KAUSTCentral Application

This privacy notice ("Notice") applies to current and former users of the KAUSTCentral application. The purpose of this Notice is to inform you of how we process your Personal Data. This Notice does not form part of any contract.

For the purpose of applicable data protection legislation, the entity which is responsible for your Personal Data is King Abdullah University of Science and Technology, Thuwal 23955-6900, Kingdom of Saudi Arabia ("KAUST", "we", "us", "our").

This Notice replaces and supersedes any previous notices addressing the same or similar issues, whether formal or informal. KAUST reserves the right to alter, amend, or replace this Notice in whole or in part. The latest version of this Notice can be found here. You should always check that you are referring to the latest version of this Notice if you have previously downloaded hard copies of this Notice.For a copy of a previous version of this privacy notice, please contact DPO@KAUST.edu.sa.

1. What Personal Data does the KAUSTCentral application collect?

Depending on how you interact with the application, the following types of Personal Data may be collected by the KAUSTCentral application


• Login Information: We collect some basic information when you log in to the KAUSTCentral application, including your user ID, the model of your mobile device, device ID, IP address, and access date.
  
• Information to Send a Notification: If you agree to receive notifications, the application sends a "Push notification" token from your device to the KAUSTCentral backend. The pair Device ID and Push Notification Token is stored so that we can send public and private notifications based on your interactions with the application.
  
• Information to Store Your Preferences: Some functionalities may provide you the option to define and save your preferences to facilitate future transactions, such as food delivery location, menu preferences, and favorite taxi pick-up and destination location.
  
• Food Orders: If you order food for delivery, the food you've ordered, order time, and delivery destination are captured and stored in KAUSTCentral.
  
• Taxi Requests: When you request a taxi, the application captures your trip starting point, destination, the time and date of your request, your preferred payment method and any other saved preferences (i.e., for a wheelchair).
  
• Gate Entry: When you update your QR code with a license plate number, KAUSTCentral stores your saved license plate number.
  
• Bus Bookings: When you book a seat on a shuttle bus, the application captures your booking details, including destination, departure date, time, number of passengers with you, whether you are booking for another person, whether the trip is one-way or round trip.
  
• Events: When you register for an event, the application captures your name, email, phone number, the event registered for, and your attendance at the event (via check-in with a QR code).
  
• Cinema Ticket Bookings: When you book a ticket for the cinema, the application captures the date, time, and movie selected; the number of tickets booked; successful or unsuccessful payment attempts (*KAUST Finance captures payment details); and attendance at the event (check-in with QR code).
  
• Golf Bookings: scheduled timeslot, number of players, email addresses, full names of members and membership numbers
  
• Profile Information: If you decide to create a profile, KAUSTCentral saves the information you include, whether your personal email, KAUST ID, and/or telephone number.
  
• Workplace information: : If you use My Workplace, a key is assigned to your KAUST ID, and office utilization patterns are recorded (i.e., time of opening your office door and usage of air conditioning, lights, and “energy savings mode”). In the event of a localized emergency, KAUSTCentral may temporarily process your office location to send you an emergency notification.
  
• Phone numbers and names: Phone numbers may be submitted to verify or report; reports of numbers affiliated with scam calls are recorded. For individuals with KAUST-issued phone numbers, your first and last name will appear in association with your phone number in the VerifyCaller function. With your consent, your contact information is accessed only to create the “VerifyCaller Unsafe” number list.
  
• Feedback: If you fill out and submit a feedback form, KAUSTCentral collects your feedback and, if provided, your email address.
  
• Requests for Support: When you contact the IT Helpdesk, ithelpdesk@kaust.edu.sa, for technical support, we store the content of your message(s) requesting help, your e-mail address, and your name.
  
As new features are added, other similar types of Personal Data may be collected to enable you to use those features and capture your preferences.


Please note: No payment information is collected or otherwise processed by the KAUSTCentral app.


2. What sensitive Personal Data is being collected?
   
   No sensitive data is collected by the KAUSTCentral app.
   
   
3. Where do we get your Personal Data?
   

   Most Personal Data is collected from the information you enter into the application, i.e., your preferences, your orders and/or requests for services, and your profile information. KAUSTCentral captures your login information when you log in. Individuals may report phone numbers connected to scam phone calls. KAUST maintains a database of phone numbers for individuals approved to access KAUST IT systems, which is used as the “Verified” list in the VerifyCaller function. Names associated with KAUST-issued phone numbers are obtained from you at the time of issuing the phone number. For any questions about your Personal Data collected by the application, please contact us at KAUSTCentral.support@kaust.edu.sa or DPO@kaust.edu.sa. . In cases of a localized emergency, KAUSTCentral may access your office location from a KAUST IT system. KAUSTCentral also logs when you scan your QR Code in connection with a bus booking, event registration, and cinema booking.
   

   
   
4. Why do we collect your Personal Data?
   
   The KAUSTCentral application processes your Personal Data to make it easy for you to access different events, services, retail, and food options in KAUST and to view information related to KAUST. Your Personal Data collected by KAUSTCentral will not be processed later in a manner inconsistent with this purpose, except as provided or required by law.
   
   
5. Do I need to provide all of the information requested?
   

   No, the application is designed to be "opt-in" to optimize your data privacy. Logging into the application, creating a profile, requesting notifications, and setting preferences are completely optional.

   Access to certain functionalities is restricted to authenticated users.
   

   
   
6. Why are we able to process your Personal Data?
   
   We may process your Personal Data with your consent.
   
   The processing of KAUST-obtained phone numbers and names associated with KAUST-issued phone numbers is based on a legitimate interest to support KAUST’s community in identifying and protecting against scam phone calls.
   The processing of office location data for localized emergency notifications is to protect public health and safety or the health and/or to protect the life and health of one or more individuals.
   
   
   
7. Does the processing involve profiling and/or any automated decision-making?
   
   No, KAUSTCentral does not rely on any automated decision-making or conduct any profiling in this process.
   
   
   
8. Who do we share your Personal Data with, and how do they process the Personal Data?
   

   We collect and share the following data with third party service providers registered at KAUST:

   • Food retailers: your order and contact details to prepare and deliver the food you request
   
   
   • Taxi service providers: your pick-up location and destination, contact information and preferences (i.e., if a wheelchair is required, the type of vehicle requested, etc...)
     
   
   
   • Bus service providers: your booking details, including destination, departure date, time, number of passengers with you, whether you are booking for another person, whether the trip is one-way or round trip
     
   
   
   • Cinema service provider: your ticket details, including the date, time, and movie selected; payment status; the number of tickets you booked; and attendance at the event (check-in with QR code)
     
   
   
   • Golf service provider: your email; scheduled timeslot; number of individuals golfing with you; and, if you are a member, your name and membership number
     
   
   
   • Key and access management service providers: your KAUST ID and virtual office key.
     
     
   • Communications, Space & Technology Commission: phone numbers you report in VerifyCaller that KAUST Information Security investigate and determine to be scammers are reported to the Communications, Space & Technology Commission.
     
     

   We do not share any Personal Data with any third parties for advertising or marketing purposes, and we never sell Personal Data to third parties. and
   

   
   
9. Where is my Personal Data stored?
   

   Personal Data will be stored in a variety of places – in the University's IT systems, including e-mail, and in the cloud on third-party servers that are located inside and outside the Kingdom of Saudi Arabia.

   In some scenarios, the KAUSTCentral application acts as a hub of communication to access a set of services and/or applications provided by third-party systems. Sometimes content is embedded in third-party applications and/or sites that KAUST does not control or operate. When you interact with these sites, you are not interacting with KAUSTCentral but instead the embedded service, and KAUST cannot guarantee which Personal Data will be collected and stored. As such, the Personal Data sent to these applications is not transmitted via the KAUSTCentral backend, not stored, and KAUST is not responsible for the privacy practices of these third parties. You should review their respective privacy policies before interacting with such content.

   
   
10. How do we protect your Personal Data?
    

    Any Personal Data collected will be viewed and stored with all reasonable care, and we implement a variety of security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way. For instance, all communication between the KAUSTCentral app, and the KAUSTCentral backend are encrypted using HTTPS. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your Personal Data will do so only in an authorized manner and are subject to a confidentiality agreement.

    For more information about the technical measures KAUST applies to protect your Personal Data, please see KAUST's Minimum Security Standard, Information Security Policy, and Data Classification Procedure.
    

    
    
11. How long do we keep your Personal Data?
    
    KAUSTCentral will retain your personal data for a maximum of three years, then securely destroy or anonymize your personal data. For active users, information required to maintain your account and preferences will continue to be retained while your account is active and then securely anonymized within 3 years after account deactivation.