Menu
Top

​Single-Day Visits for Employees of Approved Partners


  1. What Personal Data are we processing?

    For single-day visits for employees of approved partners, we may collect and/or process the following Personal Data for your profile in our visitor management system: your first and last name; date of birth; nationality; government-issued ID number, type, and a copy of that ID; a copy of your driver’s license; your mobile number; email address; dependent information and IDs; emergency contact details; and your vehicle's model, make, license number, registration, and insurance. This profile, once created, will allow you to make future visit requests.

    For a specific visit request, we additionally request you to fill out your name, the date of your visit and your contact details.


  2. What sensitive Personal Data is being collected?

    No sensitive data is being collected. We may collect Personal Data about children visitors over the age of 12. You are not required to provide information about children below the age of 12 who are accompanying you on a visit to KAUST. Children are considered a vulnerable category under data protection laws.


  3. Where do we get your Personal Data?

    We collect new information about you and, when applicable, your dependents when you create or update your profile in the visitor management system. KAUST may also have basic information about you provided by your company to facilitate gate access processes.


  4. Why do we process your Personal Data?

    We process your Personal Data to approve your visit to KAUST and to provide you with access through the gate. We will use the phone number and email provided in your visit request to text and email you notifications about applicable KAUST policies and procedures and entry and exit information. Your Personal Data will not be processed later in a manner inconsistent with this purpose, except as provided or required by law.


  5. Do I need to provide all the information requested?

    Mandatory fields for your visitor profile and visit request are marked with an asterisk. No registration is required for children under the age of 12.


  6. Why are we able to process your Personal Data?

    We rely on your consent to process your Personal Data for the purpose of visiting KAUST. Under the GDPR, KAUST has a legitimate interest to process Personal Data related to its visitors to ensure the security of its community and its facilities.


  7. Does the processing involve profiling and/or any automated decision-making?

    No, KAUST does not rely on any automated decision-making or conduct any profiling in this process.


  8. Who do we share your Personal Data with, and how do they process the Personal Data?

    Your Personal Data is not shared outside of KAUST, and it is never sold. Only the Visitor Center has access to the profile you create or update on its visitor management system.


  9. How do we protect your Personal Data?

    Your Personal Data will be held strictly confidential. All KAUST employees are required to sign and comply with KAUST's Confidentiality Agreement, which requires handling confidential information with the highest diligence and carefulness, in compliance with data privacy laws, and prohibits disclosure beyond a strict need to know.

    KAUST protects your Personal Data with its firewall and with encryption in transit and at rest in its systems and applications. Any Personal Data received over email will be stored with strict access-controls and password protection. For more information about the technical measures KAUST applies to protect your Personal Data, please see KAUST's Minimum Security Standard, Information Security Policy, and Data Classification Procedure.


  10. How long do we keep your Personal Data?

    Your Personal Data is retained in accordance with the retention periods listed below and then securely destroyed or anonymized.

    • Visit request application & visitor profile: 5 years after the end date of the visit
    • Entrance and exit logs, final checkout, and notification logs: 5 years after entry creation
    • License plate capture: 1 year from date of record
    • CCTV footage: 90 days unless required to investigate an incident.