Privacy Policy

1. Introduction

NASAQ Al Enjaz for Development & Commercial Investment (NASAQ, we, us, or our) is committed to protecting your privacy and personal data in compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) and its implementing regulations. This Privacy Policy explains how we collect, use, store, share, and protect your personal information.

By using our website, services, or providing us with your personal information, you acknowledge that you have read, understood, and agree to this Privacy Policy.

2. Data Controller Information

Company Name: NASAQ Al Enjaz for Development & Commercial Investment

Commercial Registration Number: [Your CR Number]

Address: [Your Physical Address], Kingdom of Saudi Arabia

Email: privacy@nasaq-sa.com

Phone: +966 11 4551122

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, job title, company name
• Business Information: Company details, professional inquiries, partnership requests
• Communication Data: Content of messages, emails, or calls you send to us
• Career Applications: Resume/CV, qualifications, employment history (when applying for positions)

3.2 Information Collected Automatically

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on pages, referral sources, click patterns
• Cookies & Tracking: Session cookies, analytics cookies, preference cookies
• Location Data: General geographic location based on IP address

4. Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds under the PDPL:

• Consent: Where you have given explicit consent for specific processing activities
• Contract Performance: To fulfill our contractual obligations to you or take steps at your request
• Legal Obligation: To comply with Saudi laws, regulations, and regulatory requirements (e.g., Saudi FDA, Ministry of Health)
• Legitimate Interests: For our legitimate business interests, such as improving services, fraud prevention, and security
• Vital Interests: To protect the vital interests of individuals in emergency situations

5. How We Use Your Personal Data

• To provide, maintain, and improve our pharmaceutical and healthcare services
• To respond to inquiries, requests, and customer support
• To process business transactions and partnerships
• To comply with legal, regulatory, and healthcare compliance requirements
• To send important updates, newsletters (with your consent), and service communications
• To detect, prevent, and address fraud, security issues, and technical problems
• To analyze website usage and improve user experience
• To evaluate job applications and recruitment processes
• To maintain business records and documentation as required by Saudi law

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Within Saudi Arabia

• Service Providers: Third-party vendors providing IT, hosting, analytics, and business services
• Business Partners: Pharmaceutical manufacturers, distributors, and healthcare providers
• Professional Advisors: Lawyers, auditors, and consultants bound by confidentiality
• Regulatory Authorities: Saudi FDA, Ministry of Health, CITC, SDAIA, and other government agencies when legally required

6.2 International Transfers

We may transfer personal data outside Saudi Arabia only when:

• The recipient country provides an adequate level of data protection as determined by SDAIA
• We have implemented appropriate safeguards (e.g., Standard Contractual Clauses)
• You have provided explicit consent for the transfer
• The transfer is necessary for contract performance or legal compliance

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Encryption of data in transit and at rest (SSL/TLS, AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and vulnerability testing
• Employee training on data protection and confidentiality
• Incident response and breach notification procedures
• Secure data storage within Saudi Arabia or approved jurisdictions
• Regular backups and disaster recovery protocols

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by PDPL.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:

• Customer Data: Duration of business relationship plus 10 years (regulatory requirement)
• Marketing Consent: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months from collection
• Job Applications: 1 year from application date
• Legal/Regulatory Data: As required by Saudi commercial, tax, and healthcare laws

After the retention period, we will securely delete or anonymize your personal data.

9. Your Rights Under PDPL

As a data subject in Saudi Arabia, you have the following rights:

To exercise any of these rights, please contact us at privacy@nasaq-sa.com. We will respond to your request within 30 days as required by PDPL.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Ensure website functionality and security
• Remember your preferences and settings
• Analyze website traffic and user behavior (Google Analytics)
• Improve user experience and performance

You can control cookies through your browser settings. However, disabling cookies may affect website functionality. By continuing to use our website, you consent to our use of cookies as described.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately, and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. We encourage you to review this policy regularly.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Filing a Complaint with SDAIA

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with: