Privacy Policy

Your Privacy Matters

At the Royal Commission for Makkah City and Holy Sites, we are committed to protecting your personal data and ensuring that privacy is the cornerstone of our operations and practices. The Commission also complies with all applicable data privacy laws and regulations, including the Personal Data Protection Law in Saudi Arabia.

Our privacy notice applies to all products and services provided by the Commission. This notice explains how your personal data is collected, used, and protected in relation to your use of this service in clear and straightforward language. Please note that we collect personal data accurately and in accordance with the Personal Data Protection Law, as outlined in this notice.

By accessing this website and continuing to use it, you agree to the terms and conditions of this privacy notice. If you do not agree, please do not access or continue using this website.

Personal Data: Refers to any information that can identify you as an individual. This includes your name, contact details, account information, and any other data that can be linked to you personally.

What Personal Data Do We Collect?

To provide our services, we may collect the following main types of personal data about you:

Identifiers: Full name, date of birth, national ID number, and passport number.
Contact Information: Mobile number, email address, and national address.
Financial Data: Bank account details, payment card information, and transaction history.
Technical Data: IP address, operating system, platform, and cookies.
Usage Data: Information on how you use our website/app, products, and services.
Marketing and Communication Data: Your preferences for receiving marketing from us and your communication preferences.
Sensitive Data: Biometric and health data.

How Do We Collect and Use Your Personal Data?

We collect your personal data through the following methods:

Direct interactions: You may provide personal data by filling out registration forms.
Automated technologies or interactions: While interacting with our website/app, we may automatically collect technical data about your devices, browsing actions, and usage patterns.
Third parties or publicly available sources: We may collect personal data about you from various third parties or public sources.
Collection from minors: The Royal Commission's website and apps are intended only for individuals aged 18 or older and/or legally eligible. If the data subject is under 18 or not legally eligible, a parent or legal guardian must consent on their behalf, as the Commission requires consent to collect and process personal data of minors.

Why Do We Collect Your Personal Data?

Your personal data is collected for the following purposes:

To create and manage user accounts for access to our website/app.
To process user requests, facilitate platform interactions, and provide personalized user experiences.
To provide customer support, respond to inquiries, and resolve account-related issues.
To protect the security of our apps, prevent fraud, and comply with regulatory requirements.
To analyze user data to improve our apps, enhance user experiences, and develop new features.
To suggest and recommend new services, features, or products that may interest users based on their usage patterns and preferences.

How Do We Process Your Personal Data?

Your personal data will not be processed in ways inconsistent with the original purpose of collection. We process your personal data manually and automatically using the Royal Commission for Makkah City and Holy Sites’ systems or data processing tools to provide you with the best services.

Legal Basis for Collecting and Processing Your Personal Data:

We collect and process your personal data based on one of the following legal grounds:

Consent: When you provide explicit consent to collect and use your personal data.
Contract performance: Processing personal data is necessary to perform a contract you are a party to or to take steps at your request before entering a contract. This includes providing technical services and customer support.
Legal obligation: We process personal data to comply with applicable laws and regulations in force in the Kingdom..
Vital interests: We may process your personal data to protect your vital interests or those of another individual.
Legitimate interests: We process your personal data to pursue our legitimate interests, provided that such interests are not overridden by your rights.
Public interest: In some cases, we may process your personal data based on requests from public authorities or for public interest purposes.

With Whom Do We Share Your Personal Data?

We do not sell your personal data to third parties. However, we may share your personal data with trusted partners or service providers to fulfill the purposes described or as required by law.

We may need to disclose your personal data outside the Commission if we believe it is necessary for:

Legal compliance: Sharing personal data to comply with applicable laws, regulations, and legal procedures, including requests from government or security authorities.
Research and analysis: Sharing anonymized and aggregated data with third parties for research, analysis, and other purposes without revealing personal identities.
Business transfers: In case of mergers, acquisitions, or sales of assets, personal data may be transferred to the relevant third party while ensuring protection according to this privacy notice.
Service delivery and improvement: Sharing personal data with trusted external service providers to operate our services or support users. Providers are contractually obligated to maintain privacy and use data only for the disclosed purposes.

Data Transfer to Other Countries

When transferring personal data outside Saudi Arabia, we ensure it has an adequate level of protection and the transfer is lawful. This includes relying on adequacy decisions by relevant authorities and standard contractual clauses. For more details on protections when your data is transferred, contact us using the details below.

How We Protect Your Personal Data

All information you provide is stored on our secure servers.

To protect your data during storage and transmission, we have implemented advanced security measures including administrative, technical, physical, and organizational controls controls to maintain the confidentiality of your personal data. This includes access controls, encryption, regular security assessments, employee training, and continuous monitoring and updating of security measures to mitigate risks and safeguard your data from unauthorized access, disclosure, alteration, or destruction. Our rigorous approach to information security ensures the highest standards of privacy and compliance with data protection regulations.

Retention of Personal Data:

We retain your personal data only as long as required by regulations for the purpose specified in this notice. Data is kept and used as necessary to comply with legal obligations, resolve disputes, and enforce our agreements and policies.as directed by regulatory authorities. We retain your information in accordance with our Data Retention Policy. We will not keep your personal data for longer than is necessary for the purpose for which it was collected. This means that your personal data will be destroyed or erased from our systems when it is no longer required, in accordance with our approved data destruction methods. We take appropriate steps to ensure that your personal data is processed and retained based on the following

For the duration that personal data is used to provide the service to you.
As required by law, contracts, or our legal obligations.
Only for as long as necessary for the purpose it was collected or processed, or longer if required by law, contracts, or for statistical purposes (if anonymized), with appropriate safeguards.

Your Rights Regarding Your Personal Data:

You have the following rights regarding your personal data:

Right to be informed: You have the right to know about the collection and use of your personal data, including why and how it is collected, purposes of processing, and parties it is shared with.
Right of access: Request access to the personal data we hold about you.
Right to receive personal data held by the Commission in a clear and readable format: You may request your personal data in a clear and readable format, if technically possible, through your preferred channel.
Right to correct your personal data: Request correction of any inaccurate or incomplete data.
Right to request the destruction of your personal data: Request deletion of your data under certain circumstances.
Right to withdraw consent: You may withdraw consent to process your personal data at any time unless there are legal grounds requiring otherwise. This right allows you to request that the Commission cease processing your personal data.
Right to lodge a complaint with the competent authority: You may file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) if you feel your rights have not been upheld.

Requests to exercise these rights will receive an initial response within one week of receipt. Contact us via:

Email: rcmcdmo@rcmc.gov.sa

Phone: 800 10000 41

Is Providing My Personal Data Mandatory or Optional?

The Commission requires your personal data to provide the requested services. If you do not provide the required personal data, the Commission may refuse your service request, or if the service has already been provided, it may need to suspend or discontinue the service, which may result in the termination of your relationship with us.

When collecting data through forms or digital applications, mandatory fields are marked with an asterisk (*), while optional data may be omitted at your discretion.

Contact Information:

For more details on data processing and exercising your rights, contact the Geospatial and Business Intelligence Data Center at the Commission using the details below:

Al-Hamra & Um Al-Jood, Unit 6850

Email: RCMCDMO@rcmc.gov.sa

How to File a Complaint or Objection?

If you have concerns or if we fail to comply with the Personal Data Protection Law, you may file a complaint with the Data Management Office at the Commission by emailing the Data Protection Officer at rcmcdmo@rcmc.gov.sa. If unsatisfied with the response or no response is received within a month, you may escalate the complaint to the Saudi Data and AI Authority (SDAIA).

SDAIA Address:

Kingdom of Saudi Arabia

Riyadh

Website:

Saudi Data and Artificial Intelligence Authority (sdaia.gov.sa)

National Data Governance Platform (dgp.sdaia.gov.sa) "DGP"

Privacy Notice Updates:

The Commission reserves the right to amend this privacy notice from time to time. Changes take effect immediately upon posting on this website. Users are encouraged to review this notice periodically to stay informed of any updates.

Last Updated : 24‏/06‏/1447 - 11:18 ص Saudi Time

The City of Peace

Culture & Heritage

Landscapes & Weather

Local Makkah Cuisine

News & Insights

FAQs

The First House of Worship

Jabal al-Nour & Ghar Hiraʾ

Jabal al-Thawr

Ayn Zubaydah

Al-Hudaybiyah

Wadi al-Asilah

Al-Jaranah Mosque

Mosque of the Jinn

Al-Masjed Al-Haram

Mina

Mashear Arafat

Muzdalifah

Namira Mosque

Jamarat Bridge

Historical Sites

Heritage Mosques

Enrichment Sites

Nature and Parks

Tourist Experiences

Tourist Trails

Cultural Events

Entertainment Events

Sporting Events

Economic Events

Café & Restaurants

Makkah Shopping Hubs

Makkah Originals

Visa Information

Getting Around

Healthcare Guide

Religious & Linguistic Guide

Currency & Payment Methods

Stay Connected

Assistance & Hotlines

Visitor Code

Tour Operators

Tour Guides

Travel Handbook

Services

Main Menu

About Makkah

Experience Makkah