Skip to content
English

PRIVACY POLICY

 

Company Information

This policy is issued by Human Powers for Senior Management Consulting Services Single Person Company, operating under the registered trade name "Growship", Commercial Registration Number 1010538504, with the registered address: 4172, Musa bin Nusair Street, Al-Olaya, 7552, Riyadh, Kingdom of Saudi Arabia.

Contact Email: it@thegrowship.com

Phone: 00966115624961

Scope

This policy governs how Growship collects, uses, discloses, retains, and protects personal data, in accordance with the Personal Data Protection Law (PDPL), its implementing regulations, and the directives issued by the Saudi Authority for Data and Artificial Intelligence (SDAIA).

Personal Data Collected

We may collect the following categories of personal data:

  • Identity Data: Name, title, national ID number
  • Contact Data: Email, phone number, postal address
  • Professional Data: Company name, job title, professional requirements and objectives
  • Digital Data: IP address, device information, browser type, operating system, cookie data
  • Social Interaction Data: Social media account information, survey responses, preferences
  • Directly through forms, inquiries, and registration via our platform.
  • Automatically through cookies, analytics tools, and similar technologies.
  • From publicly available sources or licensed third parties, where legally permitted.
  • The right to be informed about the collection and processing of their data
  • The right to access their personal data
  • The right to request correction of inaccurate or incomplete data
  • The right to request deletion/destruction of data
  • The right to withdraw consent at any time
  • The right to restrict or object to processing in certain cases
  • The right to obtain a copy of their personal data (data portability)
  • The right to file a complaint with SDAIA when their rights are violated
  • Data is retained only for the period necessary to fulfill the purposes for which it was collected or as required by law.
  • Marketing data is retained until consent is withdrawn.
  • Upon expiration of the retention period or withdrawal of consent, data is securely destroyed or anonymized using approved technologies.
  • With your explicit consent
  • With approved service providers for service delivery purposes only
  • To comply with legal, regulatory, or judicial requirements
  • When disclosure is necessary to protect public health, safety, or individual rights (in accordance with Articles 15-16 of the Law)
  • The transfer of personal data outside the Kingdom is subject to strict controls under Article 29 of the Personal Data Protection Law and the Regulation on Personal Data Transfer Outside the Kingdom.
  • Transfers are only made to countries approved by SDAIA or under appropriate safeguards (such as standard contractual clauses).
  • A risk assessment is conducted before any transfer, in line with SDAIA's Risk Assessment Guide.

Collection is limited to the minimum data necessary to achieve the specified purposes, in accordance with SDAIA's Guide to Determining the Minimum Personal Data.

Data Collection Methods

Purposes and Legal Basis for Processing

Your personal data is processed for the following purposes in accordance with the legal bases stipulated in the Personal Data Protection Law:

  1. Service Delivery and Contract Execution (Contractual Necessity)
  2. Marketing and Communication (Consent)
  3. Business Development and Analysis (Legitimate Interest)
  4. Regulatory and Legal Compliance (Legal Obligation)
  • To provide consulting services, respond to inquiries, and complete transactions.
  • To send newsletters, promotional offers, and company updates, upon obtaining your explicit consent.
  • To analyze website usage, measure performance, and identify potential clients.
  • To comply with legal, regulatory, and governmental requirements.

 

Data Subject Rights

In accordance with Articles (4, 5, 6, 7, 8) of the Personal Data Protection Law and Articles (3-8) of the Implementing Regulations, data subjects have the following rights:

Requests are handled within 30 days as specified by the law.

Data Retention and Destruction

Data Sharing and Disclosure

We do not share your personal data with third parties except in the following cases:

All third parties are required to apply appropriate security safeguards.

Cross-Border Data Transfer

 

 

Security Measures

Growship implements technical, administrative, and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, monitoring, and secure storage.

Complaints and Contact

If you wish to exercise your rights or file a complaint regarding the processing of your personal data, you may contact us at:

Privacy Office - Growship

4172, Musa bin Nusair Street, Al-Olaya, 7552, Riyadh, Kingdom of Saudi Arabia

Email: it@thegrowship.com

Phone: 00966115624961

If the issue is not resolved, you have the right to escalate the complaint to the Saudi Authority for Data and Artificial Intelligence (SDAIA).

Policy Updates

This policy may be updated from time to time in accordance with the Personal Data Protection Law and its implementing regulations. The latest version will always be available on our website.

Disclaimer: This policy has been prepared in accordance with the Personal Data Protection Law of the Kingdom of Saudi Arabia, its implementing regulations, and official directives issued by SDAIA. For verification, please refer to the official website of the Authority.