������Ƶ

A Subject Access Request is your legal right to see what personal information an organization holds about you in Saudi Arabia. Under the Kingdom's Personal Data Protection Law (PDPL), you can ask any company, government agency, or organization to show you all the data they've collected and stored about you.

When you submit this request, the organization must respond within 30 days, showing you exactly what information they have, how they use it, and who they share it with. This tool helps protect your privacy rights and gives you control over your personal data, aligning with Saudi Arabia's Vision 2030 commitment to digital transparency.

Use a Subject Access Request when you need to understand what personal information Saudi organizations have collected about you. Common situations include applying for a new job and wanting to see your employment records, checking what health data hospitals maintain about you, or verifying the accuracy of your financial information with banks.

This tool becomes especially valuable when you spot incorrect information affecting your services, need documentation for legal proceedings, or want to ensure organizations comply with Saudi data protection laws. Many people submit these requests before major life events like moving abroad, changing jobs, or dealing with identity verification issues.

• Standard Personal Data Request: The basic form asking organizations to disclose all personal data they hold about you, including contact details, account information, and communication records.
• Health Records Request: A specialized version focusing on medical information held by Saudi healthcare providers, covering treatment history and health data.
• Employment Data Request: Targets workplace information, including performance reviews, payroll data, and HR records held by current or former employers.
• Financial Information Request: Used specifically for banking and financial institutions to reveal transaction histories, credit information, and account details.
• Security Clearance Data Request: A specialized format for requesting personal data held by government agencies or security organizations.

• Data Subjects: Any individual in Saudi Arabia can submit a Subject Access Request to view their personal information held by organizations.
• Data Protection Officers: Process and respond to requests, ensuring compliance with Saudi PDPL requirements and timelines.
• Legal Departments: Review requests, verify identities, and ensure proper disclosure of information while protecting confidential data.
• IT Teams: Locate and compile requested data from various systems and databases across the organization.
• Compliance Managers: Oversee the entire process, maintaining records and ensuring adherence to Saudi data protection regulations.

• Personal Details: Gather your full name, national ID number, and current contact information for proper identification.
• Organization Information: Identify the specific organization and department holding your data, including any relevant account numbers.
• Time Period: Specify the date range for which you're requesting information to ensure comprehensive coverage.
• Data Scope: List the types of personal information you're seeking (medical records, financial data, employment history).
• Identity Verification: Prepare copies of your ID and any proof of address required under Saudi PDPL guidelines.
• Request Format: Our platform generates compliant Subject Access Request templates, ensuring all mandatory elements are included.

• Requester Details: Full legal name, contact information, and Saudi national ID or residency permit number.
• Request Scope: Clear description of the specific personal data being requested and relevant time periods.
• Legal Authority: Reference to Saudi Personal Data Protection Law (PDPL) rights and obligations.
• Response Timeline: Statement requesting response within the 30-day legal requirement.
• Identity Verification: Enclosed proof of identity meeting PDPL standards.
• Data Format: Preferred method of receiving the information (digital or physical copy).
• Privacy Statement: Confirmation that the request is for personal use under Saudi privacy laws.

A Subject Access Request differs significantly from an Access Agreement. While both deal with access rights, they serve distinct purposes under Saudi law.

• Legal Purpose: Subject Access Requests are individual rights-based tools under the PDPL to view your personal data, while Access Agreements are contractual documents governing broader access permissions to facilities, systems, or resources.
• Time Frame: Subject Access Requests require a response within 30 days by law, whereas Access Agreements typically establish ongoing terms and conditions for sustained access.
• Enforcement Mechanism: Subject Access Requests are backed by data protection regulations with specific penalties for non-compliance, while Access Agreements rely on standard contract law for enforcement.
• Party Relationship: Subject Access Requests represent a one-way right to information, while Access Agreements create mutual obligations between parties sharing or controlling access to specific assets.