Menu

Privacy Policy

Last Updated: 10/14/2025

This Privacy Policy describes how Novo Genomics (“we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal data through our website novogenomics.sa and related services. We are committed to protecting your privacy and ensuring your personal and genetic/health data is handled securely and lawfully, in compliance with the Personal Data Protection Law (PDPL) of Saudi Arabia.

By using our website or services, you agree to the practices described in this policy.

Company Name: Novo Genomics

Address: Prince Muhammad Ibn Saad Ibn Abdulaziz Rd, Al Malqa, Riyadh, Saudi Arabia

Email (Privacy / Data Inquiries): info@novogenomics.sa

Phone: +966 58 270 6920

If you have any questions or concerns about your data or this Privacy Policy, or would like to exercise your data rights, you may contact us at the above email address.

2.  Definitions & Legal Framework
  • Personal Data / Personal Information: Any data that can identify you directly or indirectly (e.g. name, contact info, IP address). Under PDPL, this also includes “sensitive data” such as health, genetic, biometric, or genetic
  • Processing: Any operation on data collection, storage, modification, sharing, destruction,
  • Controller / Processor: We are the “data controller” for your personal data collected through

our services.

  • Data Subject: You, the individual whose personal data is
  • PDPL: The Personal Data Protection Law of Saudi Arabia, effective from 14 September 2023, with full enforceability from September 2024.
3.  Information We Collect

We may collect:

a.  Personal & Contact Data
  • Name, email address, phone number, mailing address
  • Information submitted via inquiry forms, appointment requests
b.  Sensitive / Health / Genetic Data
  • For users seeking genomic, medical, or diagnostic services, we may collect health, medical, or genetic information (with your explicit consent)
  • Test results, medical history, biometrics, family genetic data (when needed for analysis)
c.   Technical & Usage Data
  • IP address, browser type/version, device, operating system
  • Pages visited, duration, referral source
  • Cookies, analytics data
4.  Purposes & Legal Grounds for Processing

We process your data for the following purposes and on lawful grounds:

Purpose

Legal Basis / Ground

Additional Notes

Provide, manage, and deliver genomics / diagnostic services

Your consent, or as necessary for the contract between us

Sensitive data requires explicit, informed consent

Responding to inquiries, communications

Consent or legitimate interest

We will honor opt-out and objections

Website analytics, security, performance

Legitimate interest / consent

To improve UX, detect misuse, maintain integrity

Regulatory compliance, legal obligations

Compliance with law

e.g. health regulations, reporting obligations

Research, scientific purposes (where applicable)

Consent, or permissible under PDPL for public interest / health research

Data may be anonymized for these uses

We will collect only the data necessary for the stated purpose (data minimization) and retain it only as long as needed or required by regulation.

5.  Sharing, Disclosure & Cross-Border Transfer
  1. Sharing with Third Parties

We may share your data with:

  • Authorized service providers, IT or analytics vendors, laboratory partners (under confidentiality contracts)
  • Healthcare providers / referring to physicians, with your consent or where legally required
  • Regulatory or governmental bodies if required by law

We do not sell or rent your personal or genetic data to third parties for marketing or profit.

b.  Cross-Border Transfers

If personal data is transferred outside Saudi Arabia, such transfer will comply with PDPL’s Data Transfer Regulations:

  • Transfers must have appropriate safeguards, such as Standard Contractual Clauses, Binding Common Rules, or accreditation.
  • We will conduct a risk assessment prior to transfer of sensitive data on a continuous or widespread
  • Transfers must not compromise the “national security or vital interests” of
6.  Data Security & Storage

We apply robust organizational, administrative, and technical safeguards to protect your data, including:

  • Encryption in transit and at rest
  • Access controls and role-based permissions
  • Regular security audits, backup, and monitoring
  • Secure infrastructure and data centers (location may be inside or outside KSA, subject to legal controls)

Only authorized personnel with legitimate need will have access to personal or sensitive data.

7.  Data Retention & Deletion
  • We retain your data only as long as necessary to fulfill service, legal, or regulatory obligations
  • After that period, we securely delete, anonymize, or archive your data
  • You may request deletion or anonymization of your data (to the extent permitted by law). We will respond within a reasonable timeframe
8.  Cookies & Tracking Technologies
  • We use cookies, web beacons, analytic tools to improve performance, analyze site usage, customize experiences
  • You may disable or block cookies via your browser settings (though this might limit some website functionalities)
  • We will inform you of cookie usage and ask for consent as needed
G. Your Rights as Data Subject

 Under PDPL, you have the following rights (subject to legal limitations):

  1. Access — request access to your personal data
  2. Rectification / Correction — request us to correct inaccurate or incomplete data
  3. Erasure / Deletion — request deletion of data when no longer needed or lawful basis ends
  4. Restriction / Objection — restrict or object to certain processing
  5. Portability requires a copy of data in a standard, machine-readable format
  6. Withdraw Consent — you may withdraw your consent at any time, without affecting prior processing
  7. Lodge Complaint — you may file a complaint with the supervisory authority (SDAIA)

To exercise any of these rights, contact us via the email listed above. We will respond to your request in a timely manner and inform you of any refusal (with justification).

10.  Data Breach Notification

In the event of a personal data breach, we will:

  • Assess risks and scope
  • Notify SDAIA (Saudi Data s AI Authority) when required
  • Inform affected individuals if the breach poses high risk
  • Take remedial actions to contain and prevent recurrence
11.  Children & Minors

We do not knowingly collect data from children under the age of 18 without parental or guardian consent. If you believe we have collected data from a minor without permission, contact us to request deletion.

12.  Updates to this Privacy Policy

We may update this policy periodically to reflect changes in law, technology, or our practices. We will

notify you by posting the revised version on our website with a new “Last Updated” date.

13.  Governing Law & Jurisdiction

This policy is governed by the laws of the Kingdom of Saudi Arabia. Any disputes will be subject to the jurisdiction of Saudi courts and relevant regulatory bodies.

Saudi Biotech company focused on localizing and applying technologies in genomics & multi-omics. We leverage advanced analytics and data mining to promote health and wellness across the Kingdom and the region.

Our Services

  • Genetic Testing
  • Oncology Diagnostics
  • Pharmacogenomics
  • Prenatal Screening
  • Rare Disease Diagnosis
  • Clinical Research Support

Quick Links

Contact Us

Follow Us

X-twitter Facebook Instagram Linkedin
© Copyright Novo Genomics All Rights Reserved