Privacy Policy

The Ministry of Environment, Water, and Agriculture (mewa.gov.sa) acknowledges the importance of your privacy and personal data; therefore, we are committed to keeping all information and data important to all users safe, secure, and confidential.

The privacy policy and procedures of mewa.gov.sa are subject to the Personal Data Protection Law (Royal Decree No. (M/19) dated 1443/2/9H), the key principles for the protection of personal information, and the general rules for data exchange issued by the Saudi Data and Artificial Intelligence Authority and the National Data Management Office.

The Personal Data Protection Law and its executive regulations provide the legal basis to protect your rights regarding the processing of personal data by all entities in the Kingdom, as well as all entities outside the Kingdom that process personal data related to individuals residing in the Kingdom using any means, including processing personal data online.

Our basic principles of data protection policy include the following:

  • Accountability of the entity's head (or their delegate) for the privacy policies and procedures of the data controller.
  • Transparency through the privacy notice indicating the purposes for which personal data is collected.
  • Choice and consent obtained through implicit or explicit consent regarding the collection, use, and disclosure of personal data before its collection.
  • Limiting the collection of data to the minimum necessary to achieve the purposes.
  • Strict use, retention, and destruction for the intended purpose, retaining it as long as necessary for the intended purposes or as required by laws and regulations, securely destroying it, preventing leakage, loss, theft, misuse, unauthorized access.
  • Access to data that allows any data subject to review, update, and correct their personal data.
  • Disclosure limitations on data adopted by the data subject restricting third parties for purposes stated in the privacy notice.
  • Data security by protecting personal data from leakage, damage, loss, theft, misuse, alteration, or unauthorized access, following the controls issued by the National Cybersecurity Authority and other relevant authorities.
  • Data quality after verifying its accuracy, completeness, and timeliness.
  • Monitoring the privacy policies and procedures of the data controller, compliance with them, and any inquiries, complaints, and disputes related to privacy.

The National Standards for Data Management and Personal Data Protection cover 15 areas of data management and personal data protection. The standards apply to all government data regardless of the form or type, including paper records, email messages, electronically stored data, voice recordings, videos, maps, images, scripts, handwritten documents, or other recorded data.

The application of the provisions of the Personal Data Protection Law and its executive regulations does not diminish the jurisdiction and tasks of the National Cybersecurity Authority as a cybersecurity authority specialized in cybersecurity and its affairs in the Kingdom.