Privacy Policy
1. The importance of user privacy, our commitment to your privacy
Due to the importance of the privacy and confidentiality of users’ data collected and processed through the SiHi Platform (“SiHi”), SiHi’s Administration (“We” or "Administration") aims to provide and ensure the best levels of service and protection. Therefore, it seeks to maintain and ensure the confidentiality and privacy of all data entered by or collected about any of the SiHi’s users (“You” or "User" or "Users") while adhering to all laws and regulations applicable in the Kingdom of Saudi Arabia (“Kingdom”). This Policy aims to clarify the nature of the data collected from the User, how the Administration will handle such data and the User’s rights related thereto. Furthermore, this Policy shall be read along with the Platform’s Terms of Use, and any term included in this policy shall be as defined in the Terms of Use.
2. Legal Basis for Collecting and Using Your Personal Data
User’s personal data will be collected, processed, shared, and used on the following legal basis:
- Contractual basis: To fulfill our obligations towards you with regards to providing electronic services via SiHi, including your King Saud university Medica city health record.
- Legal Compliance: To comply with the regulatory requirements of executive and supervisory authorities, including – but not limited to – the Personal Data Protection Law and any relevant legislation thereto.
- Vital interests: Whereas data is processed to protect your vital interests.
- Public interest: Whenever data processing is necessary to take action in the public’s interest.
3. How will we be using your data?
A) User’s personal data will be collected and processed and used for the following purposes:
- Enabling us to provide, manage, and enhance the services provided through SiHi and other services and products offered by us.
- Enhancing the quality of healthcare services provided to the User and easing access to it.
- Previewing the User’s King Saud university Medical city Health Record, which can be defined as the group of information representing/documenting the User’s health status and information regarding the healthcare services provided to him/her through electronic media/software. This includes journaling, reporting, monitoring, and/or analyzing User’s information related to his/her health.
- Communicating and interacting with you and other SiHi users via notifications, text messages, or calls for various purposes, for example, in the event of a request for assistance, responding to any enquiry, addressing complaints, or for research and surveying purposes.
- Provide the user with the latest updates about current or new services and products or other events provided by the Administration or its partners.
- Monitoring and flagging any breach of this Policy or SiHi’s Terms of Use.
- Archiving User’s data and using them for future communication.
- Maintaining and enhancing the performance and security of SiHi, and administrating its programs, systems, and networks.
- Creating a login account for the User and authenticating the user's identity when registering in SiHi.
- Managing SiHi and its internal operations, including but not limited to troubleshooting, quality management, data analysis, testing, and surveying.
- Comply with legal and regulatory requirements.
- For any other lawful purpose that may be identified to you before, or at the time, the information is collected, to which you have consented.
- Fulfil any other purpose permitted or required by law.
B) The Administration may use the Users’ personal data collectively and/or after masking it in a non-identifying manner for the purpose of developing and providing solutions and services, enabling innovation, and data analysis.
4. What Personal Data We Collect and Use
- Personal Identifying Data: Full name, national ID or residence number, date of birth, , gender, and any other Personal Identifying Information (PII).
- Health Data: Any data related to the User’s physical, mental, and psychological health status and the healthcare provided thereto, which can be obtained from his/her Health Record, including – but not limited to – the following:
- Geographical data
- Contact Information, including postal address, phone number and E-mail.
- Data obtained through integration with the databases of different parties in the Health Sector, including but not limited to the National Health Information Center, and others.
- Any other data that the User expressly consents to its collection and usage.
5. How We Collect Your Personal Data
- By simply visiting SiHi, the host server will register User’s Internet Protocol (IP) address and the date of visit, as well as the Uniform Resource Locator (URL) of any website that redirects the User to SiHi. The Administration will also collect all the device’s information that will enable the improvement of the User’s experience, such as, but not limited to, the device’s language and the type of operating system.
- When using SiHi, we automatically collect some information, such as tech-related information, including User’s IP address used to link its device to the Internet, the browser’s name and version, time-zone, language, or other information related to the User’s activity and/or utilization of SiHi.
- We may obtain your user data if you use any of the other platforms or applications that we operate or take advantage of other services we offer.
6. The Collection of Personal Data of Children or Their Equivalents
If a User provides personal data about someone under the age of eighteen (18) or someone who is mentally incompetent, they must acknowledge that he is the legal guardian and agrees to the use or processing of personal data, they should also provide evidence that proves guardianship, if required.
7. Personal Information Retention Period
Your personal information and personal identifying data - including health data - will be retained according to the specified retention periods, for as long as it is necessary to achieve the purposes for which it was collected, or in accordance with the fulfilment of legal, regulatory, accounting or reporting requirements. These periods may vary depending on the circumstances and requirements, and the duration of data storage is subject to regular periodic review to ensure that user data is not stored for longer than necessary. As long as we retain your data, we shall use all reasonable administrative, technical, and physical safeguards to protect your data from unauthorized use or disclosure.
The Administration will retain all non-identifying data of the User for the sole purpose of developing and improving the experience of using SiHi as mentioned in Section (3) above.
8. Personal Data Protection and Access
9. Personal Data Disclosure
We will always ensure maintaining the privacy and confidentiality of your personal data, and shall not share or disclose such data unless permitted and/or required by law, or when we believe – acting in good faith – that such disclosure would be necessary for compliance or to provide products and services or technical support as requested by the User and in accordance with this Policy, or if we think it is important or necessary to protect public health and national security.
- We may – to the necessary and reasonable extent – disclose your personal data to entities – whether public or private – that are involved in providing the services of SiHi, including our partners and contractors; to provide you with requested services, or the information regarding the services or new services, or to send invitations to participate in screening of applicants regarding new products or new/current services, as well as to improve SiHi’s services and other internal purposes.
- We may also disclose to entities authorized by the government authorities to receive, process, transfer, or pass requests for those services or provide SiHi services whenever the implementation of the service requires access, storage, processing, and use of those data by any of those parties.
We will not disclose or share any of your personal data to third parties, except for the following cases:
- Disclosure to a government entity is permitted if that disclosure is in accordance with the applicable laws and regulations implemented in the Kingdom of Saudi Arabia or any order issued by the government authorities therein.
- In the case of using the support of a third party, you will use trusted and referenced entities, while requesting, and confirming its compliance with the confidentiality standards approved by the Administration, noting that the Administration will put in place all necessary safeguards and undertakings to ensure data privacy and confidentiality, including signing non-disclosure agreements with any 3rd party,
10. Use of External Links
11. User’s Rights (Your personal rights)
- Knowing the purpose and statutory reason for collecting and using your personal data.
- Accessing your personal data and obtaining a copy thereof per your request.
- Correct, complete, or update your Personal information in accordance with SiHi’s policies.
- Have your account deactivated, unless there was a legal justification to maintain it, or whenever the data was linked to a case that is looked before a judicial authority.
- Withdraw your consent on reviewing your health record and/or any of the matters to which you have expressly consented unless there is a legal justification to prevent such withdrawal, and the possibility of requesting re-consent if required at any time.
12. Your responsibility as a user to protect privacy
To be able to help you protect your personal data, we recommend the following:
13. Policy Update
We reserve the right to modify this Privacy Policy at any time, and you will be notified for your consent. If the updated version of the Privacy Policy is not accepted, we reserve the right to suspend or terminate your account.
Issue number: 1.02
Update date: 04- December- 2024