QF is committed to protecting the privacy of individuals and processing Personal Data in accordance with the Personal Data Privacy Protection Law No. 13 of 2016 (the “PDPPL”) and in line with the principles of transparency, fairness and respect for human dignity. Our Privacy Notice explains how we collect, use, disclose, store and protect your Personal Data.

This Privacy Notice should be read together with QF Website Terms of Use (including our Cookies Policy in Section 8).

1. Who we Are

The Data Controller for the purpose of this Privacy Notice is Qatar Foundation (“QF”), a private foundation for public benefit established under Law 21 of 2006 in Qatar focused on education, research, innovation, and community development for the benefit of Qatar and the World. You can find out more about QF at: https://www.qf.org.qa/about

2. Personal Data We Collect

Personal Data (also referred to as personal information) is any information that can directly or indirectly identify you. This may include information you provide to us or data we collect when you visit us in person, browse one of our websites or participate in our events and programs.

Legal Basis for Processing

We process your Personal Data based on one or more of the following bases:

• Your explicit, freely given, specific, informed and unambiguous consent,
• To fulfill a contractual obligation,
• To comply with legal and regulatory requirements,
• To ensure we process your personal information on a lawful basis, and notified you, where we have provided you with appropriate notice.

Types of Personal Data

We collect and process the following categories of Personal Data:

• Title, first name, and last name
• Personal details, e.g. age and date of birth, gender, marital status, country of residence
• Contact details, e.g. email address, phone number, postal address
• Identification documents, e.g. passport details or QID
• Birth or marriage certificates
• Educational background
• Employment details, e.g. job title, grade, professional experience, salary details, reference checks
• Bank account and bank card related information, Financial standing related information

3. Personal Data of Special Nature

Certain types of sensitive information, referred to as “Personal Data of Special Nature” require additional protection under the PDPPL. This data may include:

• Information related to ethnic origin or religious beliefs (e.g. when necessary for participation in relevant events or programs),
• Children related information (e.g. to apply to QF schools or to issue an offer letter),
• Health related information (e.g. to onboard new employees, for workplace and safety purposes, to enroll children to schools or athletic activities or for first aid assistance in case of a medical incident at our sites),
• Information related to previously committed criminal offences (e.g. to apply for a job at QF),
• Psychometric tests (e.g. to assess candidates).

We only collect such data for specific purposes, where strictly necessary, and after having obtained your explicit consent. While it is always your choice whether to provide this information, failure to provide it may limit or eliminate your ability to use certain functions of our websites and platforms or to participate in certain services and events.

4. Personal Data Automatically Collected

When you interact with our websites or platforms, we automatically collect some technical information from your device to help us improve your experience. This may include your IP address and device information, browser type, date and time of access, system usage logs and usage and behavioral data, e.g. page views and clicks, navigation patterns etc.

We also use Cookies:

• Essential cookies: These are necessary for our website to function properly.
• Analytics cookies: With your consent, these help us understand how people use our website so we can make it better.
• Advertisement cookies: We work with partners to see how you interact with our marketing and ads.

Our websites use Cookies to distinguish you from other users of our site. This helps us to provide you with a good experience when you browse our site and allows us to improve our site. For detailed information on the cookies we use, please refer to our Cookies Policy.

5. Personal Data Provided about Others

We only accept Personal Data provided on behalf of others if you are authorized or required to do so based on a contractual obligation, applicable law, or if you have obtained the individual’s explicit consent, or in your capacity as a legal guardian or parent of a child. In such cases, you must ensure that the individual has been informed of this Privacy Notice and has explicitly consented to the disclosure of their personal data. We may ask you to provide evidence of this notification and consent and may take steps to verify that the data has been lawfully obtained.

6. Personal Data Received from Third Parties and Other Sources

We may receive your Personal Data from other external sources, including your company/organization, professional references, publicly available sources, third-party analytics providers, and other third parties, e.g.

• If someone at your organization designates you as a contact person for that organization or includes information about you in proposal documents,
• If another person includes it in any feedback, comments, photos, videos, or other information submitted via online portals, electronic forms, surveys; or,
• If one of our staff or service providers or a third party acting on your behalf provides it to us when registering you to access our services, facilities or our sites, apply for a job, or participate in one of our events.

7. How we Collect and Use your Personal Data

We collect Personal Data only for specific, explicit and lawful purposes, as required by the PDPPL. These include:

a. Applying for a job at QF

When you apply for a job at Qatar Foundation – either directly by email to Talent Acquisition, through our application system, walk-in through the QF Reception desk, through a third party’s application system or via a recruitment agency – you may share various types of Personal Data, including Personal Data of Special Nature.

We collect this information to:

• evaluate your application
• set up and administer your account in the application system
• confirm you are legally entitled to work in Qatar
• fulfill legal or contractual obligations or respond to legal requests such as court orders or government inquiries.

We process this information on the legal basis that:

• We are taking steps at your request before entering an employment contract with you, and
• We are pursuing our legitimate interest in assessing your suitability for the role you applied for at QF.

b. Contacting QF by the Phone, Email or Social Media

When you contact QF – whether by phone, email or social media – we may collect Personal Data, including Personal Data of Special Nature, where relevant. This may include:

• Title, forename, middle name, and surname
• Job title, company, or institution name
• Contact phone number(s)
• Contact email address(s)

We collect this information to:

• Provide access to or information about the QF services you are contacting us about
• Handle your query and engage with you to resolve an issue.

We process this information on the legal basis that:

• We are pursuing our legitimate interest in responding to inquiries and maintain business relationships, and
• By contacting QF, you consent to us using the information you provide solely to respond to your inquiry.

c. Participating in Conferences, Meetings and Forums organized by QF

When you register or express interest in attending events organized by QF – such as conferences, meetings or forums – you may provide the following Personal Data:

• Name (if applicable)
• Age
• Nationality
• QID
• Personal Photographs
• Job titles
• Academic background information
• Organization name
• Contact Phone number
• Email address
• Dietary requirements
• Details of any accessibility needs
• For visa applications: date of birth, nationality and passport number
• For travel bookings: name as shown on the passport, passport number and gender.

We collect this information to:

• Register you for the event you have applied or signed up to attend
• Organize travel and visa arrangements on your behalf, where applicable
• Send you event-related updates and communications, if you have opted in to receive them.

To facilitate your participation, we may share your information with third-party service providers, such as:

• Providers of our online event registration platforms, to send and manage event invitations and registrations.
• Travel management companies (if QF is funding the travel associated with the event) to handle bookings, which may include sharing your personal and passport details and accessibility information.
• The event venue, for event planning, administration and security purposes.

We process this information on the legal basis that:

• We are pursuing our legitimate interest in organizing and facilitating events that promote collaboration and sharing of knowledge and expertise in the fields of education and research.
• We are fulfilling your request to participate in the event you have registered for or applied to attend
• We have obtained your explicit consent, where required, particularly for the processing of sensitive information (e.g. health, dietary or accessibility information).

d. Visiting QF’s Offices and Sites

When you visit our offices or sites, we may collect certain information about you, including but not limited to:

• Title, forename and last name
• Name of your organization name
• QID number
• CCTV footage, where applicable.

We collect this information to:

• Issue a visitor or security pass and provide you with access to our premises (e.g. for meetings or events)
• Use CCTV footage to assist with the detection and prevention of crime, and to ensure safety and security of visitors and staff.
• Comply with our legal health and safety obligations (e.g. reporting of certain health and safety incidents).

We process this information on the legal basis that:

• We are pursuing our legitimate interest in maintaining the security and safety of our facilities, staff and visitors
• We are addressing legal obligations under applicable health and safety laws.

e. Enrolling to QF’s Programs, Services, and Events

When you apply or enroll in programs, events, recreational classes or use services offered by QF, we may collect Personal Data about you, including Personal Data of Special Nature, such as:

• Title, forename, middle name, surname
• Qatar ID
• Date of Birth
• Gender
• Email address
• Contact address
• Guardian information (where applicable)
• Emergency contact
• Educational background and qualifications
• Passport details (e.g. for international students enrolling in university programs or children applying to QF schools)
• Information on any pre-existing health conditions (particularly for sports or physical activity programs)
• Marital status and spouse information (where applicable)

We collect this information to:

• Coordinate and collaborate with clients, universities, schools, research institutes, other QF entities and other organizations with whom we do business.
• Provide access to and manage your application and participation in services, programs, and events.
• Access your suitability for enrollment, based on qualifications and any pre-existing health condition.
• Facilitate the transfer of information across departments to administer and provide access to buildings, IT systems and parking spaces.
• Ensure safety through CCTV monitoring and assist with the detection and prevention of crime.
• Send you information and updates you have opted in to receive.
• Administer, protect and improve our sites, systems, facilities, events, and other business operations.
• Fulfill legal obligations or respond to legal requests such as court orders or government inquiries.

We process this information on the legal basis that:

• We are pursuing our legitimate interest in administering and delivering QF’s educational, research, and community programs and services.
• We are addressing your requests before entering a service or program (e.g. enrollment).
• We have obtained your explicit consent, where required, particularly for the processing of sensitive information (e.g. health, dietary or accessibility information).

f. Accessing and using QF’s Systems and Applications

Our IT systems and their security are integral to our business. When you access or use QF’s systems or applications, we may collect and process your Personal Data (e.g. system activity logs etc.), where necessary to:

• Operate, administer, monitor, manage and analyze system performance and usage of IT systems and applications.
• Ensure the security of our infrastructure and detect and respond to potential security threats or misuse.
• Improve user experience and system functionality.

We process this information on the legal basis that:

• We are pursuing our legitimate interest in maintaining secure and effective IT systems and services.
• We are complying with legal or regulatory obligations relating to cybersecurity, data protection, or audit requirements.

8. Sharing your Personal Data

We only share your Personal Data when necessary and in accordance with the PDPPL. This may include sharing with:

1. Internal Parties

We may share your Personal Data within Qatar Foundation (e.g. with employees from other departments, divisions or directorates) for the purposes set out in this Privacy Notice.

1. Third-Party Service Providers

We may share your Personal Data with third parties, who perform services on our behalf. These may include entities based outside Qatar. These providers may include:

• IT and system providers (i.e. ERP, communication platforms, job application systems, student records management systems etc.).
• Payment service providers (e.g. for card payments at our facilities or online).
• Recruitment-related providers (e.g. recruitment agencies, background check providers).
• External legal advisors and other professionals (e.g. consultants, auditors, communication and marketing companies).
• Government entities, Ministries, and regulators.
• Event venue operators (e.g., for logistics related to events you participate in).
• Insurance providers (e.g. for insurance coverage and protection of QF assets).
• Digital analytics service providers.
• Travel services providers (for issuing tickets for oversees candidates).

We ensure that all such providers implement appropriate safeguards in line with the PDPPL.

1. When Legally Required

In certain circumstances, although rare, we may share your information if required by law, e.g. in response to a court order, or a request from law enforcement or regulatory authority.

1. Cross-border transfers

If we transfer your Personal Data outside Qatar (e.g. to service providers), we ensure appropriate safeguards are in place. This includes one or more of the following:

• The destination country is recognized as providing an adequate level of protection for Personal Data.
• The service provider operates under the GDPR or similar regulatory standards.
• The recipient has entered appropriate contractual arrangements with us, and we have conducted a risk assessment to ensure that your Personal Data will be adequately protected.

9. Protecting your Personal Data

We are committed to protecting your personal information and privacy. We have implemented technical and organizational measures to keep your information secure.

1. Security Measures

Access to Personal Data is limited to authorized personnel who require this information to perform their duties. We store Personal Data securely using appropriate technical measures, considering the nature, scope, context and purpose of its use. These measures will always be appropriate to the sensitivity of the data and the level of associated risks.

1. Card transactions

When you make card payments, your details are encrypted and processed securely. Our systems do not allow staff to access full card information.

1. Data Breach Procedures

We have procedures in place to respond to any suspected or confirmed Personal Data breach. If a breach occurs and we are legally required, we will notify you and the relevant regulatory authority

10. Retention of your Personal Data

We will retain your Personal Data only for as long as necessary to fulfill the legal, regulatory, or business purposes for which it was collected, in line with the principles of data minimization, lawfulness and accuracy set out in the PDPPL.

Once your Personal Data is no longer required for these purposes, we will take reasonable steps to securely delete or anonymize it.

For more information about our data retention practices, please contact our QF Compliance Department using the contact details provided below (Contact us – Section 13).

11. Your Data Protection Rights

Under the PDPPL, you have several rights in relation to your Personal Data. As the Data Controller we are committed to upholding these rights, which include:

Right to be Informed

• The right to be told how your Personal Data is used and processed in a clear, simple, and transparent language.

• You have the right to have your Personal Data protected and processed lawfully by us, in accordance with the principles set out in the Data Protection Law.

Right to Access

a.

The right to access means that you have the right to ask QF:

• Whether or not we are using or storing any of your Personal Data.

• To provide you with copies of your Personal Data.

b.

You may wish to exercise this right to find out:

• What Personal Data QF holds about you.

• Whether the Personal Data we hold on you is accurate and up to date.

• How we are using your Personal Data.

• Who we are sharing your Personal Data with.

• Where we got your Personal Data from.

c.

When making a request to exercise your right to access you should include:

• A clear description of what the request is concerning; for example, by using ‘subject access request’ or ‘right to access my Personal Data’ as the email subject or letter heading.

• The date of making the request.

• Your full name (or the relevant individual’s full name if making a request on somebody’s behalf). This should include any alternative names you/they are known by, if relevant.

• Any other information used by QF to identify or distinguish the individual from other individuals, such as an account number or employee ID.

• Your up-to-date contact details.

• An extensive list of what Personal Data you want to access, based on what you need.

• Any other relevant details such as dates or search criteria that will help QF identify what you want and locate your Personal Data.

• How you would like to receive the information, for example, via email or in hard copy to a postal address etc.

d.

QF may charge a fee for providing copies of the Personal Data that we hold for you, particularly if hard copies are requested.

Right to be Forgotten (Delete Your Data)

a.

You have the right to request that we erase your Personal Data under certain circumstances. These circumstances are as follows:

• If we are relying on your written consent to process your Personal Data and you withdraw your consent.

• If the processing of your Personal Data is no longer necessary to achieve the purpose for which it was collected.

• If the Personal Data we have collected is beyond the extent required or where we have collected more than the minimum amount of your Personal Data required to fulfil our purpose for processing.

• If the processing of your Personal Data is discriminatory, unfair, or illegal; or

• When the purpose for processing or reasons for storing your Personal Data no longer exist.

b.

We may not erase your Personal Data if an exemption under the Data Protection Law applies, such as:

• To execute a task related to the public interest as per the Data Protection Law.

• To implement a law or an order rendered by a competent court.

• To protect vital interests of individuals.

• To achieve purposes of scientific research for public interest.

• To gather necessary information for investigation into a crime in response to an official request by investigative bodies.

c.

We may also not erase your Personal Data if the request is deemed excessive or malicious as per the Data Protection Law. If this is the case, QF may either fully or partly refuse to comply with your request.

Right to Object

You have the right to complain and object to us processing your Personal Data, including:

• When processing of your Personal Data is no longer necessary to achieve the purposes for which it was originally collected by us; or

• Where QF is otherwise processing your Personal Data in a way which is not compliant with the Data Protection Law.

Right to Seek Correction

You have the right to challenge the accuracy of the Personal Data we hold on to and ask for it to be corrected or deleted.

Right to Withdraw Consent

Where QF are relying on your written consent to process your Personal Data, you have the right to withdraw this consent. This means that:

• You may withdraw your previously given consent at any time.

• We must act on your request as soon as possible.

• We must stop processing your Personal Data if you withdraw your consent.

 

If you wish to exercise any of your Data Protection Rights mentioned above or have questions about how your Personal Data is handled, please contact our QF Compliance Department using the contact details provided below (Contact us – section 12). Alternatively, you may complete the Individual Rights Request Form available upon request.

12. Changes to this Privacy Notice

We are required to review and assess the adequacy of this Privacy Notice, as such we may update our Privacy Notice from time to time. You are advised to review this Privacy Notice periodically for any changes. Changes to this Privacy Notice are effective when they are posted on this page.

13. Contact Us

 If you wish to contact us, or want more details about this Privacy Notice or how we use your Personal Data, you can reach out to the Compliance Department as follows:

Compliance Department 

Qatar Foundation, HQ

Education City

Po Box: 5825, Doha, Qatar

Tel: +974 44548388

Email: compliance@qf.org.qa

The supervisory authority responsible for overseeing compliance with the Personal Data Privacy Protection Law No. 13 of 2016 is the National Data Privacy Office (NDPO) at the National Cybersecurity Agency (NCSA).

To submit a question about any requirements in the PDPPL, please contact the regulator at privacy@ncsa.gov.qa.