A government website registered with the Government of the Kingdom of Saudi Arabia
Links to official Saudi websites end with gov.sa

All links to official websites of government agencies in the Kingdom of Saudi Arabia end with .gov.sa

Government websites use the HTTPS protocol for encryption and security.

Secure websites in the Kingdom of Saudi Arabia use the HTTPS protocol for encryption.

Registered on Digital Government Authority:

20250408661
Contact Us
Voice Commands
Font Size
Greyscale Mode
Search AI

Suggestions

Privacy Policy

Overview

Introduction

Following the Council of Ministers, Zakat, Tax and Customs Authority ("ZATCA") is the groundbreaking, which the council has made the decision to integrate "General Authority of Zakat & Tax" and "Saudi Customs" in one establishment; working on the collection of Zakat, Tax, and Customs duties, and achieving the highest levels of compliance by those obligated, in accordance with the best practices, and high efficiency, enabling the kingdom to be a global logistical center by facilitating commerce, protecting national security, and organizing all activities related to customs work and customs ports and administration in order to ensure it reaches the highest levels of efficiency, production, and competitiveness; through providing the highest quality of services that focuses on and serves the customer based on the best practices.

ZATCA is keen on the privacy and confidentiality of the personal data of the website users ("the website") and the digital platforms and smartphone applications associated with it and dedicated to provide ZATCA's services. Placing it at the top of its priorities in accordance with the regulations stipulated in the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 9/2/1443 AH and its implementing regulations ("the Law"). This privacy policy aims to inform you of the general rules regarding the processing of personal data, your rights as a data owner, the mechanism for practicing your rights, the personal data collected, the methods of collecting this data, the purposes for which your personal data is used, as well as the legal justifications for collecting and processing your personal data.

ZATCA does not collect your personal data when you visit the website and digital platforms unless you are aware of and choose to provide this data to ZATCA. ZATCA uses your personal data to achieve the purpose of its processing, such as obtaining information or providing services according to ZATCA activities. By using ZATCA's website, platforms, and applications associated with it, you acknowledge that you have read and agree to the privacy policy and any continuous adjustments made to it as needed and according to the nature of the work.

ZATCA takes appropriate and suitable measures and procedures to securely maintain the personal data it possesses, ensuring its protection from loss, unauthorized access, misuse, unauthorized adjustments, and unauthorized disclosure. Among the most important measures implemented by ZATCA – for example, but not limited to:

  • The strict procedures and measures to protect information security and technology that we use to prevent fraud and unauthorized access to our systems.
  • Regular and periodic updates of protection procedures and regulations according to the best standard criteria.
  • Training and educating employees on respecting the confidentiality of personal data.
  • Collect the minimum amount of personal data that serves its purpose.
  • Implementing a high level of data protection in accordance with the requirements of the National Cybersecurity Authority, including data encryption and protection against leakage, loss, misuse, or any unauthorized access or adjustments.

Last update on privacy policy on the date 29/01/2025 G. Visitors to the website and beneficiaries of ZATCA's services must continuously review the privacy and confidentiality principles and terms to be aware of any updates made to them. It should be noted that the management of the website, platforms, and applications associated with it is not required to announce any updates made to these terms and principles.

ZATCA is not responsible under any circumstances for any direct, indirect, incidental, consequential, special, or exceptional damages arising from the use or inability to use the website and its associated platforms and applications. This privacy policy is an integral part of the terms and conditions for using the website and all its associated platforms and applications, as well as the direct services available on the website.

Definitions
Personal Data:

Any statement - regardless of its source or form - that can lead to the identification of an individual specifically or make it possible to identify them directly or indirectly, including: name, ID number, addresses, contact numbers, license and registration numbers, personal property numbers, bank account and credit card numbers, still or moving images of the individual, and other personal data.

Data Owner:

The individual to whom the personal data relates.

Legal Basis:

The legal basis on which ZATCA relies in its activities that require the collection and processing of personal data.

Data Processing:

Any operation performed on data by any means, whether manual or automated, including: collection, recording, saving, indexing, arranging, coordinating, storing, adjustments, updating, merging, retrieving, using, disclosing, transferring, publishing, data sharing or interlinking, blocking, deleting, and destroying.

Purpose & Legal Justifications

ZATCA's need to collect, process, and store personal data is a continuous necessity to carry out its operations and obligations as stipulated in its regulations issued by Council of Ministers No. (570) dated 22/09/1442 AH, including the collection of zakat, taxes, and customs duties, and achieving the highest levels of compliance by those obligated to fulfill their duties according to the relevant regulations and legislation.

Accordingly, the data obtained by ZATCA in accordance with the nature of its work is considered ZATCA's proprietary data for the implementation of regulations and legislation related to ZATCA's work and enabling other government entities in the Kingdom of Saudi Arabia to provide government services related to ZATCA's work. This necessitates that ZATCA store, process, and use the data according to its legally given powers without a time limit or providing the data owner the option to withdraw their approval for data processing.

ZATCA collects and uses personal data for several purposes in accordance with the relevant regulations and laws, including but not limited to:

  • Providing zakat collection services, tax collection, customs duties, and all other services related to ZATCA's activities.
  • Sending notifications, messages, and awareness materials to the taxpayer individuals and all stakeholders benefiting from the ZATCA's services.
  • Management, development, and improvement of the services available to the taxpayer individuals and all stakeholders benefiting from ZATCA's services.
  • Responding to requests, inquiries, or complaints.
  • For research and analysis purposes.
  • Monitoring and detecting violations of the conditions of use, as well as other potential abuses when using the website.
  • Improving the website's performance and the security of its software, systems, and network.
  • User identity authentication when logging in.
Legal Justifications

Based on personal data protection system and its implementing regulations, the fundamental legal justifications on which ZATCA depend on for processing your personal data is:

  • Consent of personal data owner.
  • Labor law issued by royal decree No. (51) dated 23/08/1426 H.
  • Social security law issued by royal decree No. (33) dated 03/09/1421 H.
  • Social security law issued by royal decree No. (273) dated 26/12/1445 H.
  • VAT law issued by royal decree No. (113) dated 02/11/1438 H.
  • Common customs law for the Arab States of the Gulf issued by royal decree No. (41) dated 03/11/1423 H.
  • Civil service law issued by royal decree No. (49) dated 10/07/1397 H.
  • Zakat collection issued by royal decree No. (17/2/28/8634) dated 29/06/1370 H.

In addition to the legal justifications below:

  • Achieving the public interest without conflicting with the rights of personal data owners.
  • Fulfilling the legal or regulatory requirements.
  • Implementing an obligation in which the data owner was a party.
  • Protecting vital and realized interests or preventing vital damages.
  • Protecting public health or national security.

ZATCA may process personal data for additional purposes other than those for which it was collected, whenever necessary and in accordance with the law's regulations.

Data & Rights

Data Collected & Disclosure

ZATCA collects personal data from website visitors and users of its services, platforms, and associated applications directly or indirectly, which include the following:

1. As soon as you visit ZATCA's website, ZATCA's server records the user's Internet Protocol (IP) address, the date and time of the visit, and the URL of any website that referred you to the website. Most websites, once visited, place a small file on the visitor's hard drive (browser), and this file is called "cookies." Cookies are text files, and these text files contain information that allows the website that deposited them to retrieve it when needed during the user's next visit to the website. Among the stored information are:

  • Username and password may be remembered if that option is available on the website.
  • Save the page settings if available on the website.
  • Saving the colors selected by the user if that option is available on the website.

2. The personal data you provide to ZATCA, required when benefiting from services such as registration on ZATCA's platforms and associated applications, or when creating your user profile, or when applying for a job or training, including but not limited to: name, ID number, address, contact numbers, email, academic qualifications, license and registration numbers, personal property numbers, bank account and credit card numbers, still or moving images of the individual, and other personal data.

3. Personal data and information exchanged through ZATCA's communication with service beneficiaries, such as requests for customer support services, inquiries, feedback, and complaints received from you.

4. The personal data that ZATCA receives from other sources, for example, government entities and any other entities that may provide ZATCA with your personal data necessary to provide ZATCA's services or to meet any security or criminal requirements.

By providing your data and personal information through ZATCA's website and all electronic platforms and applications associated with ZATCA, you fully agree to storing, processing, and using that data by ZATCA and government entities in the Kingdom of Saudi Arabia. You are solely responsible for the completeness, accuracy, and truthfulness of the data you submit via ZATCA's website or its associated platforms and applications.

Disclosure of Personal Data

ZATCA has the right to disclose personal data collected directly or indirectly to the following entities:

  • To other public entities for the purposes of public interest, security purposes, implementing another system, fulfilling judicial requirements, protecting public health, public safety, protecting the life of an individual or specific individual, or protecting their health.
  • To the data processing entities of ZATCA, in order to achieve a legitimate interest of ZATCA without disrupting the rights of the data owner or conflicting with their interests.
  • To any entities inside or outside the Kingdom of Saudi Arabia, in the implementation of any local or international agreements that serve any legitimate interest of ZATCA or any public interest without violating the system's regulations.
Retaining Personal Data

ZATCA securely stores your personal data either at its headquarters within the Kingdom of Saudi Arabia or through secure solutions in cloud computing services. The data is retained indefinitely, as stated in item two of this policy.

Your Rights

ZATCA provides the necessary care and efforts to provide high-quality services to all personal data owners, ensuring their rights as stipulated in the regulations, which are:

  • The right to be informed: This includes your knowledge of the legal justifications and the regulatory basis or the actual need for collecting your personal data. This privacy policy has been prepared to inform you and ensure your awareness of all your rights, controls, and the purposes for which your personal data is collected.
  • The right to access your personal data: This includes reviewing it and obtaining a copy in a readable and clear format, in accordance with ZATCA's powers to restrict access or set a specific period to practice this right.
  • The right to request the correction, completion, or update of your personal data with ZATCA, in accordance with the regulations of this right in the system.
  • The right to delete your personal data: The data owner has the right to request ZATCA to delete their personal data in accordance with the provisions of the system. ZATCA will make the appropriate decision after reviewing the request, and if the request is rejected, it will be based on one of the following reasons: Compliance with a legal obligation, Protecting archival goods that serve the public interest, Personal data related to financial or legal claims.
  • The right to withdraw the approval for the processing of your personal data: The data owner can practice this right in accordance with the regulations and in a manner that does not conflict with ZATCA's rules and regulations and does not hinder the implementation of ZATCA's procedures.
  • The right to file a complaint based on applying provisions regulations to the entity.
  • The right to request compensation for material and mental damage, If there were harm caused off of any violations provided for law and implementing regulations.
  • Except as provided by law, the data owner will not be required to pay any fees to practice these rights. If a request to practice any of these rights is submitted, the data subject will be responded to within thirty working days from receiving the request.

For more details on the processing of your personal data and how to practice your rights, you can contact the Personal Data Protection Officer at ZATCA using the contact information provided in this policy.

Disclaimer

The website and services provided by ZATCA are available for your personal use, and your access to and use of these services are subject to the items stipulated in the privacy policy and the regulations of the Kingdom of Saudi Arabia. Your access to and use of these services and the website also constitutes your unconditional agreement to the items of this policy. This approval is effective from the date of your first use.

Links to Other Websites

The website, platforms, and applications associated with ZATCA may occasionally contain links to and from other websites that may not be associated with ZATCA. If you follow any of these links to access these websites, you must review the privacy policies of those websites that are accessed through any link. ZATCA is not, in any case, responsible for the methods of collecting, processing, and protecting personal data by those websites.

Potential Effects and Risks

In case of not completing personal data collection procedure, the user of ZATCA website, platforms, and apps will not be able to benefit of the provided services, providing personal data is considered to be necessary to ensure a complete and effective experience.

Contact Us

In accordance with the regulations and without conflicting with ZATCA's rules and regulations, we welcome all requests, inquiries, questions, and complaints regarding the privacy policy or the rights of data owners by contact information provided below:

Name of establishment: Zakat, Tax, and Customs Authority

Address: Riyadh – Al-Mughrizat

Data Protection and Privacy Department

Email address: Privacy-Gma@zatca.gov.sa

If you are not satisfied about our handling the complaint or not responding within thirty working days, you can file a complaint for "SDAIA" (The Saudi Data and AI Authority).

Related Systems and Policies

ZATCA has issued this privacy policy in compliance with the Personal Data Protection Law, its implementing regulations, and the policies and controls issued by the National Data Management Office, as well as the relevant regulations in force in the Kingdom of Saudi Arabia. You can visit one of the following links for more information:

The Saudi Data and AI Authority:

Saudi Arabia, Riyadh. Website: sdaia.gov.sa

National Data Governance Platform: dgp.sdaia.gov.sa

add-comment-icon
Comments and Suggestions

For any inquiries or notes about authority services or current page, please fill in the required information.

Add a comment

Last Update: 09 Jun 2026 11:09 PM Saudi Arabia Time

0  visitors said yes from  0  feedbacks

Was this page useful?

Yes No

All rights reserved 2026 © ZATCA.GOV.SA

Developed and Maintained by Zakat, Tax and Customs Authority

Last update for site was

Ai-Logo Vision 2030 هيئة الزكاة والضريبة والجمارك
cookie-icon
Cookies
Use of Cookies by this site is just to guarantee Ease of Access and better user experience while browsing. Continuation of your browsing acknowledges your approval for Terms and Conditions of this site and its use of Cookies.
Privacy Policy