Based on the need of the Human Resources Development Fund, hereinafter referred to as (the Second Party), to obtain the data produced by the Human Resources Development Fund, hereinafter referred to as (the Disclosing Party), in accordance with the relevant policies and regulations issued by the regulatory authorities, and due to the desire of both parties to establish an integrated relationship based on promoting the culture of data sharing, the data will be shared under this form according to the following provisions:

Section One: Obligations of Both Parties

1. The Disclosing Party shall commit to sharing the requested data specified in this form (Paragraph 3: Details of Requested Data) after obtaining the necessary approvals within the time period specified in (Paragraph 2: Request Information) of this form.
2. The Receiving Party shall commit to using the data specified in this form (Paragraph 3: Details of Requested Data) according to the purpose stated in (Paragraph 2: Request Information) only, and shall not use it for any other purposes not stated in this form unless coordinated with the Ministry of Human Resources and Social Development to obtain the necessary approvals.
3. The disclosed data under this form will be received through the designated contact officer of the Receiving Party as specified in this form. If the Receiving Party wishes to change the contact officer, the Disclosing Party must be notified with the name and contact details of the new officer.
4. The Receiving Party shall commit not to use the data for marketing or commercial purposes, such as exploiting it or providing it for sale.
5. The Disclosing Party has the right, after notifying the Receiving Party in writing no less than twenty [20] days in advance, to review the records of data usage disclosed under this form, and the Receiving Party shall not prevent the Disclosing Party from doing so.

Section Two: Confidentiality and Data Privacy

1. 1. The Receiving Party shall maintain the confidentiality of the data disclosed under this form with the same degree of care it uses with its own confidential data— and in all cases not less than reasonable care— while considering the confidentiality of data related to the operations or clients of the Disclosing Party. Confidentiality shall continue even after the end or termination of the data-sharing period for any reason.
2. 2. The Receiving Party shall apply appropriate security controls and standard practices when processing the data disclosed under this form according to its classification level, in accordance with recognized standards and the instructions issued by the National Cybersecurity Authority or the equivalent, to ensure protection from misuse, unauthorized access, or data leakage incidents.
3. 3. The Receiving Party shall retain the data obtained under this form within the geographical boundaries of the Kingdom in order to preserve national data sovereignty.
4. 4. The Receiving Party is prohibited from storing or transferring data classified by the Disclosing Party as "Highly Confidential" or "Confidential" to any portable or mobile device or storage medium unless such device or medium is part of the Receiving Party’s dedicated and encrypted backup and recovery operations.
5. 5. The Receiving Party shall protect the privacy of data subjects and their rights in accordance with the Personal Data Protection Law and its implementing regulations, and shall not attempt to identify individuals whose personal data is included within the disclosed data or contact them for any reason, except when necessary for the purpose of data sharing.
6. 6. The Receiving Party shall protect and respect intellectual and literary property rights owned by the Disclosing Party and shall not infringe upon them.

Section Three: Data Disclosure

• The Receiving Party shall commit not to disclose or publish any data obtained under this form to any other party unless explicit and restricted approval is granted within this form by the Disclosing Party, except for the cases stated in Paragraphs A (Authorized Disclosure) and B (Mandatory Disclosure) in this section.
• A. Authorized Disclosure: The Receiving Party may disclose confidential data obtained under this form to employees or affiliated entities/companies whose work requires access to such data on a “need-to-know” basis, provided they sign a non-disclosure agreement or equivalent to maintain confidentiality.
• B. Mandatory Disclosure: The Receiving Party may disclose the minimum—practically possible— amount of confidential data if such disclosure is for security or judicial purposes requested by competent authorities according to relevant laws and policies.

Section Four: Data Quality

• The Disclosing Party shall commit to providing the Receiving Party with the requested data— mutually agreed upon between both parties— on an “as-is” basis if the Disclosing Party is the primary producer of the data, or on an “as obtained” basis if not the primary producer, while taking appropriate steps to verify the completeness and freshness of the data before sharing it.

Section Five: Data Destruction

• Upon termination or expiration of the data-sharing period stated in (Paragraph 2: Request Information) of this form, the Receiving Party must immediately delete/erase all data disclosed under this form, including operational, archived, and backup data, and provide the Disclosing Party with written certification confirming that such deletion or destruction was completed. However, the Receiving Party may retain data disclosed under this form if required by relevant laws and regulations.

Section Six: Security Incidents and Data Breach Notification

• The Receiving Party shall notify the Disclosing Party immediately and without delay, and not exceeding 72 hours, upon the occurrence or discovery of any security incident or data breach of the information disclosed under this form, or any other event requiring notification as mandated by regulatory authorities.

Section Seven: Liability Provisions

• 1. The Disclosing Party shall not bear any consequences resulting from misuse of the disclosed data under this form.
• 2. The Disclosing Party has the right to stop sharing data and terminate the application of this form if the Receiving Party breaches any of its obligations stated herein, or for any other reason, provided that the Receiving Party is notified in writing at least 30 working days prior to the termination date.
• 3. The Receiving Party, upon breaching the obligations stated above, shall compensate the Disclosing Party for any losses arising from unauthorized disclosure, data leakage, or any other events requiring notification under this form.
• 4. Any dispute arising from the implementation or interpretation of this form shall be resolved through direct amicable communication between the parties within ten [10] days from the date of the dispute. If unresolved, a joint committee from both parties shall be formed to examine the dispute and reach a mutually suitable resolution within thirty [30] days. If unresolved by the committee, a detailed report shall be prepared and submitted to the National Data Management Office for an opinion, and if still unresolved, an alternative dispute resolution mechanism shall be agreed upon or referral to the competent authorities in the Kingdom of Saudi Arabia.
• 5. The parties shall strive to ensure that no dispute affects the implementation of the provisions stated in this form; having a dispute does not exempt either party from responsibility, and obligations shall continue until a resolution is reached.