1. The importance of user privacy, our commitment to your privacy
2. Legal Basis for Collect and Using Your Personal Data
User’s personal data will be collected, processed, shared, and used on the following legal basis:
- Contractual basis: To fulfill our obligations towards you with regards to provide electronic services via Sehhaty including your health record.
- Legal Compliance; To comply with the regulatory requirements of executive and supervisory authorities including – but not limited to – the Personal Data Protection Law and any relevant legislation thereto
- Vital interests: whereas data is processed to protect your vital interests.
- Public interest: whenever data processing is necessary to take in action in the public’s interest.
3. How will we be using your data?
User’s personal data will be collected and processed and used for the following purposes:
- Enabling us to provide, manage and enhance the services provided through Sehhaty and other services and products offered by us.
- Enhancing the quality of healthcare services provided to the User and ease access to it.
- Previewing the User’s Health Record, which can be defined as the group of information representing/documenting the User’s health status and information regarding the healthcare services provided to him/her through healthcare institutions and/or electronic media/ software. This includes journaling, reporting, monitoring, and/or analyzing User’s information related to his/her health or fitness including – but not limited to – his/her physical activity, descriptions, and measurements.
- Communicating and interacting with you and other Sehhaty users for various purposes, for example, in the event of a request for assistance, respond to any enquiry or addressing complaints.
- Provide the user with the latest updates about current or new services and products or other events provided by the Administration or its partners.
- Archiving User’s data and using them for future communication.
- Maintaining and enhancing the performance and security of Sehhaty, and administrating its programs, systems, and networks.
- Create a login account for the User and to authenticate the user's identity when registering in Sehhaty
- Manage Sehhaty and its internal operations, including but not limited to troubleshooting, quality management, data analysis, testing and surveying.
- Comply with legal and regulatory requirements.
- For any other lawful purpose that may be identified to you before, or at the time, the information is collected, to which you have consented.
- Fulfil any other purpose permitted or required by law.
- The Administration may use the Users’ personal data collectively and/or after masking it in a non-identifying manner for the purpose of developing and providing solutions and services.
4. What Personal Data We Collect and Use
- Personal Identifying Data: Full name, national ID or residence number, date of birth, , gender, and any other Personal Identifying Information (PII).
- Health Data: any data related to the User’s physical, mental and psychological health status and the healthcare provided thereto which can be obtained from his/her Health Record, including – but not limited to - the following
- Geographical data, including current location and national address.
- Contact Information, including postal address, phone number and E-mail.
- Data obtained through integration with the databases of different parties in the Health Sector, including but not limited to NPHIES and the National Health Information Center, and others.
- Any other data that the User expressly consents to its collection and usage.
5. How We Collect Your Personal Data
- By simply visiting Sehhaty, the host server will register User’s Internet Protocol (IP) address and the date of visit as well as the Uniform Resource Locator (URL) of any website that redirects the User to Click or tap here to enter text.. The Administration will also collect all the device’s information that will enable the improvement of the User’s experience such as, but not limited to, the device’s language and the type of operating system.
- When using Sehhaty, we automatically collect some information, such as Tech-related information; including User’s IP address used to link its device to the Internet, the browser’s name and version, time-zone, language, or other information related to the User’s activity and/ or utilization of Sehhaty.
- We may obtain your user data if you use any of the other platforms or applications that we operate or take advantage of other services we offer.
6. The Collection of Personal Data of Children or Their Equivalents
If a User provides personal data about someone under the age of eighteen (18) or someone who is mentally incompetent, they must acknowledge that he is the legal guardian and agrees to the use or processing of personal data, they should also provide evidence that proves guardianship, if required.
7. Personal Information Retention Period
Your personal information and personal identifying data - including health data - will be retained according to the specified retention periods, for as long as it is necessary to achieve the purposes for which it was collected, or in accordance with the fulfilment of legal, regulatory, accounting or reporting requirements. These periods may vary depending on the circumstances and requirements, and the duration of data storage is subject to regular periodic review to ensure that user data is not stored for longer than necessary. As long as we retain your data, we shall use all reasonable administrative, technical, and physical safeguards to protect your data from unauthorized use or disclosure.
The Administration will retain all non-identifying data of the User for the sole purpose of developing and improving the experience of using Sehhaty as per mentioned in Section (3) above.
8. Personal Data Protection and Access
9. Personal Data Disclosure
We will always ensure maintaining the privacy and confidentiality of your personal data, and shall not share or disclose such data unless permitted and/or required by law, or when the we believe – acting in good faith – that such disclosure would be necessary for compliance or to provide products and services or technical support as requested by the User and in accordance with this Policy, or if we think it is important or necessary to protect public health and national security.
- We may – to necessary and reasonable extent - disclose your personal data to entities – whether public or private – that are involved in providing the services of Sehhaty including our partners and contractors; to provide you with requested services, or the information regarding the services or new services, or to send invitations to participate in screening of applicants regarding new products or new/current services, as well as to improve Sehhaty’s services and other internal purposes.
- We may also disclosure to entities authorized by the government authorities to receive, process, transfer, or pass requests for those services or provide Sehhaty services whenever the implementation of the service requires access, storage, processing, and use of those data by any of those parties.
We will not disclose or share any of your personal data to third parties, except for the following cases:
- Disclosure to a government entity is permitted if that disclosure is in accordance with the applicable laws and regulations implemented in the Kingdom of Saudi Arabia or any order issued by the government authorities therein.
- In the case of using the support of a third party, you will use trusted and referenced entities, while requesting, and confirming its compliance with the confidentiality standards approved by the Administration, noting that the Administration will put in place all necessary safeguards and undertakings to ensure data privacy and confidentiality, including signing non-disclosure agreements with any 3rd party.
10. Use of External Links
11. User’s Rights (Your personal rights)
- Knowing the purpose and statutory reason for collecting and using your personal data.
- Accessing your personal data and obtaining a copy thereof per your request.
- Correct, complete, or update your Personal information in accordance with Sehhaty’s policies.
- Have your account deactivated, unless there was a legal justification to maintain it, or whenever the data was linked to a case that is looked before a judicial authority
- Withdraw your consent on reviewing your health record and/or any of the matters to which you have expressly consented unless there is a legal justification to prevent such withdrawal, and the possibility of requesting re-consent if required at any time.
12. Your responsibility as a user to protect privacy
To be able to help you protect your personal data, we recommend the following:
13. Policy Update
Issue number: 3
Update date: 10 – Sep - 2023