This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Weekly GH Dose Recorder application (the “Service”), and outlines your rights under the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL) and its implementing regulations.
Jurisdiction: This policy is tailored for the Kingdom of Saudi Arabia (KSA) and the PDPL, supervised by the Saudi Data & AI Authority (SDAIA). If you access the Service outside KSA, local rules may also apply.
Interpretation & Definitions
Interpretation
Capitalized words have meanings defined below. The same meaning applies whether they appear in singular or plural.
Definitions
Account: A unique account created for you to access the Service.
Affiliate: An entity that controls, is controlled by, or is under common control with a party (ownership ≥ 50%).
Application: Weekly GH Dose Recorder, the software provided by the Company.
Company / Controller: Novo Nordisk
Country: Kingdom of Saudi Arabia.
Device: Any device that can access the Service (computer, phone, tablet).
Personal Data: Information relating to an identified or identifiable natural person.
Service: The Application.
Service Provider: Any person or entity processing data on behalf of the Company.
You: The individual using the Service or the company/other legal entity on whose behalf the Service is used.
Company & Controller
The Company responsible for your Personal Data is:
When using the Service, we may ask you to provide certain Personal Data, such as:
Email address
First and last name
Phone number
Usage Data
We may collect limited technical data about how the Service is accessed and used (e.g., app version, device model, basic diagnostics) to maintain and improve stability and performance.
How We Use Personal Data & Legal Bases (PDPL)
We process Personal Data for the purposes below in accordance with PDPL lawful bases:
Provide and maintain the Service (e.g., core functionality, monitoring usage) — necessary for providing the Service / legitimate interests.
Manage your Account (registration, authentication) — contractual necessity.
Communicate with you about updates, security notices, or service-related information (email, SMS, push) — contractual necessity / legitimate interests.
Reminders — to schedule and send notifications you configure for dosage timing — your instruction & legitimate interests.
The app does not calculate, recommend, or suggest medication dosages. It only allows you to log and track dosages previously prescribed by a licensed healthcare provider and to receive timing reminders.
Customer support & requests — contractual necessity / legitimate interests.
Analytics and improvements (e.g., usage trends, performance) — legitimate interests.
Service Providers who help operate the Service (e.g., hosting, messaging) under written agreements requiring confidentiality and PDPL compliance.
Affiliates (our parent/subsidiaries) where necessary and subject to this Policy.
Business transfers (e.g., merger, acquisition, reorganization) with notice where required.
Legal compliance: where required by KSA law, court order, or competent authority, or to protect rights, safety, and security.
With your consent or at your direction.
Retention
We keep Personal Data only as long as necessary for the purposes above, and to the extent required to comply with applicable KSA laws, resolve disputes, and enforce agreements. When no longer needed, data is securely deleted or anonymized in line with PDPL requirements.
Cross-Border Transfers
Where possible, we aim to process and store Personal Data within KSA. If Personal Data must be transferred outside KSA, such transfer will be conducted in accordance with PDPL and SDAIA regulations, including implementing adequate safeguards, ensuring the recipient jurisdiction provides appropriate protection, and limiting transfers to what is necessary for the stated purposes.
Your Rights under PDPL
Subject to PDPL and applicable exceptions, you have the right to:
Be informed about the processing of your Personal Data.
Access your Personal Data and obtain a copy.
Request correction of inaccurate or incomplete data.
Request deletion where PDPL conditions are met (e.g., purpose fulfilled or consent withdrawn).
Withdraw consent where processing relies on consent.
Object to processing in certain cases, including direct marketing.
File a complaint with the competent authority (SDAIA) if you believe your PDPL rights have been infringed.
To exercise your rights, contact us using the details in Contact Us. We will respond within timelines required by PDPL.
Children’s Privacy
The Service is intended for use by parents or legal guardians to log and track prescribed dosages for their children. Under PDPL, a “child” is generally a person under 18 years of age. We do not knowingly collect Personal Data directly from children without the consent of a parent or legal guardian. If you believe a child has provided Personal Data to us without appropriate consent, please contact us so we can take steps to remove such information.
Security
We implement technical and organizational measures designed to protect Personal Data. However, no method of transmission or storage is 100% secure. We continually improve safeguards to protect confidentiality, integrity, and availability.
Links to Other Websites
The Service may contain links to third-party websites. We are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any external sites you visit.
Changes to this Privacy Policy
We may update this Policy from time to time. We will post the updated version here and adjust the “Last updated” date. Material changes may be communicated via email and/or in-app notice where appropriate. Please review this Policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your PDPL rights, please contact: