Privacy Policy
Welcome to the MBC’s official website that is operated and maintained by MBC Media KSA LLC (MBC). MBC serves users in many different countries. The digital applications, competitions and other digital properties and online services (Services) are operated and maintained by different affiliates in each jurisdiction (we, us, our).
By accessing or using MBC’s services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.
Contact Details
Responsible Department:
Data Governance Team
Address:
Building Number 3237, Al Assafarat District 6501 - Samhah Street Postal Code 12511 – Riyadh, Saudi Arabia.
Phone Number:
+966 11 2684444
Email:
DataProtection@mbc.net
License or Commercial Register:
1010699548
Date of Last Update
The Privacy Policy was last updated on 10th September, 2024.
1. What is the purpose of this Privacy Notice?
This Privacy Notice informs you about MBC’s commitment to safeguarding your personal data in compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), the EU’s General Data Protection Regulation (GDPR), and other relevant laws. MBC is aware of the importance of privacy and protection of personal data in the digital era and is therefore dedicated to ensuring the protection of your personal data when browsing or using our services, websites, and social media platforms.
This Privacy Notice applies to all personal data collected and processed by MBC, covering customers, clients, shareholders, and third-party partners across all our business entities and digital or physical interactions. It ensures transparency about how personal data is collected, used, shared, and protected within MBC's operations. Furthermore, it complies with the PDPL, enacted by Royal Decree No. (M/19) issued on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
2. Who is the Controller of your Personal Data?
MBC Media KSA LLC, headquartered in Saudi Arabia, is the legal entity responsible for collecting, using, and safeguarding your personal data. As the data controller, we define the purposes and methods for processing your personal data.
3. What Personal Data do we collect about you?
MBC collects personal data in both electronic/digital and physical formats, depending on your interaction with us. This may include:
A. Customer Data:
• Identity Data: First name, last name, date of birth, gender, email addresses, telephone numbers, and other identifiers that can directly or indirectly identify an individual. For children under the age of 18, any collection or processing of personal data will only occur with explicit consent from their parent or legal guardian.
• Financial Data: Payment records, billing information, bank account numbers, IBANs, payment methods, and transaction data.
• Digital Data: Metadata, online identifiers such as IP addresses, cookie identifiers, and data from mobile devices specifically for MBC mobile gaming initiatives, and internet protocol addresses collected via website visits and app usage.
• Location Data: Geographical information derived from user devices, utilized to offer location-specific services and content.
• Marketing and Communication Data: Preferences for receiving marketing materials, interactions with campaigns, and consent records.
• Views and Opinions: Any views and opinions that users choose to send to MBC or publicly post about the MBC on social media platforms.
• Call Recordings: Voice recordings of calls for customer service improvement.
B. Social Media User Data:
• Identity Information: Name, surname, age, gender, profile picture, interests, your friend list/connections/followers etc., and other publicly available information, if you have published all this information on your social media profile or posted it on one of our social media platforms.
• Contact Details: Email, telephone number.
• Location Data: country of residence, city of residence.
• Engagement and Communication Data: User interactions including comments, likes, shares, and direct messages to analyse engagement levels.
• Digital Data: Online identifiers and metadata collected via social media tools.
• Cookies and Similar Technologies: We collect personal data concerning you through your use of these social media platforms and through the use of cookies and similar technologies, such as metadata, online identifiers, such as internet protocol addresses and cookies collected via the social media tools.
• Information Collected with your Consent: You may choose to provide us with additional personal information to obtain a better user experience when interacting with our Social Media Platforms, or in order to participate in some of our promotional events, giveaways, or similar. This additional information will be processed based on your consent, only for the above-mentioned purposes.
• Views and Opinions: any views and opinions or other information that you choose to provide to us, or publicly post about us on social media platforms, including, but not limited to, your comments and/or likes to our posts and pictures or direct messages you send to us via our social media platforms.
C. Additional Categories:
• Talent Data: Contact information, contract details, performance records, and audition tapes of individuals involved in productions.
• Guest Information: Data collected from visitors to office premises, including names, contact information, visit dates, and purposes of visits.
• Investor and Shareholder Data: Information about individual and institutional investors, including contact details, investment history, and shareholder information.
• Job Applicants and Candidate Data: Contact information, employment history, educational qualifications, and performance records of individuals applying for positions.
• Student Data: Educational records, grades, coursework submissions, and other data related to students at MBC Academy or from any other part of the MBC.
• Vendor Data: Includes contact details, company information, bank details, and transaction histories necessary for procurement and payment processes.
• Video and Audio Recordings: Includes CCTV footage, production recordings, interviews, and other media content.
• Backup Data: Backups of databases containing personal data for disaster recovery purposes.
Methods of Data Collection
MBC ensures that all personal data is collected accurately and in compliance with applicable laws, such as the PDPL and GDPR. We employ the following methods to gather personal data:
• Direct Collection: We collect personal data directly from you when you provide it via account creation, subscriptions, purchases, surveys, competitions, or direct communication with us through email, telephone, or other communication channels.
• Automated Technologies: We utilize automated technologies, including cookies, web beacons, and other tracking methods, to collect personal data automatically when you visit our websites, use our apps, or engage with our digital services. This includes the use of cookies and similar tools to gather metadata, online identifiers such as IP addresses, and cookie identifiers. These technologies help us understand your behavior across our platforms, enhance your user experience, and support specific functionalities, such as MBC mobile gaming. By tracking how you interact with our web and app interfaces, we can tailor and optimize our service delivery to better meet your needs and preferences.
• Third-Party Sources: We collect personal data from third-party partners, vendors, social media platforms, or public sources, including demographic information, online identifiers, and contact details. Additionally, data is gathered from your interactions with third-party content or ads on our websites and apps, using cookies or tracking technologies from our advertising partners.
• Partners and Vendors: We may receive personal data from our third-party service providers and vendors as part of our contractual agreements and business relationships.
• Partnerships and Integrations: We also collect data through partnerships and integrations, reflecting the interconnected nature of digital platforms.
• Public Sources: Data is collected from publicly available sources such as social media profiles and public databases.
• Engagement Data: We collect data related to user engagement through interactive services and social media platforms.
• Surveys and Feedback Forms: Data is collected through surveys, feedback forms, and questionnaires distributed to gather opinions, preferences, and experiences.
4. How do we use your Personal Data?
MBC processes your personal data for specific purposes, aligned with our operational, regulatory, and strategic objectives. These include:
• Service Operation and Enhancement: To provide services, manage user accounts, process payments, and enhance customer support. This includes improving our services and personalizing content based on your preferences and online behaviors, such as using data from web browsing and app usage to better understand user preferences and personalize interactions accordingly.
• To allow you to share Information: To enable full advantage of sharing features we offer, such as participation in viewer forums and discussion boards, engagement with 2nd screen co-viewing apps; allow you to create a publicly visible MBC Profile, which may – if you choose - include your name and photo; combine Personal Data from one service with information from other MBC Services to make sharing with people you know easier.
• Marketing and Communications: To send you marketing communications, promotional offers, and event information based on your preferences and consent. We use this data to personalize advertising, track engagement with campaigns, and perform market research.
• Financial and Transactional Processing: For processing payments, managing billing, and ensuring the smooth operation of financial transactions.
• Security and Fraud Prevention: To secure our platforms, prevent fraud, protect our sellers’, or your rights or property, and comply with applicable laws and regulations, such as anti-money laundering, tax regulations, and contractual obligations.
• Legal and Regulatory Compliance: To comply with applicable laws and regulations, such as anti-money laundering, tax regulations, and contractual obligations.
• Analytics and Insights: To analyze your interactions with our websites, apps, and services. This helps us understand user behavior, improve service functionality, and make data-driven decisions for future enhancements.
• Customer Support: To respond to inquiries, provide technical assistance, and address any issues related to your interaction with MBC, ensuring a seamless customer experience.
• Location-Based Services: To offer location-specific services and content based on your geographic location data.
• Content Production and Talent Management: For individuals involved in productions, we use your personal data to manage contracts, performance, and other operational activities related to the creation of media content.
• Visitor Management: For managing guest visits to MBC premises, ensuring safety, and maintaining visitor records for internal security purposes.
• Events Management: For managing your participation in events such as promotional activities, conferences, and media events. This includes collecting and processing data necessary for event registration, participation tracking, and post-event analysis.
• Research and Development: To improve existing services and develop new offerings, keeping pace with technological advancements and market expectations. This includes collecting data to analyze market trends and user feedback.
• Business Development: To support business development activities such as corporate transactions, including mergers, acquisitions, or business restructuring, and to explore potential partnerships or investments.
• Public and Vital Interests: To perform tasks in the public interest or protect the vital interests of individuals as required by law.
Change of purpose of processing
Please be informed that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In certain cases, we may process your personal data without your knowledge or consent, where this is required or permitted by law.
5. What is the Legal Bases for Processing your Data
MBC processes your personal data based on the following legal grounds:
• Contractual Necessity: Data processing is essential to fulfill a contract or take steps at your request, such as processing payments or providing services.
• Legal Obligations: We process personal data to comply with legal and regulatory requirements, such as fulfilling tax obligations, adhering to labor laws, financial regulations, or for the purposes of legal claims.
• Legitimate Interests: We process personal data for legitimate business interests such as improving our services, ensuring security, marketing, supporting business development, and performing analytics. We balance these interests with your rights and freedoms.
• Consent: In certain instances, we rely on your explicit consent, such as when we collect data for personalized marketing or use cookies for online tracking. You have the right to withdraw your consent at any time.
• Vital Interests: We may process your personal data to protect your vital interests or those of another person in cases of emergency or where your health and safety are at risk.
• Public Interest: Data may be processed to fulfill tasks carried out in the public interest, such as complying with government regulations.
6. How do we protect your Personal Data?
MBC employs a combination of technical and organizational measures to ensure the security and confidentiality of your personal data.
Technical Measures
• Encryption: Personal data is encrypted both in transit and at rest to prevent unauthorized access.
• Data Loss Prevention (DLP): DLP systems are in place to monitor and prevent unauthorized data transfers.
• Access Control: We use role-based access control to restrict access to personal data, ensuring that only authorized personnel can access sensitive information.
• Password Management: Strong password policies and password scanning tools are enforced across all systems.
• Network Security: Firewalls, intrusion detection systems, and regular network assessments are used to protect our infrastructure from external threats.
• Endpoint Protection: Devices such as computers and mobile devices are secured with antivirus software and regular security patches.
• Secure File Sharing: Confidential files are encrypted and shared through secure, authorized channels.
• Vulnerability Assessment and Cloud Security Layers: We conduct regular vulnerability assessments to identify and address security vulnerabilities in systems that contain sensitive data, including those hosted in the cloud. This is part of our overall strategy to strengthen the security of our systems and endpoints against emerging threats.
Organizational Measures
• Access Management: Strict access controls are enforced, ensuring that only those with the necessary roles can access personal data.
• Vendor Management: Third-party vendors are required to adhere to our data protection standards through legally binding agreements and regular audits.
• Physical Security: Sensitive areas, such as data centers, are protected by restricted access, biometrics, and CCTV monitoring.
• Employee Training: Regular data protection training is provided to all employees to maintain awareness and compliance with security policies.
• Data Breach Response: We have an established incident response plan to manage any data breaches, including immediate containment, investigation, and notification of affected parties and regulatory authorities when required.
• Audits and Reviews: Regular internal and external audits are conducted to assess compliance with security standards and implement improvements where necessary.
7. Who do we share your Personal Data with?
MBC may share your personal data with third parties under certain circumstances, ensuring compliance with data protection regulations. These recipients include:
• Service Providers: Third-party vendors who provide services on our behalf, such as payment processors, cloud storage providers, IT support, and customer service platforms.
• Business Partners and Affiliates: MBC affiliates, subsidiaries, and business partners who help us deliver our services and enhance your experience.
• Professional Advisors: Legal consultants, auditors, and other professional advisors who assist us in managing our business operations, ensuring legal compliance, and conducting transactions.
• Marketing and Advertising Partners: Third-party companies that help us deliver personalized marketing and advertising, track engagement, and analyze campaign performance.
• Media and Production Partners: For talent and content production, personal data may be shared with production companies, casting agents, and other media entities involved in projects.
• Regulatory and Legal Authorities: Government bodies, regulators, or law enforcement agencies when required by law, such as for compliance with legal obligations or in response to legal claims.
• Investors and Shareholders: In cases of mergers, acquisitions, or restructuring, we may share personal data with potential or actual investors and shareholders as part of business evaluations or transactions.
Third-Party Transfers
MBC may transfer your personal data to third parties for processing outside of MBC, provided that these third parties meet our data protection standards and legal requirements.
• Data Processors: We engage with data processors who handle personal data on our behalf under strict contractual obligations to ensure the data’s security and confidentiality.
• Sub-processors: In some cases, data processors may engage sub-processors. MBC ensures that all sub-processors uphold the same level of data protection.
International Transfers
In some instances, MBC may transfer your personal data to countries outside the Kingdom of Saudi Arabia or the European Union. These transfers are made only when necessary and in compliance with applicable data protection laws:
• Adequacy Decisions: Where personal data is transferred to countries that have been deemed by relevant authorities to provide an adequate level of data protection.
• Standard Contractual Clauses: When transferring data to countries without an adequacy decision, MBC ensures protection by using standard contractual clauses approved by relevant data protection authorities.
• Transfer Impact Assessments (TIAs): MBC may conduct assessments to evaluate risks associated with international transfers and implement measures to mitigate these risks.
• Binding Corporate Rules (BCRs): For intra-group international data transfers, MBC relies on Binding Corporate Rules (BCRs) to ensure that data is processed in compliance with the highest data protection standards across all MBC entities.
8. How long will your Personal Data be retained by us?
MBC retains your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by law. The retention period may vary depending on the type of data and the purposes for which it is processed. Below are the key factors determining the retention period:
1. Purpose of Data Collection: Personal data is retained for the duration necessary to provide our services, manage our relationship with you, fulfil legal obligations, and improve our operations.
2. Legal and Regulatory Requirements: Certain data may be retained for specific periods to comply with legal or regulatory requirements, such as financial reporting, tax obligations, or compliance with labor and employment laws.
3. Business Needs: Data may be retained for longer periods if it is necessary for business continuity, ongoing projects, or legitimate business interests such as audit, legal claims, or dispute resolution.
4. Consent-Based Data: Where data is processed based on your consent, such as for marketing purposes, it will be retained until you withdraw your consent or request its deletion, provided there are no other legal grounds for retaining it.
Once the retention period has expired, MBC will securely delete or anonymize your personal data in accordance with our Data Retention Policy.
9. How do we use Cookies?
MBC uses cookies and similar tracking technologies to enhance your experience on our websites and apps. The types of cookies we use include:
1. Essential Cookies: These cookies are necessary for the proper functioning of our websites and services, enabling you to navigate and use essential features, such as accessing secure areas.
2. Analytical/Performance Cookies: These cookies help us understand how visitors interact with our websites by collecting anonymous data on user behavior, such as pages visited, and time spent on the site. This information will help us improve the website's performance and user experience.
3. Functional Cookies: Functional cookies allow the website to remember choices you make, such as language preferences or login details, to provide enhanced and personalized features.
4. Targeting/Advertising Cookies: These cookies collect information about your browsing habits to deliver relevant advertising tailored to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.
Managing Cookie Preferences
You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:
• Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling cookies may affect the functionality and service offered on our websites.
• Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change your preferences at any time by accessing the cookie settings available on our website.
10. What are your Rights regarding the processing of your Personal Data?
Depending on the data protection legislation applicable to you, such as, but not limited to, the Kingdom of Saudi Arabia’s Personal Data Protection Law (“KSA PDPL”), EU General Data Protection Law (“EU GDPR”), UK General Data Protection Law (“UK GDPR”), Egypt’s Data Protection Law or California Consumer Privacy Act (CCPA), you may have a number of data protection rights, including:
• Right to be Informed
You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Notice or contact us for further information.
• Right to Access to Your Personal Data
You can request access to your personal data, and we may provide it automatically or upon request. In certain cases, access may be denied if it reveals another person's data or is restricted by law.
• Right to Request Access/Data Portability
You can request a copy of your personal data held by us, in a structured, commonly used, machine-readable format, or have it transferred to a third party of your choice.
• Right to Correct/Rectify Personal Data
It is our objective to keep your personal data accurate, current and complete. You have the right to request the correction of any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide to us.
• Right to Request Destruction/Erasure of Personal Data
You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests, however, we may not always be able to comply with your request for deletion for specific legal reasons for which we will notify you, as appropriate, at the time of your request.
• Right to Withdraw Consent
You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
• Right to Object
You have the right to object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes. You should note that if you object to the processing of your personal data, we may not be able to provide our services to you.
• Right to Restrict Processing
You have the right to ask us to suspend the processing of your personal data in the following cases:
(a) if you want us to establish the data’s accuracy,
(b) when our use of the data is unlawful, but you do not want us to erase it
(c) when you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, or
(d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You should note that if you ask us to restrict the processing of your personal data, we may not be able to provide our services to you.
• Right not to be Subject to Automated Decision-Making.
You have the right not to be subject to a decision when it is based on automated processing, and it produces an adverse legal effect or significantly affects you.
• Right to File a Complaint
If you believe that MBC has not complied with the KSA Personal Data Protection Law (PDPL), you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).
• Right to Claim Compensation:
You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.
Exercising Your Rights
To exercise any of these rights, please contact us via dataprotection@mbc.net
We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).
You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.
11. What if you have questions or want further information?
For further details regarding the processing of your Personal Data and how to exercise your rights, please contact us using the below email address:
dataprotection@mbc.net
• If you are located in the European Union, please contact our EU Representative via email at:
info@privacyminders.com
EU Representative’s Contact Details:
Name: RF PRIVACY MINDERS LTD
Address: 10 Patron Street, 6051 Larnaca, Cyprus
E-mail: info@privacyminders.com
Tel.: +357 24812581
• If you are located in the United Kingdom, please contact our UK Representative via email at:
ukrepresentative@privacyminders.com
UK Representative’s Contact Details:
Name: PRIVACY MINDERS (UK) LIMITED
Address: 71-75 Shelton Street, London WC2H 9JQ, United Kingdom
E-mail: ukrepresentative@privacyminders.com
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel:
Email: E-mail: dataprotection@mbc.net
If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
12. Changes in Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, regulatory or operational requirements. Any changes to this Privacy Notice will be published on this page. When these changes are material, we may provide you with specific notice of any such changes (including when they will take effect) in accordance with the law.
Where applicable (for instance, if the changes imply new data processing that shall rely on your prior consent), we will ensure that you have had the possibility to accept those changes so as to allow you to continue using our services or to refuse - in which case, you will be entitled to cancel your use of the MBC Services.
By accessing or using MBC’s services, you acknowledge and agree to the practices described in this Privacy Notice. If you have any inquiries or require further information regarding our privacy practices, you may contact us at the contact details provided below.
Contact Details
Responsible Department:
Data Governance Team
Address:
Building Number 3237, Al Assafarat District 6501 - Samhah Street Postal Code 12511 – Riyadh, Saudi Arabia.
Phone Number:
+966 11 2684444
Email:
DataProtection@mbc.net
License or Commercial Register:
1010699548
Date of Last Update
The Privacy Policy was last updated on 10th September, 2024.
1. What is the purpose of this Privacy Notice?
This Privacy Notice informs you about MBC’s commitment to safeguarding your personal data in compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), the EU’s General Data Protection Regulation (GDPR), and other relevant laws. MBC is aware of the importance of privacy and protection of personal data in the digital era and is therefore dedicated to ensuring the protection of your personal data when browsing or using our services, websites, and social media platforms.
This Privacy Notice applies to all personal data collected and processed by MBC, covering customers, clients, shareholders, and third-party partners across all our business entities and digital or physical interactions. It ensures transparency about how personal data is collected, used, shared, and protected within MBC's operations. Furthermore, it complies with the PDPL, enacted by Royal Decree No. (M/19) issued on 16/09/2021 and amended by Royal Decree No. (M/148) on 27/03/2023.
2. Who is the Controller of your Personal Data?
MBC Media KSA LLC, headquartered in Saudi Arabia, is the legal entity responsible for collecting, using, and safeguarding your personal data. As the data controller, we define the purposes and methods for processing your personal data.
3. What Personal Data do we collect about you?
MBC collects personal data in both electronic/digital and physical formats, depending on your interaction with us. This may include:
A. Customer Data:
• Identity Data: First name, last name, date of birth, gender, email addresses, telephone numbers, and other identifiers that can directly or indirectly identify an individual. For children under the age of 18, any collection or processing of personal data will only occur with explicit consent from their parent or legal guardian.
• Financial Data: Payment records, billing information, bank account numbers, IBANs, payment methods, and transaction data.
• Digital Data: Metadata, online identifiers such as IP addresses, cookie identifiers, and data from mobile devices specifically for MBC mobile gaming initiatives, and internet protocol addresses collected via website visits and app usage.
• Location Data: Geographical information derived from user devices, utilized to offer location-specific services and content.
• Marketing and Communication Data: Preferences for receiving marketing materials, interactions with campaigns, and consent records.
• Views and Opinions: Any views and opinions that users choose to send to MBC or publicly post about the MBC on social media platforms.
• Call Recordings: Voice recordings of calls for customer service improvement.
B. Social Media User Data:
• Identity Information: Name, surname, age, gender, profile picture, interests, your friend list/connections/followers etc., and other publicly available information, if you have published all this information on your social media profile or posted it on one of our social media platforms.
• Contact Details: Email, telephone number.
• Location Data: country of residence, city of residence.
• Engagement and Communication Data: User interactions including comments, likes, shares, and direct messages to analyse engagement levels.
• Digital Data: Online identifiers and metadata collected via social media tools.
• Cookies and Similar Technologies: We collect personal data concerning you through your use of these social media platforms and through the use of cookies and similar technologies, such as metadata, online identifiers, such as internet protocol addresses and cookies collected via the social media tools.
• Information Collected with your Consent: You may choose to provide us with additional personal information to obtain a better user experience when interacting with our Social Media Platforms, or in order to participate in some of our promotional events, giveaways, or similar. This additional information will be processed based on your consent, only for the above-mentioned purposes.
• Views and Opinions: any views and opinions or other information that you choose to provide to us, or publicly post about us on social media platforms, including, but not limited to, your comments and/or likes to our posts and pictures or direct messages you send to us via our social media platforms.
C. Additional Categories:
• Talent Data: Contact information, contract details, performance records, and audition tapes of individuals involved in productions.
• Guest Information: Data collected from visitors to office premises, including names, contact information, visit dates, and purposes of visits.
• Investor and Shareholder Data: Information about individual and institutional investors, including contact details, investment history, and shareholder information.
• Job Applicants and Candidate Data: Contact information, employment history, educational qualifications, and performance records of individuals applying for positions.
• Student Data: Educational records, grades, coursework submissions, and other data related to students at MBC Academy or from any other part of the MBC.
• Vendor Data: Includes contact details, company information, bank details, and transaction histories necessary for procurement and payment processes.
• Video and Audio Recordings: Includes CCTV footage, production recordings, interviews, and other media content.
• Backup Data: Backups of databases containing personal data for disaster recovery purposes.
Methods of Data Collection
MBC ensures that all personal data is collected accurately and in compliance with applicable laws, such as the PDPL and GDPR. We employ the following methods to gather personal data:
• Direct Collection: We collect personal data directly from you when you provide it via account creation, subscriptions, purchases, surveys, competitions, or direct communication with us through email, telephone, or other communication channels.
• Automated Technologies: We utilize automated technologies, including cookies, web beacons, and other tracking methods, to collect personal data automatically when you visit our websites, use our apps, or engage with our digital services. This includes the use of cookies and similar tools to gather metadata, online identifiers such as IP addresses, and cookie identifiers. These technologies help us understand your behavior across our platforms, enhance your user experience, and support specific functionalities, such as MBC mobile gaming. By tracking how you interact with our web and app interfaces, we can tailor and optimize our service delivery to better meet your needs and preferences.
• Third-Party Sources: We collect personal data from third-party partners, vendors, social media platforms, or public sources, including demographic information, online identifiers, and contact details. Additionally, data is gathered from your interactions with third-party content or ads on our websites and apps, using cookies or tracking technologies from our advertising partners.
• Partners and Vendors: We may receive personal data from our third-party service providers and vendors as part of our contractual agreements and business relationships.
• Partnerships and Integrations: We also collect data through partnerships and integrations, reflecting the interconnected nature of digital platforms.
• Public Sources: Data is collected from publicly available sources such as social media profiles and public databases.
• Engagement Data: We collect data related to user engagement through interactive services and social media platforms.
• Surveys and Feedback Forms: Data is collected through surveys, feedback forms, and questionnaires distributed to gather opinions, preferences, and experiences.
4. How do we use your Personal Data?
MBC processes your personal data for specific purposes, aligned with our operational, regulatory, and strategic objectives. These include:
• Service Operation and Enhancement: To provide services, manage user accounts, process payments, and enhance customer support. This includes improving our services and personalizing content based on your preferences and online behaviors, such as using data from web browsing and app usage to better understand user preferences and personalize interactions accordingly.
• To allow you to share Information: To enable full advantage of sharing features we offer, such as participation in viewer forums and discussion boards, engagement with 2nd screen co-viewing apps; allow you to create a publicly visible MBC Profile, which may – if you choose - include your name and photo; combine Personal Data from one service with information from other MBC Services to make sharing with people you know easier.
• Marketing and Communications: To send you marketing communications, promotional offers, and event information based on your preferences and consent. We use this data to personalize advertising, track engagement with campaigns, and perform market research.
• Financial and Transactional Processing: For processing payments, managing billing, and ensuring the smooth operation of financial transactions.
• Security and Fraud Prevention: To secure our platforms, prevent fraud, protect our sellers’, or your rights or property, and comply with applicable laws and regulations, such as anti-money laundering, tax regulations, and contractual obligations.
• Legal and Regulatory Compliance: To comply with applicable laws and regulations, such as anti-money laundering, tax regulations, and contractual obligations.
• Analytics and Insights: To analyze your interactions with our websites, apps, and services. This helps us understand user behavior, improve service functionality, and make data-driven decisions for future enhancements.
• Customer Support: To respond to inquiries, provide technical assistance, and address any issues related to your interaction with MBC, ensuring a seamless customer experience.
• Location-Based Services: To offer location-specific services and content based on your geographic location data.
• Content Production and Talent Management: For individuals involved in productions, we use your personal data to manage contracts, performance, and other operational activities related to the creation of media content.
• Visitor Management: For managing guest visits to MBC premises, ensuring safety, and maintaining visitor records for internal security purposes.
• Events Management: For managing your participation in events such as promotional activities, conferences, and media events. This includes collecting and processing data necessary for event registration, participation tracking, and post-event analysis.
• Research and Development: To improve existing services and develop new offerings, keeping pace with technological advancements and market expectations. This includes collecting data to analyze market trends and user feedback.
• Business Development: To support business development activities such as corporate transactions, including mergers, acquisitions, or business restructuring, and to explore potential partnerships or investments.
• Public and Vital Interests: To perform tasks in the public interest or protect the vital interests of individuals as required by law.
Change of purpose of processing
Please be informed that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. In certain cases, we may process your personal data without your knowledge or consent, where this is required or permitted by law.
5. What is the Legal Bases for Processing your Data
MBC processes your personal data based on the following legal grounds:
• Contractual Necessity: Data processing is essential to fulfill a contract or take steps at your request, such as processing payments or providing services.
• Legal Obligations: We process personal data to comply with legal and regulatory requirements, such as fulfilling tax obligations, adhering to labor laws, financial regulations, or for the purposes of legal claims.
• Legitimate Interests: We process personal data for legitimate business interests such as improving our services, ensuring security, marketing, supporting business development, and performing analytics. We balance these interests with your rights and freedoms.
• Consent: In certain instances, we rely on your explicit consent, such as when we collect data for personalized marketing or use cookies for online tracking. You have the right to withdraw your consent at any time.
• Vital Interests: We may process your personal data to protect your vital interests or those of another person in cases of emergency or where your health and safety are at risk.
• Public Interest: Data may be processed to fulfill tasks carried out in the public interest, such as complying with government regulations.
6. How do we protect your Personal Data?
MBC employs a combination of technical and organizational measures to ensure the security and confidentiality of your personal data.
Technical Measures
• Encryption: Personal data is encrypted both in transit and at rest to prevent unauthorized access.
• Data Loss Prevention (DLP): DLP systems are in place to monitor and prevent unauthorized data transfers.
• Access Control: We use role-based access control to restrict access to personal data, ensuring that only authorized personnel can access sensitive information.
• Password Management: Strong password policies and password scanning tools are enforced across all systems.
• Network Security: Firewalls, intrusion detection systems, and regular network assessments are used to protect our infrastructure from external threats.
• Endpoint Protection: Devices such as computers and mobile devices are secured with antivirus software and regular security patches.
• Secure File Sharing: Confidential files are encrypted and shared through secure, authorized channels.
• Vulnerability Assessment and Cloud Security Layers: We conduct regular vulnerability assessments to identify and address security vulnerabilities in systems that contain sensitive data, including those hosted in the cloud. This is part of our overall strategy to strengthen the security of our systems and endpoints against emerging threats.
Organizational Measures
• Access Management: Strict access controls are enforced, ensuring that only those with the necessary roles can access personal data.
• Vendor Management: Third-party vendors are required to adhere to our data protection standards through legally binding agreements and regular audits.
• Physical Security: Sensitive areas, such as data centers, are protected by restricted access, biometrics, and CCTV monitoring.
• Employee Training: Regular data protection training is provided to all employees to maintain awareness and compliance with security policies.
• Data Breach Response: We have an established incident response plan to manage any data breaches, including immediate containment, investigation, and notification of affected parties and regulatory authorities when required.
• Audits and Reviews: Regular internal and external audits are conducted to assess compliance with security standards and implement improvements where necessary.
7. Who do we share your Personal Data with?
MBC may share your personal data with third parties under certain circumstances, ensuring compliance with data protection regulations. These recipients include:
• Service Providers: Third-party vendors who provide services on our behalf, such as payment processors, cloud storage providers, IT support, and customer service platforms.
• Business Partners and Affiliates: MBC affiliates, subsidiaries, and business partners who help us deliver our services and enhance your experience.
• Professional Advisors: Legal consultants, auditors, and other professional advisors who assist us in managing our business operations, ensuring legal compliance, and conducting transactions.
• Marketing and Advertising Partners: Third-party companies that help us deliver personalized marketing and advertising, track engagement, and analyze campaign performance.
• Media and Production Partners: For talent and content production, personal data may be shared with production companies, casting agents, and other media entities involved in projects.
• Regulatory and Legal Authorities: Government bodies, regulators, or law enforcement agencies when required by law, such as for compliance with legal obligations or in response to legal claims.
• Investors and Shareholders: In cases of mergers, acquisitions, or restructuring, we may share personal data with potential or actual investors and shareholders as part of business evaluations or transactions.
Third-Party Transfers
MBC may transfer your personal data to third parties for processing outside of MBC, provided that these third parties meet our data protection standards and legal requirements.
• Data Processors: We engage with data processors who handle personal data on our behalf under strict contractual obligations to ensure the data’s security and confidentiality.
• Sub-processors: In some cases, data processors may engage sub-processors. MBC ensures that all sub-processors uphold the same level of data protection.
International Transfers
In some instances, MBC may transfer your personal data to countries outside the Kingdom of Saudi Arabia or the European Union. These transfers are made only when necessary and in compliance with applicable data protection laws:
• Adequacy Decisions: Where personal data is transferred to countries that have been deemed by relevant authorities to provide an adequate level of data protection.
• Standard Contractual Clauses: When transferring data to countries without an adequacy decision, MBC ensures protection by using standard contractual clauses approved by relevant data protection authorities.
• Transfer Impact Assessments (TIAs): MBC may conduct assessments to evaluate risks associated with international transfers and implement measures to mitigate these risks.
• Binding Corporate Rules (BCRs): For intra-group international data transfers, MBC relies on Binding Corporate Rules (BCRs) to ensure that data is processed in compliance with the highest data protection standards across all MBC entities.
8. How long will your Personal Data be retained by us?
MBC retains your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, or as required by law. The retention period may vary depending on the type of data and the purposes for which it is processed. Below are the key factors determining the retention period:
1. Purpose of Data Collection: Personal data is retained for the duration necessary to provide our services, manage our relationship with you, fulfil legal obligations, and improve our operations.
2. Legal and Regulatory Requirements: Certain data may be retained for specific periods to comply with legal or regulatory requirements, such as financial reporting, tax obligations, or compliance with labor and employment laws.
3. Business Needs: Data may be retained for longer periods if it is necessary for business continuity, ongoing projects, or legitimate business interests such as audit, legal claims, or dispute resolution.
4. Consent-Based Data: Where data is processed based on your consent, such as for marketing purposes, it will be retained until you withdraw your consent or request its deletion, provided there are no other legal grounds for retaining it.
Once the retention period has expired, MBC will securely delete or anonymize your personal data in accordance with our Data Retention Policy.
9. How do we use Cookies?
MBC uses cookies and similar tracking technologies to enhance your experience on our websites and apps. The types of cookies we use include:
1. Essential Cookies: These cookies are necessary for the proper functioning of our websites and services, enabling you to navigate and use essential features, such as accessing secure areas.
2. Analytical/Performance Cookies: These cookies help us understand how visitors interact with our websites by collecting anonymous data on user behavior, such as pages visited, and time spent on the site. This information will help us improve the website's performance and user experience.
3. Functional Cookies: Functional cookies allow the website to remember choices you make, such as language preferences or login details, to provide enhanced and personalized features.
4. Targeting/Advertising Cookies: These cookies collect information about your browsing habits to deliver relevant advertising tailored to your interests. They may also limit the number of times you see an ad and help measure the effectiveness of advertising campaigns.
Managing Cookie Preferences
You can manage your cookie preferences through your browser settings at any time. Here’s how you can control or opt out of cookies:
• Browser Settings: Most browsers allow you to refuse cookies or delete cookies through their settings preferences. However, disabling cookies may affect the functionality and service offered on our websites.
• Consent Management: On your first visit to our website, you will be prompted to accept or reject non-essential cookies. You can change your preferences at any time by accessing the cookie settings available on our website.
10. What are your Rights regarding the processing of your Personal Data?
Depending on the data protection legislation applicable to you, such as, but not limited to, the Kingdom of Saudi Arabia’s Personal Data Protection Law (“KSA PDPL”), EU General Data Protection Law (“EU GDPR”), UK General Data Protection Law (“UK GDPR”), Egypt’s Data Protection Law or California Consumer Privacy Act (CCPA), you may have a number of data protection rights, including:
• Right to be Informed
You have the right to be informed about how we collect your personal data, the legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed. You can access all these details through our Privacy Notice or contact us for further information.
• Right to Access to Your Personal Data
You can request access to your personal data, and we may provide it automatically or upon request. In certain cases, access may be denied if it reveals another person's data or is restricted by law.
• Right to Request Access/Data Portability
You can request a copy of your personal data held by us, in a structured, commonly used, machine-readable format, or have it transferred to a third party of your choice.
• Right to Correct/Rectify Personal Data
It is our objective to keep your personal data accurate, current and complete. You have the right to request the correction of any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide to us.
• Right to Request Destruction/Erasure of Personal Data
You may request the destruction of your personal data when it is no longer needed for the purposes for which it was collected. We will review such requests, however, we may not always be able to comply with your request for deletion for specific legal reasons for which we will notify you, as appropriate, at the time of your request.
• Right to Withdraw Consent
You have the right to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
• Right to Object
You have the right to object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms. You also have the right to object when we are processing your personal data for direct marketing purposes. You should note that if you object to the processing of your personal data, we may not be able to provide our services to you.
• Right to Restrict Processing
You have the right to ask us to suspend the processing of your personal data in the following cases:
(a) if you want us to establish the data’s accuracy,
(b) when our use of the data is unlawful, but you do not want us to erase it
(c) when you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, or
(d) if you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You should note that if you ask us to restrict the processing of your personal data, we may not be able to provide our services to you.
• Right not to be Subject to Automated Decision-Making.
You have the right not to be subject to a decision when it is based on automated processing, and it produces an adverse legal effect or significantly affects you.
• Right to File a Complaint
If you believe that MBC has not complied with the KSA Personal Data Protection Law (PDPL), you have the right to file a complaint with us. If you are not satisfied with the outcome, you may escalate your complaint to the Saudi Data & Artificial Intelligence Authority (SDAIA).
• Right to Claim Compensation:
You are entitled to claim compensation for any material or moral damage resulting from a violation of the Personal Data Protection Law and its implementing regulations.
Exercising Your Rights
To exercise any of these rights, please contact us via dataprotection@mbc.net
We may request specific information from you to help us confirm your identity and facilitate your right to access your personal data (or to exercise any of your other rights).
You will not be required to pay any fees in return for exercising your rights. In case of submitting a request for exercising your rights, you will receive a response within 30 days from the date of receipt of your request.
11. What if you have questions or want further information?
For further details regarding the processing of your Personal Data and how to exercise your rights, please contact us using the below email address:
dataprotection@mbc.net
• If you are located in the European Union, please contact our EU Representative via email at:
info@privacyminders.com
EU Representative’s Contact Details:
Name: RF PRIVACY MINDERS LTD
Address: 10 Patron Street, 6051 Larnaca, Cyprus
E-mail: info@privacyminders.com
Tel.: +357 24812581
• If you are located in the United Kingdom, please contact our UK Representative via email at:
ukrepresentative@privacyminders.com
UK Representative’s Contact Details:
Name: PRIVACY MINDERS (UK) LIMITED
Address: 71-75 Shelton Street, London WC2H 9JQ, United Kingdom
E-mail: ukrepresentative@privacyminders.com
Complaint or Objection Filing Method
If you have any concerns, or if we do not comply with the Personal Data Protection Law, you can file a complaint with our IT Department using the following channel:
Email: E-mail: dataprotection@mbc.net
If you are not satisfied with how we process your complaint, or if we fail to respond within 30 days, you can file a complaint to the Competent Authority Saudi Data & AI Authority (SDAIA).
SDAIA Address:
Kingdom of Saudi Arabia, Riyadh
SDAIA Website:
Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform “DGP” (dgp.sdaia.gov.sa)
12. Changes in Privacy Notice
We may update this Privacy Notice from time to time in response to changing legal, regulatory or operational requirements. Any changes to this Privacy Notice will be published on this page. When these changes are material, we may provide you with specific notice of any such changes (including when they will take effect) in accordance with the law.
Where applicable (for instance, if the changes imply new data processing that shall rely on your prior consent), we will ensure that you have had the possibility to accept those changes so as to allow you to continue using our services or to refuse - in which case, you will be entitled to cancel your use of the MBC Services.