LEGAL

Privacy Policy

This Privacy Policy outlines how King Khalid International Airport collects, uses, discloses, and safeguards your information to provide a safe and efficient travel experience.

 

1.Introduction

Riyadh Airports Company was established in 2016 as part of the privatization program for the aviation sector in the Kingdom of Saudi Arabia. The company manages and operates King Khalid International Airport in the capital city, Riyadh, while developing the airport's infrastructure and undertaking expansion projects for new services and facilities, in addition to existing facilities. Riyadh Airport is committed to working closely with partners and stakeholders at both local and global levels to ensure customer satisfaction with all services and products provided.

Riyadh Airports Company or "we" have formulated our privacy notice to ensure that you can clearly understand our data and security practices and policies while using the King Khalid International Airport website ("the Sites"). This privacy notice describes the types of information we collect, how we use the information, with whom we share it, and the choices you can make regarding the collection, use, and disclosure of your information.  

2. Definitions

Personal Data: Any statement - regardless of its source or form - that would lead to identifying an individual specifically or make it possible to identify them directly or indirectly, including: name, personal identification number, addresses, contact numbers, license and registration numbers, personal property, bank account and credit card numbers, still or moving images of the individual, and other data of a personal nature.

  1. Processing: Any operation performed on personal data by any means, whether manual or automated, including collection, recording, storage, indexing, arranging, coordination, storage, modification, updating, merging, retrieval, use, disclosure, transfer, publication, sharing of data or interconnection, blocking, erasure, or destruction.

  1. Collection: The controller obtaining personal data in accordance with the provisions of the regulation, whether directly from the data owner, their representative, their legal guardian, or from another party.

  1. Destruction: Any action that leads to the removal of personal data and makes it impossible to access or retrieve it again.

  1. Disclosure: Enabling any person - other than the controller - to obtain, use, or access personal data by any means and for any purpose.

  1. Personal Data Owner: The individual to whom the personal data relates, or their representative, or their legal guardian.

  1. Public Entity: Any ministry, department, public institution, public authority, or any independent public entity in the Kingdom, or any of its affiliated entities.

  1. Controller: Any public entity, and any natural or private legal person; that determines the purpose and means of processing personal data, whether they process the data themselves or through a processor.

  1. Processor: Any public entity, and any natural or private legal person; that processes personal data on behalf of and for the benefit of the controller.

  1. Data Owner: The natural person to whom the personal data relates, or their representative, or their legal guardian.

  1. Explicit Consent: Verbal or written consent that is explicit, specific, and given freely and unconditionally by the data owner, indicating their acceptance of the processing of personal data.

  1. Implied Consent: Consent that is not explicitly granted by the data owner, but is implicitly given through the person's actions, facts, and circumstances of the situation - such as signing contracts or agreeing to terms and conditions.

  1. Legal Basis: The legal basis or actual need - based on the tasks and competencies of the entity - to process personal data in a legal manner and within a framework of fairness and integrity.

  1. Third Parties: Any governmental entity or independent public legal entity in the Kingdom, and any natural or private legal person other than the data owner, controller, processor, and authorized persons, concerned with the processing of personal data.

  1. Personal Data Protection Officer: The person responsible for preparing and monitoring the implementation of policies and procedures related to the protection of personal data.

  1. Regulatory Authority: Any governmental entity or independent public legal entity that assumes regulatory or supervisory tasks and responsibilities for a specific sector in the Kingdom of Saudi Arabia based on a legal document.

3. Information We Collect

King Khalid International Airport ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our airport and use our services. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our services. 2. Information We Collect We may collect information about you in a variety of ways. The information we may collect on the airport premises includes:

Passenger & Visitor Data

    • Parking Services: license plate and payment details.
    • CCTV & Access Monitoring: Vehicle entry/exit is recorded via license plate recognition for security and operational efficiency.

 

Airport Services

    • Baggage Handling: Flight and passenger data are used to ensure accurate baggage sorting and delivery.
    • Transit Services: We collect flight details, names, preferences, and payment information to tailor your experience.

 

Wi-Fi & Website Usage

    • Wi-Fi Access: To provide secure internet access, we collect your MAC address, IP address, and basic identity details.
    • Cookies & Tracking: Our website uses cookies for functionality, analytics, and personalization. You may manage preferences via our cookie banner.
    • Chat & Feedback Forms: If you contact us via chat or forms, we store your inquiry and contact details to respond effectively.

 

Employee & Partner Data

    • Cards & ID Access: We collect name, date of birth, job role, and access zones for issuing airport IDs and managing secure access.
    • Training & Compliance: E-learning platforms may collect course progress and identity data for compliance tracking.
    • Contractual Engagements: For suppliers and partners, we store contact details and contractual data to fulfill obligations.

 

Surveillance & Security

    • Video Monitoring: Public and restricted areas of the airport are monitored via CCTV for safety and incident investigation.
    • Security Reports: Anonymous reports may be submitted. Personal data, if provided, is de-identified before further processing.

 

Marketing & Communication

    • Newsletters & Campaigns: Subscription requires your contact details and consent. You may opt out at any time.
    • Social media: Riyadh Airports Company operates official accounts on social media platforms. Data shared via these platforms is subject to their respective policies.

4. Data Collection Method

The information and notifications related to your activity that you provide when you visit our website or use our service, you can provide us with two types of information:

  1. Data that the personal data owner provides to the website through registration or use of the services provided by Riyadh Airports Company.

  1. Your personal data is collected indirectly through cookies that are collected when visiting the website (Cookies).

5. The Legal Basis

  • Contractual: Where do we use your personal data to execute a contract or take steps to enter a contract with you.

  • Legitimate Interest: Where we use your personal data to achieve our legitimate interests as a company (or those of any other party) and these interests outweigh any infringement on your data protection rights.

  • Consent: For other activities such as information, employment, competitions, and other services provided by Riyadh Airports Company.

  • Legal Obligation: Where we need to use your personal data to comply with relevant legal or regulatory obligations.

  • Public Interest: For processing that is carried out based on requests from public entities or for purposes of public interest, for example: awareness messages sent by entities of a legal nature such as government agencies, ministries, regulatory bodies, and others...

6. Purpose of Data Processing 

  Riyadh Airports Company may process your personal data for:

  • Service delivery and operational efficiency

  • Security and incident investigation

  • Compliance with legal and regulatory requirements

  • Customer service and communication

  • Improving airport services and user experience

7. Non-Interactive Usage-Related Information Collected

Our website and service use standard technology called cookies to collect information about how our website and service are used. This may include, but is not limited to, the date and time of visits, the pages of the website that were viewed, the amount of time spent on our website, and the recording of activities and sites visited immediately before and after our website. In addition, when visiting our websites, we may collect certain information by automated means, such as cookies and web beacons, as further detailed below. The information we may collect by automated means includes:

  • Information about the devices used by our visitors to access the Internet (such as IP address, device, browser, and operating system type).

  • The pages and URLs that refer visitors to our websites, as well as the pages and URLs that visitors leave to once, depart our websites.

  • Dates and times of visits to our websites.

  • Information about actions taken on our websites (such as page views, website navigation patterns, or application activity).

  • General geographic location (such as country and city) from which a visitor enters our websites.

  • Search terms used by visitors to reach our websites.

8. How We Use the Information We Collected

  • Create, manage, and maintain your account on the websites.

  • Provide you with the services you request.

  • Notify you regarding website activities (such as new job requests) based on notification preferences.

  • Respond to your questions and comments and provide customer support.

  • Operate, evaluate, and improve our business and the products and services we offer.

  • Analyze trends and statistics related to visitors' use of our websites, mobile applications, social media programs, and the jobs that are displayed or applied for on our websites.

  • Protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential intruders and other unauthorized users.

  • Notify you from time to time about relevant products and services managed by Riyadh Airports Company.

  • Enforce the terms of use of our websites.

  • Comply with the policies and requirements of the laws of the Kingdom of Saudi Arabia, including but not limited to the Saudi Personal Data Protection Law and (GDPR).

9. Data Retention

Your personal data is stored as long as necessary, in accordance with specified retention periods, for the purposes for which it was collected and to meet any legal or regulatory requirements or reporting.

10. Data Protection and Disclosure 

We take the protection of your data seriously and will use appropriate organizational and technical security measures to protect and safeguard your data - including internal and external audits, training employees and contractors on privacy, and reporting to our audit and data management steering committees and the regulatory authority - to protect your data from any unauthorized disclosure or processing.

Riyadh Airports Company always maintains the privacy and confidentiality of all personal data collected. This data may only be disclosed or shared when it complies with the law, is requested by law, or when we believe that such action is necessary or desirable to provide services or technical support and in accordance with the section on why we collect and use your personal data.

We will not use any of your personal data for commercial purposes or share it with any third party other than Riyadh Airports Company or governmental or semi-governmental entities and partner companies without your consent unless it is collected without identifiers on an aggregate basis for analytical purposes, studies, and reports while complying with personal data protection regulations in the Kingdom of Saudi Arabia.

Except in cases of extreme necessity to preserve the life, health, or vital interests of an individual, or to prevent, investigate, or treat infection, Riyadh Airports Company may not transfer personal data outside the Kingdom of Saudi Arabia or disclose it to a party outside the Kingdom of Saudi Arabia, unless it is in execution of an obligation under an agreement to which the Kingdom of Saudi Arabia is a party or to serve its interests.

Riyadh Airports Company will not disclose your personal data to external parties without your consent except under the following circumstances where the entity requesting disclosure is a public entity, and in this case, data will be shared in accordance with the controls and procedures stipulated in the personal data protection law in force in the Kingdom of Saudi Arabia:

  1. For security purposes.

  1. If such disclosure is required by relevant regulations or rules, or by order of a competent regulatory authority to protect public health or safety.

  1. To protect the life or health of an individual. 

11. Data Sharing and Transfers

We do not share personal data with third parties except:

  • With your consent

  • As required by law or to comply with regulatory obligations

  • With authorized service providers, provided that data privacy requirements are communicated and incorporated into their contracts.

12. Data Subject Rights

  • Right to be Informed.
  • Right to Access.
  • Right to Obtaining Personal Data.
  • Right to Correction.
  • Right to Request a Destruction.
  • Right to Object to Processing.
  • Right to Data Portability.
  • Right to Restriction of Processing.
  • Right to Withdraw Consent. 

Requests can be submitted to our Data Protection Office through the following form here. We retain data only as long as necessary for the stated purpose or as required by the law.

13. Contact Us

If you have any questions or requests regarding your personal data, please contact our Data Protection Office at:

Phone: +966 (11) 122-1000

Email: [email protected]

Address: Riyadh Airports Company, King Khalid Intenational Airport, Riyadh, Saudi Arabia.

We will investigate and attempt to resolve complaints and disputes and will make every effort to fulfil your wish to exercise your rights as soon as possible, in any case, within the timelines provided for in the applicable data protection laws.

14. Privacy Notice Update

To maintain the highest standards of service and protection, we may update this Privacy Notice as needed, including reflecting on legal changes. Updates will be posted here, so we recommend reviewing it periodically .

Last updated: 8th August 2025.