Policy and Privacy

The Saudi Electronic University (SEU) is committed to protecting the personal data of individuals who benefit from its services and systems, and to preserving their privacy by applying the necessary administrative controls and technical measures in accordance with applicable regulations, laws, and related policies. Personal data will not be disclosed except under legally defined and permitted conditions. SEU ensures the protection of your data in line with the policies and legislation issued by the National Cybersecurity Authority.

This Privacy Notice is designed to help users of SEU’s services and systems understand the nature and types of personal data collected through the university’s various channels, the purpose of collecting and processing this data, how it is protected, and with whom it may be shared.

By using SEU’s services, accessing its platforms, or consenting to pop-up notices, you acknowledge and agree to the terms outlined in this Privacy Notice and any ongoing updates. Therefore, SEU encourages all users to review this notice regularly. You may withdraw your consent at any time unless there is another legal basis for processing your data, by emailing the Personal Data Protection Officer at the university’s Data Management Office: PDM@seu.edu.sa

What is Personal Data?

Personal data refers to any information that can identify you directly or indirectly when combined with other data. This includes:

• Name, address, and contact information (e.g., phone number, email address)
• Age, date of birth, nationality, and ID number
• Bank account and card numbers
• Sensitive personal data, such as health-related information
• Direct data including personal images captured during remote online exams (final, midterm, and quizzes) using AI-based monitoring or human proctors (female proctors for female students)

What is Data Processing?

Data processing means any operation performed on personal data, such as access, collection, use, storage, sharing, modification, printing, copying, archiving, deletion, transfer, blocking, disclosure, linking, and other relevant operations.

Data is processed in accordance with the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 09/02/1443H and its amendments. Legal grounds include:

1. Regulatory Compliance, including:

• University Law (Royal Decree No. M/27, dated 02/03/1441H)
• Personal Data Protection Law (Royal Decree No. M/19, dated 09/02/1443H, amended by Royal Decree No. M/148, dated 05/09/1444H)
• Other relevant regulations and bylaws

2. Public Interest:

• To improve educational quality and outcomes

Other typical legal bases for processing:

• Based on your explicit consent
• To fulfill contractual obligations
• To comply with legal requirements
• To fulfill service-related obligations
• For the public interest or to perform a governmental task
• To pursue legitimate interests where contacting you is impossible or difficult
• Under another law or agreement you are party to
• For security purposes or legal compliance

We may process your data through various means including display, collection, usage, storage, sharing, modification, printing, copying, archiving, and deletion, for purposes such as:

• Managing the educational process and academic services (e.g., course registration, digital library use)
• Processing faculty/staff data for payroll, benefits, performance reviews, etc.
• Operating, maintaining, and improving digital systems and services
• Enhancing learning outcomes and decision-making support
• Personalizing your experience (e.g., remembering preferences)
• Communicating academic/admin services (alerts, announcements, newsletters)
• Conducting statistics, research, and analysis
• Fulfilling public interest
• Processing financial transactions (e.g., payments, procurement, tax reporting)
• Sharing data with government entities or contracted third parties for job offers
• Complying with legal and regulatory obligations

Data collection and processing are mandatory to allow SEU to function as an educational institution. Failure to provide necessary data may prevent the university from offering services to students, employees, or faculty.

Data may be collected directly from you or from other sources (e.g., Absher Platform, Ministry of Human Resources and Social Development) as explained in Section 5.

To update your data, contact the Personal Data Protection Officer at PDM@seu.edu.sa

SEU processes your data for the purposes listed above. However, under the Personal Data Protection Law, we may collect or process your data from other sources or for other purposes in certain cases, including:

• With your explicit consent
• If your data is publicly available or sourced from a public platform
• If required for vital interests
• If required to protect public health, safety, or lives
• If your data is anonymized so you cannot be identified
• If required for the public interest or to enforce applicable regulations

Depending on the circumstances and the law, you may have the following rights:

1. Right to Information:
   You have the right to be informed about the legal basis and purpose of data collection and to ensure your data is not used in ways inconsistent with its original purpose.
2. Right to Access:
   You may access your personal data and request a clear, accurate, and free copy.
3. Right to Rectification or Update:
   You may request that we correct, complete, or update your data.
4. Right to Deletion:
   You may request the deletion of your data if it is no longer needed, subject to legal obligations.

To exercise any of these rights or ask for more information, please contact us.

Your data may be processed outside Saudi Arabia within limits permitted by local regulators, and with full compliance to the Personal Data Protection Law.

SEU prioritizes personal data protection and complies with relevant laws and policies in Saudi Arabia. Your data will only be used with your consent and as needed for administrative, academic, and organizational purposes via SEU systems, such as:

• Student Information System (Banner)
• E-learning System (Blackboard)
• Enterprise Resource Planning (ERP)
• Alumni Platform
• Moqeem Qualification Service
• Other university platforms

• SEU will not share your personal data with non-governmental parties unless they are officially authorized to provide government services, or unless you give explicit consent, and only within legally permissible boundaries.
• Personal data may be shared with government entities for legally justified purposes serving the public interest, without harming national security, agency operations, individual privacy, or environmental safety. Data excluded by royal decree is exempt.
• Data is shared via a secure, trusted environment. SEU may sign data-sharing agreements with external parties, under defined terms in line with data-sharing principles.
• We may disclose your data to:
• • Consultants or contractors who provide data-processing or professional services
  • Government regulators and authorities
  • Other third parties under regulatory, legal, or institutional obligations

Personal data is securely stored and processed on SEU systems and servers, protected in accordance with regulations from the National Cybersecurity Authority and SDAIA (Saudi Data and AI Authority). Data is accessible only to authorized personnel based on their job responsibilities.

If we no longer need your data and have no legal basis to keep it, we will initiate deletion, anonymization, or return of the data (unless legally required to return it to another party). Data is retained for three years, after which deletion procedures begin. We ensure:

• If anonymized: You cannot be identified again.
• If deleted: Your data cannot be recovered.

To contact the Personal Data Protection Officer – Data Management Office:
📧 PDM@seu.edu.sa