Privacy Policy
1 Introduction:
1.1 Al-Murjan Medical Center Co. Ltd. – (Al Salama Hospital) is a limited liability healthcare company established under the laws of the Kingdom of Saudi Arabia with its registered office address at [6826 King Abdulaziz Road, 3335 Al Shatea, Jeddah, PO Box 23611], Kingdom of Saudi Arabia. Commercial registration 4030173392. It operates a comprehensive range of medical services to patients committed to humanizing care while enhancing well-being. In this policy, it is referred to as (“Al Salama Hospital”, “our”, “us” and “we”).
1.2 This privacy policy (the “Policy”) explains how Al Salama Hospital collects, processes, uses, and discloses your information as a data controller, referred to as (“personal data”), in compliance with the Personal Data Protection Law and the regulations of the Ministry of Health in the Kingdom of Saudi Arabia, as well as any internal policies specific to Al Salama Hospital. This applies when you contact us, use our services, or interact with our electronic platforms, including websites and mobile applications, referred to as (“platforms”). The Policy detailed below is considered part of the terms and conditions of using these platforms.
2 Policy Coverage:
2.1 At Al Salama Hospital, we are committed to complying with applicable laws when collecting or using your personal data. This Policy is applied whenever any of Al Salama Hospital’s platforms are used.
2.2 Based on this, the Policy has been issued, which outlines the following:
(a) The data that will be collected, processed, or used.
(b) The reasons and methods for collecting data.
(c) The circumstances under which data will be shared internally within the hospital or externally.
(d) How the data will be protected.
(e) The rights of the data subject.
(f) Contacting the data subject.
2.3 Our platforms may contain links to other websites operated by third-party organizations that have their own privacy policies. Please ensure to read the terms and conditions and privacy policy carefully before providing any personal data on any other website/application, as we do not accept any responsibility on behalf of third-party organizations’ websites/applications.
|
Personal data |
Processing purposes |
Lawful basis |
|---|---|---|
|
Identity Data |
||
|
Data establishing your identity including name, address, email address, phone number and date of birth |
To provide you with data about our services and other data that we think may be valuable to you. |
Consent |
|
Data verifying your identity including passport and National ID or Iqama |
To verify your identity for certain services (e.g. registration) |
Legal and regulatory obligations. |
|
Data relating to your account with Al Salama Hospital including username, login details and password (though the password will be encrypted) |
To provide access to our online services/portal. |
Performance of a contract. |
|
Financial data |
||
|
Credit card and bank details |
To respond to any queries, requests, or comments that you may have. |
Contractual, legal and regulatory obligations. |
|
Website data |
||
|
Domain name, IP address and cookies |
To provide you with data about our services and other data that we think may be valuable to you. |
Consent |
|
Transaction data |
||
|
Records of purchase |
To facilitate the sale of our services. |
Contractual, legal and regulatory obligations. |
|
Feedback provided and attributable to you |
To review, develop and improve the services which we offer to you and our clients. |
Consent |
|
Any other data you independently choose to provide to us |
||
|
Data you give to us if you send an enquiry through via the platform or other communications (whether electronic or non-electronic) |
To respond to any queries, requests, or comments that you may have. |
Consent |
3.2 Collection of personal data is optional to browse the platform. However, in order to make a profile on the platform and use the associated services, collection of your personal data is mandatory unless stated otherwise.
3.3 In cases where you do not provide the requested personal data, then we may not be able to comply with our obligations under applicable data protection law, and it may affect your use of the platform or our services. For example, if you do not accept cookies then the platform may not function as intended.
3.4 We will not process your personal data in a manner that is inconsistent with the purpose for which we have collected the data or the basis on which we have relied to collect your personal data, unless we have your consent or a legal basis to process the personal data for an additional purpose.
3.5 Note, if any kind of processing is based on our legitimate interests, this excludes sensitive personal data.
3.6 Sensitive personal data may be that related to your health, which may include:
(a) Your health/medical information, medical history, and vital signs.
(b) Healthcare information that has been provided to you or will be provided.
(c) Information related to your medical insurance coverage.
3.7 We will process any sensitive personal data with the additional, required controls under the applicable data protection laws. This may include the following:
(a) Obtaining your explicit consent to process your sensitive personal data, if we are relying on consent as a legal basis for collecting and processing such data;
(b) Not processing your sensitive personal data for marketing purposes; and
(c) Not collecting or processing your sensitive personal data for scientific, research, or statistical purposes without explicit consent from you.
4 Reasons and Methods for Processing Data:
4.1 Al Salama Hospital uses your personal data only when necessary and to the extent needed to provide you with better services when you make a request through any of its platforms (as explained in the table above). This may include, but is not limited to: reviewing your medical records, analyses, imaging, diagnoses, prescriptions, lab results, and communicating with your insurance provider.
4.2 Al Salama Hospital collects personal data for various reasons through the following methods:
(a) Information about the devices you used to access our platforms, including the model, operating system, IP address, browser type, and mobile device identifiers.
(b) Understanding how you use the platforms and electronic services to ensure that the platform meets your needs.
(c) Sending alerts via email or phone to users who have provided their consent, such as appointment confirmations and other services.
(d) Responding to any inquiries, requests, or comments submitted to Al Salama Hospital.
(e) Developing, facilitating, and improving the services provided by Al Salama Hospital’s platforms.
(f) Facilitating login and use of Al Salama Hospital’s platforms.
(g) Notifying users of any updates that may occur on the platforms.
(h) Al Salama Hospital may aggregate personal data and remove identifying elements to analyze patterns, improve quality, understand platform usage, enhance content, and tailor the layout, products, and services. We may engage third parties to perform these tasks on our behalf.
(i) Al Salama Hospital may collect certain usage information, such as the number of visitors to our platforms and the frequency of visits. This information may include the webpage you came from, the webpage you are going to next, the browser you are using, your device, and your IP address. This data helps us assess the usage of our platforms and conduct research to improve the services provided to users.
(j) For any other purpose to which the user consents later.
5 Methods for Obtaining your Personal Data:
5.1 Any personal data that we obtain from you will be processed by us in accordance with applicable data protection laws.
5.2 We may obtain your personal data from a variety of sources, including:
(a) from you (for example, when you visit our platforms, when you make an inquiry about our experience services, when you make an appointment, send emails, participate in surveys, or otherwise provide us with your personal data); and
(b) from third parties, where permitted by law, such as, without limitation, regulatory authorities, public databases.
6 Circumstances Under Which Personal Data Will Be Shared Internally or Externally:
6.1 There may be the sharing of personal data controlled by Al Salama Hospital for specific and legitimate purposes, such as achieving integration between different entities within or outside the Kingdom of Saudi Arabia, ensuring that data is obtained from its correct sources, and reducing duplication, conflicts, and multiple sources. Any such sharing, whether within or outside the Kingdom of Saudi Arabia, shall be conducted in strict compliance with the Saudi Personal Data Protection Law (PDPL). If personal data is requested from a source other than its primary source, Al Salama Hospital must first obtain the consent from the data subject before sharing it with the requesting entity.
6.2 By using our services through the platforms, you acknowledge and agree to our disclosure of personal data as outlined in this Policy, to the extent required for disclosure to the relevant entities. As for data that is not considered personal, Al Salama Hospital has the right to share it with any external entity for research, statistical, or epidemiological purposes in accordance with the laws and regulations of the Kingdom of Saudi Arabia. Al Salama Hospital also commits that the data shared will not allow for the identification of the data subject.
6.3 The circumstances under which personal data is disclosed, which may include personal data, are:
(a) Disclosure may be made to regulatory or government authorities upon their request, in order to comply with legal and regulatory requirements.
(b) Disclosure may occur in situations where Al Salama Hospital is required to share personal data with third parties (i.e. legal counsel, courts, or other relevant parties) in order to exercise or defend its legal or regulatory rights (this includes providing personal information to others to prevent fraud, credit risk and other issues).
(c) Your personal data may be transferred, stored, and processed in a country different from your country of residence or our country of establishment. In any case, Al Salama Hospital has implemented appropriate safeguards in accordance with applicable regulatory requirements to ensure adequate protection of the data subject.
(d) Disclosure may be made to the IT department of Al Salama Hospital and to external entities that are contracted for data storage.
(e) Disclosure may be made to medical insurance providers for billing purposes.
(f) Disclosure may be made to any other healthcare professional as required by the health condition of the data subject, including but not limited to: medication providers, laboratory specialists at Al Salama Hospital, or any external entities involved in issuing medical reports or other related services. We will seek your consent at the time of treatment if this is the case.
(g) Disclosure may be made to family members of the data subject when necessary and permitted by law.
(h) Disclosure may be made for the purpose of conducting or participating in medical research.
(i) Disclosure may occur if this information is already known to the public through lawful disclosure by the data subject or its legal representatives.
6.4 A list of third parties with whom personal data is generally shared is available, including: [Google advertising, analytics, and tracking services – Microsoft Clarity – HotJar – social media advertising platforms (Facebook, Twitter, Instagram, LinkedIn, TikTok, Snapchat) – additional advertising platforms (Adroll, Google 360) – communication tools – service providers – security mechanisms (Wordfence, Google ReCAPTCHA, Cloudflare)]. Additional lists may be provided within consent forms or privacy notices that may be shared with you when specific types of personal data are collected, and in certain contexts where personal data is shared for specific purposes, such as laboratories.
6.5 The personal data you submit may be transferred, stored and hosted outside of the Kingdom of Saudi Arabia or the country from which you may be accessing our platform, only in accordance with the Personal Data Protection Law and SDAIA-approved transfer mechanisms, ensuring an adequate level of protection and that your rights as a data subject are preserved.
6.6 To the extent that any of your personal data is transferred, we will take reasonable measures to ensure that such transfers are lawful and fulfil the applicable conditions. If required, we will implement appropriate measures such as standard contractual clauses issued by the Saudi Data and Artificial Intelligence Authority here to ensure that your personal data remains protected and secure when it is transferred outside your home country, and you can exercise your rights effectively.
7 Retention:
7.1 We will keep your personal data as per applicable data protections laws and only for as long as is necessary for the purposes described in this Policy or to comply with any legal or regulatory obligations to which we may be subject.
7.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve such purposes through other means, and the applicable legal requirements
8 How Personal Data Will Be Protected:
8.1 Al Salama Hospital ensures the application of the regulations, rules, and policies outlined in this Policy, as well as any related systems, legislations, or policies.
8.2 All parties to whom information is disclosed under the above Section Six will be required to maintain the confidentiality of the data in accordance with all regulations and legislations in the Kingdom of Saudi Arabia.
8.3 All parties involved in the data sharing process shall be jointly responsible for sharing and processing the data in accordance with the specified purposes.
8.4 Al Salama Hospital is committed to complying with applicable laws during the data sharing process to ensure that the data is used within the specified framework.
8.5 Al Salama Hospital is committed to safeguarding your personal data, and appropriate security technologies are used to secure the electronic storage of transmitted personal data.
8.6 Al Salama Hospital is committed to safeguarding the data of the data subject, except when it is necessary to respond to any inquiries or complaints, to improve the services we provide to you, to comply with any regulatory obligations we may be subject to, and to adhere to good medical practices and regulatory requirements regarding the retention of medical records.
8.7 Al Salama Hospital has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9 Rights of the Data Subject:
9.1 The data subject may exercise the following rights:
(a) To be informed – you have a right to understand how your personal data is processed by way of this Policy;
(b) To access – right to access your personal data held by us subject to certain restrictions;
(c) Request access – request a copy of your personal data in a readable and clear format;
(d) Correction and rectification – request us to amend or update your personal data where it is inaccurate or incomplete subject to any supporting documents or evidence which may be required to verify such request;
(e) Destruction – request us to destroy your personal data at your request or where it is no longer necessary for the purpose(s) for which your personal data was originally collected, unless we are required to retain the personal data for a particular period of time to comply with a legal obligation or if the personal data relates to a case under consideration by a judicial authority (in which case the personal data will be deleted after the period of time has lapsed or the judicial procedure is concluded);
(f) Restrict your data – request us temporarily or permanently to stop processing all or some of your personal data;
(g) Withdraw your consent – withdraw your consent at any time to the use of your personal data for a particular purpose (where we have asked you for consent to use your personal data for that particular purpose such as direct marketing); and
(h) Claim compensation – claim compensation for material or moral damage if you are harmed as a result of any violation stipulated in the applicable data protection laws.
9.2 If you would like to exercise any of the above rights, you can contact us in writing – please refer to “Contact details” at Section 13 to obtain the relevant contact data. We will endeavour to get back to you as soon as possible and in line with statutory deadlines. If any request is repetitive, manifestly unfounded, or requires disproportionate efforts, we reserve the right to refuse it, in which case we will notify you of the refusal and the reason behind it.
9.3 Please note: We may need to request specific data from you if we receive a request from you. This is to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). It is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If it becomes apparent to you that we are not complying with the applicable data protection and privacy rules, you can submit a complaint to the Saudi Data and Artificial Intelligence Authority via the website sdaia.gov.sa or any other competent authority that will be determined later to be competent to receive such complaints.
10 Children:
10.1 We are committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities and interests. We may collect personal data from children, but we do not target our platforms to children. Any personal data collected from children will also be subject to the same regulations, rules, and policies outlined in this Policy, as well as any related systems, legislations, or policies.
12 Notification:
12.1 The data subject benefiting from Al Salama Hospital’s platforms must continuously review the Policy and terms and conditions for any updates.
12.2 Al Salama Hospital is committed to notifying data subjects through its platforms of any updates to the Policy and terms and conditions.
12.3 This Policy was last updated on 22 January 2025.
13 Contact details:
This Policy sets out in broad terms how we handle your personal data and safeguard your privacy. If you have any questions relating to our Policy, please write to us at:
(a) By Email at: info@alsalamahospital.com/Legal.Department@alsalamahospital.com
(b) By phone on: 920051919
Data Protection Compliance Officer:
(a) Name: Yazeed Al Juhani
(b) Department: Legal Office
(c) Address: [6826 King Abdulaziz Road, 3335 Al Shatea, Jeddah, PO Box 23611], Kingdom of Saudi Arabia.
(d) Phone: 920051919
(e) Email: Department@alsalamahospital.com
Address of Saudi Data & AI Authority (SDAIA):
Kingdom of Saudi Arabia, Riyadh
Website: Saudi Data & AI Authority (sdaia.gov.sa)
National Data Governance Platform (dgp.sdaia.gov.sa)
