Privacy Policy

The Saudi Electricity Regulatory Authority (SERA) is committed to protecting your personal data and privacy.

The Saudi Electricity Regulatory Authority (SERA) is dedicated to providing the highest level of protection concerning the processing of personal data of beneficiaries in accordance with the Personal Data Protection Law and applicable regulations.

This policy aims to inform you about how your personal data is collected and processed by SERA, your rights as a data subject, how to exercise these rights, the methods of data collection, and the purposes for which your personal data is processed. This policy applies each time you use the website. The privacy notice is an integral part of the terms and conditions for using the website.

What do we mean by personal data?

All information that SERA collects and processes about you, which can identify you directly or indirectly, including data received from other sources, such as government or semi-government entities, or any third-party providing data to SERA. Additionally, it includes data collected when you use the website, cookies, or similar technologies.

Personal data collected or processed by SERA:

• Your personal information, including your name, date of birth, place of birth, nationality, country of residence, residence permit details, national identity, passport details, contact information, and the personal photo.
• Our interactions with you, including any records of phone calls between you and SERA, and any other related data such as your phone number, call time and date, call duration, routing information, and call types.
• Internal identifiers assigned by SERA to you, such as your business relationship, partner, project name, or customers ID.
• Contact data, including postal address, phone number, email address, and mobile number.
• Financial data, including details such as bank account numbers and International Bank Account Numbers (IBAN).
• Technical data from the website, including your protocol address used to access the website, website login data, information about your browser, search engine, and other technologies on the devices used to access the website without directly identifying you.

Personal data collecting method:

• Personal Data collected directly from the Data Subject:

  This is the personal data provided by the customers to SERA to benefit from the services provided by SERA. This data is mandatory for providing services, and SERA may not be able to serve you appropriately without this information.

• Personal Data collected indirectly:

1. Data received from external parties such as government entities or any other parties that provide your data to SERA.
2. SERA stores cookies data when you first visit the portal to remember your preferences, enable login, identify you as a customer, deliver awareness campaigns, combat fraud, and fulfill other legitimate purposes. Most browsers accept cookie settings by default, but providing this data to SERA is optional, you can reset your browser settings to refuse cookies. Please note that some services may not function properly if cookies are refused.

SERA may process your personal data for the following purposes:

• Providing the best service, including verify the quality of services provided by SERA, to improve the quality and the training.
• Monitoring and improving the website and the content.
• Awareness campaigns carried out by SERA or with the support of third parties.
• Communications and public relations in the process of providing services or consultations.
• Addressing any complaints received from the customers.
• Complying with the applicable laws, policies, standards, regulations, judicial or legal requirements, and requests from any official authority.
• Investigating violations, identifying violators, and any other actions required to investigate any breach.

Legal justifications for collecting your personal data:

•  Any of the competencies stipulated in SERA regulations.
• Fulfillment of legal or regulatory requirements.
• implementing an obligation in which the data subject is involved.
• Protection of vital interests or prevention of serious harm.
• Protection of public interest or national security.
• Achievement of a legitimate interest for SERA, that does not affect the rights and interests of the Data Subject

 

Disclosure of Personal Data:

• If you explicitly consent to the disclosure.
• If the personal data is collected from a publicly available source.
• If the disclosure request is from a public authority (for security purposes or to implement another law, or to satisfy legal requirements)
• if the disclosure is necessary to protect public health, public safety, or to protect the life or specific individuals' health.
• If the disclosure is limited to processing it later in a way that does not lead to identifying the data subject or anyone else specifically and does not conflict with the Personal Data Protection Law.

Consent to the Privacy Policy:

SERA processes personal data to provide services, ensure compliance with legal or regulatory obligations in the Kingdom, and fulfill its legitimate interests in delivering high-quality services.

By using this site and continuing to browse, you confirm your consent to the terms outlined in this privacy policy.

Access to Personal Data:

Your personal data will be processed by SERA under strict confidentiality and will only be accessed when necessary and by authorized and designated personnel.

Personal Data Retention and Destruction:

SERA will process and store your personal data in secure, encrypted systems hosted on SERA’s private servers. These systems are protected by advanced technologies in compliance with National Cybersecurity Authority policies and international standards to prevent data leakage or unauthorized access. These data will be destroyed once the purpose for which they were processed has been completed, in compliance with the provisions of the Personal Data Protection Law, and will not be used or processed for purposes other than those stated above.

Monitoring:

SERA may record and monitor your communications to ensure compliance with legal obligations and internal policies. This includes recording phone calls and written communications. SERA ensures that these calls and communications are stored in secure and encrypted systems to prevent information leakage or unauthorized access.

Data Subject Rights:

Under the provisions of the Personal Data Protection Law, the data subject has the following rights:

1. The right to be informed about the legal basis and the purpose of the Collection of the Personal Data.
2. The right to access the Personal Data held by the SERA, in accordance with the rules and procedures set out in the Regulations, and without prejudice to the provisions of Article (9) of the Law.
3. The right to request obtaining their Personal Data held by the SERA in a readable and clear format, in accordance with the controls and procedures specified by the Regulations.
4. The right to request correcting, completing, or updating their Personal Data.
5. The right to request the destruction of personal data when it is no longer needed, in accordance with Article (18) of the Personal Data Protection Law.

Data Security and Protection:

SERA ensures the protection of your data by applying preventive, technical, and organizational measures in accordance with the laws and regulations in the Kingdom. When contracting with external service providers, SERA ensures that they adhere to the same standards and controls followed by SERA.

Social Media:

SERA manages channels and accounts on social media platforms to communicate with the customers and provide the services. SERA monitors and records these operations to improve its services.

SERA encourages you to be cautious with your personal data and avoid sharing any sensitive personal information on social media, particularly the following:

• Confidential personal data, including financial status, bank account details, transactions, etc.
• Sensitive data related to racial or ethnic origin, religious, intellectual, or political beliefs, criminal, biometric, genetic, or health data.
• Inappropriate, offensive, or abusive data toward individuals.

SERA disclaims any responsibility for data published on these platforms, except for information published by its employees on its behalf.

Changes to the Privacy Policy:

SERA may update this policy periodically at its discretion and in accordance with the laws and regulations. You should regularly check for updates and review them.

Disclaimer:

This platform and services provided by the Saudi Electricity Regulatory Authority are available for your personal use. Your access and use of this site are subject to the terms outlined in the privacy notice and the laws of the Kingdom of Saudi Arabia. By accessing and benefiting from the services offered by SERA, you unconditionally agree to the terms of this notice. This consent is effective from your first use.

Relevant Legislation:

You can access the related policies and regulations referenced in this policy via the following links:

• Personal Data Protection Law
• National Data Management Office regulations.
• National Cybersecurity Authority regulations.
• Saudi Electricity Regulatory Authority laws and regulations

 

Contact Us:

If you have any questions or requests regarding the privacy policy or your personal data, please contact the Data Management Office at SERA at the following address:

Email: [DMO@sera.gov.sa]

You may also file complaints through the following channels:

• Call Center: Contact us by phone at [19944]
• SERA Website
• Email: [info@Sera.gov.sa]