting the terms and conditions of this policy. In the event of any discrepancy between translations, the Arabic text will prevail.
Article 14: NDMC Website Management
Supervising Entity: National Debt Management Center (NDMC).
References:
This policy has been prepared in accordance with the requirements of the Personal Data Protection Law of 1443 AH and its implementing regulations, which serve as the primary reference for this policy.
For the disclaimer statement, please click here.