DR SULAIMAN AL HABIB MEDICAL SERVICES GROUP COMPANY – PRIVACY POLICY

This Privacy Policy applies to the personal information collected from users of the websites http://www.drsulaimanalhabib.com/ http://www.HMG.com.sa/ and mobile application Dr. ALHABIB (collectively the Sites), made available by Dr. Sulaiman Al Habib Medical Services Group Company (HMG, we, us, our), including any services accessed via the Sites.

We may at any time update the Privacy Policy by publishing the varied Privacy Policy on the Sites. If you are accessing your own account or a particular service, we may provide you with further notice that the Privacy Policy has been updated.

By using any of our services, including the Sites, Telehealth Services and Online Pharmacy, you expressly agree and consent to our use of your personal information in accordance with this Privacy Policy, including the disclosures described herein and the potential transfer of your personal information to another territory.

Compliance

Our Sites and our Online Services are intended for users located in the Kingdom of Saudi Arabia (“KSA”). We comply with all applicable data protection laws in this jurisdiction.

For Data collection and use

We may collect, process and retain the following types of information about you (which will be referred to as Data in this Privacy Policy) from the Sites including:

  • a) information which is able to personally identify you and which may be provided by you at the time of voluntary registration for the services offered by us or gathered through your use of the Sites (including when you make enquiries through the Sites (Personal Information)), this may include name, address, email address, date of birth, mobile number, National ID card/number, username etc.;
  • b) financial information (for example, credit card details, bank details);
  • c) information related to your use of the Sites (for example, domain name, IP address and cookies, location data);
  • d) information relating to your purchase of or access to a product or service (such as records of purchase, delivery details, payment receipts etc.);
  • e) any feedback or comments provided by you online;
  • f) information which we consider to be Sensitive Personal Information concerning, including or relating to your health and which may include information:
  • (i) about your individual health, including your medical history;
  • (ii) about your physical attributes, such as weight, height, blood pressure etc.;
  • (iii) about any disabilities that you may have or have had;
  • (iv) about any healthcare services that are being provided, or have been provided, to you;
  • (v) provided by you in connection with the donation, by you of any body part or any bodily substance, or derived from the testing or examination of any body part, or any bodily substance of you; and
  • (vi) about you which is collected before, or in the course of, and incidental to, the provision of any healthcare services;
  • g) information relating to your medical insurance coverage, should you choose to provide it for direct billing purposes; and
  • h) any other information you independently choose to provide to us via the Sites from time to time (for example, if you complete an enquiry form, register for a promotion or participate in a support chat service).

The Sites will record and track the use you make of the Site through the use of, amongst other things, cookies and other monitoring tools and devices. You can choose to turn off cookies in your browser and you can delete them from your hard drive. You do not need to have cookies turned on to use the Sites but you will need them to use and access some parts of the Sites and to access personalised or secure content on the Sites. Some webpages in the Sites may not function properly if the cookies are turned off.

How we use your personal information

We use your Personal Information as necessary for us to provide services to you (such as create appointments, maintain medical records, analyse your data etc.), to carry out the transactions you have requested or to operate the Sites. This may involve us analysing patient medical records and analytics including, but not limited to, diagnosis, prescriptions, lab results, etc. and communicating with your insurance provider.

We may also use such Personal Information to:

  • a) track traffic patterns to and from the Sites (and which may include retaining details of your IP address, operating system, browser, domain and other user information (e.g. your username));
  • b) inform what advertising is being shown;
  • c) ensuring that the content of the Sites is presented in the most effective manner for you and for the device which you are using to access the Sites;
  • d) to review, develop, facilitate or improve our delivery of the Sites and the services available on the Sites;
  • e) simplify the entry of your Personal Information in certain online forms;
  • f) enable you to enter the Sites and access and use certain services provided via the Sites;
  • g) to contact you for follow-up purposes if a consultation session is ended due to a technical fault or for some unknown reason;
  • h) to respond to any queries, requests, or comments that you have submitted;
  • i) to review, develop and improve the services which we offer
  • j) to notify you about changes to the Sites or our services, where applicable
  • k) to protect the safety of members of the public and users of our services;
  • l) for non-personally identifiable information only, with advertisers and other third-party providers for marketing purposes;
  • m) with vendors, administrative service providers, technology providers, and carefully selected business associates for data validation, enhancement, information verification and suppression services;
  • n) for any other purpose for which the user provides consent; and
  • o) as necessary to comply with legal and regulatory obligations, including record keeping, and if necessary in the exercise or defence of legal claims.

We use Sensitive Personal Information in order to ensure that we are able to offer our services requested by you and/or provided by us to the best of our ability. We will use the Sensitive Personal Information to assist in the provision of information to you about your health or your medical records and to provide our services, including considering your Sensitive Personal Information to make recommendations and diagnoses. We will store Sensitive Personal Information in your medical records in accordance with prevailing practice in the medical industry in the relevant territory where you are based and in accordance with our legal obligations.

Marketing

We may use your personal information to contact you directly to provide you with information about services that you have requested from us or which we feel may interest you. You can opt out of receiving such communications at any time.

By proceeding to access our services and agreeing to this privacy policy you hereby expressly consent to the use of your personal information for marketing purposes.

To opt-out, please contact us at: marketing@drsulaimanalhabib.com

With whom do we share your personal information?

We will not disclose personal information to third parties except as provided in this Privacy Policy or as permitted or required by law or any court of competent jurisdiction..

By using our services, you agree and provide your consent to our disclosure of information as described in this Privacy Policy. In particular, you understand that if you instruct us to seek payment authorisation from your insurer we may need to disclose sensitive medical information to your insurer, including details of the treatment or products sought, and you consent to such disclosure. You understand that your personal information may be transferred outside the territory in which you reside for processing by us, and you consent to such transfer.

We may disclose personal information, which may include Sensitive Personal Information:

  • a) to providers of information technology services; these are predominantly members of the HMG group, however third party cloud service providers may be used for storage and processing of video consultations or similar;
  • b) to members of our group;
  • c) to competent regulatory, government or court authorities in response to a legally binding request or legal compliance obligation or in the pursuit of substantial public interests such as infectious disease identification and control;
  • d) to emergency services or other specialist intervention providers, if we believe you or other members of the public may be in imminent danger;
  • e) to your medical insurance provider, if you have instructed us to do so for billing purposes and we offer a direct billing service at the time;
  • f) to third-parties who maintain databases that we need to cross-reference your information against;
  • g) to another healthcare professional for the purposes of ensuring the provision and enhancement of ongoing medical treatment or healthcare services or the provision of medicines;
  • h) to communicate with patients about their care or well-being;
  • i) to communicate with family members and others involved in the patient’s care;
  • j) to conduct or participate in medical research;
  • k) for public health purposes;
  • l) in accordance with usual and recognized professional practice relative to the circumstances and permitted by law; or
  • m) if such information is already publicly known through lawful disclosure by you or your legal representatives.
  • Any third party acting as our supplier or sub-contractor will be under a legally binding duty of confidentiality and we will secure commitments from such third parties to keep your information secure and not to use it for any other purpose other than the purpose for which we have engaged that third party (such as providing hosting services).

Aggregated non-personal information

We may share anonymised Data or derivations of such data with third parties for research, statistical or epidemiological purposes in accordance with the law and/or regulations or courts of the competent jurisdiction. We will ensure that you cannot be identified from any such data before sharing it.

Proper provision of medical services

If you are accessing our medical services, such as our telehealth services, you must ensure that you provide full and accurate information as requested by the data entry fields on our Sites and by the consulting physician. Our physicians rely on the information you provide to inform their assessment of you. If you provide inaccurate or incomplete information, then the assessment you receive may be based on a false understanding of your circumstances and this could lead to adverse healthcare outcomes. We accept no responsibility for acting on information which you have provided and which is not complete or accurate.

Children

We are committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children's online activities and interests. Due to the nature of medical services, however, our services may be of benefit to children and the ability to access certain services online may be more convenient and less stressful than accessing services in a face-to-face environment.

Under our Online Service Terms of Use, we require any person creating an account to be at least 16 years old and for any person creating an account on behalf of a child to confirm to us that they are the child’s legally responsible parent or guardian.

Security

We are committed to protecting the information you provide us. We have implemented security policies, rules and technical measures to protect the personal information that we have under our control, in accordance with applicable data protection laws. The security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Data retention

We will keep your data only for as long as is necessary to respond to any queries or complaints, to improve the services that we offer to you, to comply with any legal obligations to which we may be subject, and to comply with medical good practice and regulatory requirements in relation to the retention of medical records.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve such purposes through other means, and the applicable legal requirements.

When your personal information is no longer required, we will ensure it is securely deleted or rendered inaccessible.

If you are residing in the Kingdom of Saudi Arabia and order physical goods from us, such as through our online pharmacy, we will only retain the personal data related to the transaction for as long as necessary, taking into account the nature of the transaction, unless we are required to retain the data longer by law.

Third party sites

Our Sites may provide links to third-party websites for your convenience. If you access those links, you will leave our Sites. We do not control those third party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party websites. This Privacy Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your personal information. Some third-party companies may choose to share their personal data with us; that sharing is governed by that third-party company's privacy policy.

Enquiries and complaints

If you have any questions or concerns in relation to our use of your personal information, you can contact us by email at: COC@drsulaimanalhabib.com

or by postal mail at

[insert address]

Transfer on merger, sale or other event

In the event that HMG is acquired by or merged with a third-party entity, or all or substantially all of its assets are sold, assigned or transferred to a third party, or upon the occurrence of a change of control of HMG or its bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application to HMG of laws or equitable principles affecting creditors’ rights generally, the information collected by HMG from users may be transferred or assigned as part of such merger, acquisition, sale, change of control or other specified event, but to the extent permitted by applicable law, the obligations of this Privacy Policy shall remain binding on HMG’s successors and assigns.

Governing law

By providing information to HMG, each user (i) acknowledges that HMG operates in the Kingdom of Saudi Arabia, (ii) agrees to permit us to transmit and use such user’s information anywhere necessary, including across international boundaries, to better improve the services and transactions provided by HMG and/or its advertisers and other third-party providers, and (iii) agrees that such use by us shall be subject to the terms and conditions stated in this document and the applicable laws of the Kingdom of Saudi Arabia.