Aseer Development Authority was established by Royal Decree No. 27719, dated 10/06/1439 AH. The Authority is organizationally linked to the Council of Ministers in accordance with the provisions of Article 3 of the Regulation of Regional and Cities Development Authorities issued by Cabinet Resolution No. 475, dated 07/05/1439 AH.
Aseer Region Development Authority is concerned with achieving integrated regional development and ensuring effective coordination between development agencies to make Aseer a leading global tourist destination throughout the year.
The website DiscoverAseer.com is managed by Aseer Development Authority and serves as the official platform for showcasing the region’s tourism assets.
Contact Information
You can contact the Authority through:
Name of the relevant department/team: Data Management Office
Phone number: +966 17 238 9666
Email: [email protected]
Address: Abha, Aseer 62512
Date of last update
The privacy policy was last updated on 11/06/2025
What personal data is collected, how it is collected and what is its purpose
First/ Personal data collected and how it is collected:
Identity data: Full name, username or similar identifier, date of birth, gender, identification number (such as passport number, national identification number or residence number), and other specific identity data that might be needed.
Contact data: Spatial addresses, email address, and phone numbers.
Geospatial and geographical data: This means, but is not limited to, the time zone, such as the country of the data subject and the city in which he lives, and the longitude and latitude of the endowment assets, and any relevant and related data that might be needed.
Technical data: Include, but are not limited to - Internet Protocol (IP) address, beneficiaries' login data, browser type and settings, types and versions of browser add-ons, information collected through cookies when visiting the site (Cookies), operating system, operating platform, crash reports, system activity, request history URL and other related technologies used by beneficiaries to access the site, or through other official channels.
Secondly/ Purpose of collecting personal data:
The collection of personal data from users/beneficiaries through the Discover Aseer website or any other communication channel is intended for several regulatory purposes, including:
Dealing with complaints and inquiries regarding the transactions and services provided.
When submitting any external report to a third party on behalf of Discover Aseer or regarding any services provided to its stakeholders, the concealment of identities is ensured — without compromising the rights and interests of the personal data owner.
Regular and periodic updating of protection procedures and controls that meet or exceed standard criteria.
Strict procedures and measures to protect the security of information and technology it uses to prevent fraud and unauthorized entry into our systems.
Monitoring and detecting potential violations and abuses when using the website or any of the official means and channels affiliated with the Authority.
How do we disclose personal data?
We will not disclose any personal data to any other party for any purpose.
Or in the event of participation in the disclosure of any personal data with any other party, it will be dealt with in accordance with contractual obligations and the goal is to improve the service provided to beneficiaries, and it will be limited to the minimum.
Regulatory justification for collecting and processing personal data
Your data will be collected and processed in accordance with the Personal Data Protection Law in the Kingdom. The regulatory justification we rely on to process this data is:
Your explicit consent, and you can withdraw your consent at any time, provided that it does not affect the processing operations carried out based on other regulatory justifications. To do so, you can contact the data management office at the entity, as shown below.
If the processing is necessary to achieve the interest of the Authority by virtue of the Cabinet's decision to organize authorities and cities.
In the event that the processing achieves a specific interest for you, and it is impossible or difficult to contact you.
How do we store and destroy personal data?
Your personal data is stored securely within the Kingdom at the headquarters or with a cloud computing service provider. These servers are protected with the best technologies in accordance with the policies and controls of the National Cybersecurity Authority and international standards to ensure that there is no unauthorized access and to reduce cyber risks. Personal data is not retained unless it is necessary according to regulatory justifications. Secure destruction of personal data is ensured if the owner of the personal data requests it, and if the purpose for which it was collected no longer exists, or if it was learned that the personal data is being processed in an irregular manner, necessary measures will be taken as a result.
Rights of personal data owners
Under the Personal Data Protection Law, you have the following rights, which depend mainly on the purpose of collecting and processing personal data:
Right to know: The owner of the personal data has the right to know the methods of collecting personal data and the legal justification for collecting and processing it, how it is processed, stored and destroyed and to whom it will be disclosed. You can view all the details through the privacy policy or you can contact us on the data shown below.
Right to access personal data: The owner of the personal data has the right to access his data by submitting an access request, taking into account that the legal justification is either approval, the legitimate interest of the Authority, or the implementation of an agreement The personal data owner is a party to it, with emphasis on not harming the rights of others from exercising this right, such as intellectual property rights or trade secrets.
The right to request access to personal data: The personal data owner has the right to submit a request to access their data, taking into account that the legal justification is either approval, the legitimate interest of the Authority, or the implementation of an agreement to which the personal data owner is a party. The personal data is provided to its owner in a commonly used electronic format, provided that it is readable and clear. The personal data owner may be provided with a printed copy whenever possible. With emphasis on not harming the rights of others from exercising this right, such as intellectual property rights or trade secrets.
The right to request correction of personal data: The personal data owner has the right to request correction of their data that they deem incomplete, inaccurate, or incorrect, via e-mail. They will be notified via the same means within a period not exceeding 30 days from the date of the request. They also have the right to restrict the processing of their data for a period during which the accuracy of the data can be verified, provided that the restriction request does not conflict with the systems and regulations.
The right to request the destruction of personal data: The owner of personal data has the right to request the destruction of their personal data in specific circumstances, unless there is a regulatory text specifying the period of retention of personal data, or contractual requirements agreed to by the owner of personal data, provided that they do not negatively affect their rights or interests. The Authority automatically activates the right to destruction in the cases stipulated in the systems and regulations, such as its knowledge that personal data is being processed in a manner that violates the system.
The right to withdraw consent to the processing of personal data: The owner of personal data has the right to withdraw their consent to the processing and withdraw it at any time by notifying the Authority through the specified means of communication, including the Authority taking the necessary measures to stop the processing and request the destruction of personal data from those to whom it has been disclosed in advance.
Acceptance of the Privacy Policy
You acknowledge that you have read this policy and agree to all its terms and conditions. Your use of the site means your acceptance of this policy and the terms and conditions that govern it.
How to file a complaint or objection?
In case of complaints or inquiries related to the privacy policy or handling of personal data, contact the following email: [email protected]
If you are not satisfied with our handling of the complaint or if we do not respond within seven business days from the date of receipt of the complaint, you can submit a complaint to the competent authority, which is the Saudi Data and Artificial Intelligence Authority.
Address of the Saudi Data and Artificial Intelligence Authority
Kingdom of Saudi Arabia, Riyadh
Official website of the Authority: sdaia.gov.sa
National Data Governance Platform: dgp.sdaia.gov.sa
