Privacy Policy

1. The importance of user privacy, our commitment to your privacy

Due to the importance of the privacy and confidentiality of users’ data collected and processed through the SiHi Platform (“SiHi”), SiHi’s Administration (“We” or "Administration") aims to provide and ensure the best levels of service and protection. Therefore, it seeks to maintain and ensure the confidentiality and privacy of all data entered by or collected about any of the SiHi’s users (“You” or "User" or "Users") while adhering to all laws and regulations applicable in the Kingdom of Saudi Arabia (“Kingdom”). This Policy aims to clarify the nature of the data collected from the User, how the Administration will handle such data and the User’s rights related thereto. Furthermore, this Policy shall be read along with the Platform’s Terms of Use, and any term included in this policy shall be as defined in the Terms of Use.

2. Legal Basis for Collecting and Using Your Personal Data

User’s personal data will be collected, processed, shared, and used on the following legal basis:

- Contractual basis: To fulfill our obligations towards you with regards to providing electronic services via SiHi, including your King Saud university Medica city health record.

- Legal Compliance: To comply with the regulatory requirements of executive and supervisory authorities, including – but not limited to – the Personal Data Protection Law and any relevant legislation thereto.

- Vital interests: Whereas data is processed to protect your vital interests.

- Public interest: Whenever data processing is necessary to take action in the public’s interest.

3. How will we be using your data?

A) User’s personal data will be collected and processed and used for the following purposes:

- Enabling us to provide, manage, and enhance the services provided through SiHi and other services and products offered by us.

- Enhancing the quality of healthcare services provided to the User and easing access to it.

- Previewing the User’s King Saud university Medical city Health Record, which can be defined as the group of information representing/documenting the User’s health status and information regarding the healthcare services provided to him/her through electronic media/software. This includes journaling, reporting, monitoring, and/or analyzing User’s information related to his/her health.

- Communicating and interacting with you and other SiHi users via notifications, text messages, or calls for various purposes, for example, in the event of a request for assistance, responding to any enquiry, addressing complaints, or for research and surveying purposes.

- Provide the user with the latest updates about current or new services and products or other events provided by the Administration or its partners.

- Monitoring and flagging any breach of this Policy or SiHi’s Terms of Use.

- Archiving User’s data and using them for future communication.

- Maintaining and enhancing the performance and security of SiHi, and administrating its programs, systems, and networks.

- Creating a login account for the User and authenticating the user's identity when registering in SiHi.

- Managing SiHi and its internal operations, including but not limited to troubleshooting, quality management, data analysis, testing, and surveying.

- Comply with legal and regulatory requirements.

- For any other lawful purpose that may be identified to you before, or at the time, the information is collected, to which you have consented.

- Fulfil any other purpose permitted or required by law.

B) The Administration may use the Users’ personal data collectively and/or after masking it in a non-identifying manner for the purpose of developing and providing solutions and services, enabling innovation, and data analysis.

4. What Personal Data We Collect and Use

  1. We will be collecting the User’s data entered for the purpose of registering and using SiHi, collected through or that the User provides for that purpose to the Administration through the approved channels of communication. The data include – but are not limited to – the following:

    - Personal Identifying Data: Full name, national ID or residence number, date of birth, , gender, and any other Personal Identifying Information (PII).

    - Health Data: Any data related to the User’s physical, mental, and psychological health status and the healthcare provided thereto, which can be obtained from his/her Health Record, including – but not limited to – the following:

    • Visitation and referrals
    • Allergy Information
    • Vital signals
    • Operations
    • Laboratory tests
    • Radiology tests
    • Clinical notes and summaries, including outpatients’, clearance, and operations summaries,
    • Prescribed and off-counter medication.
    • Vaccination

    - Geographical data

    - Contact Information, including postal address, phone number and E-mail.

    - Data obtained through integration with the databases of different parties in the Health Sector, including but not limited to the National Health Information Center, and others.

    - Any other data that the User expressly consents to its collection and usage.

5. How We Collect Your Personal Data

  1. We will collect your personal data (User Data) through SiHi, Health Informatic System of King Saud University Medical city , the National Health Information Center's Patients’ Registry while abiding by its privacy policy. We may also collect your data by contacting you directly through the approved channels of communication.
  2. We use cookies and similar technologies in a range of ways to collect some data and improve the User’s experience in using SiHi. Such use is summarized in the following:

    - By simply visiting SiHi, the host server will register User’s Internet Protocol (IP) address and the date of visit, as well as the Uniform Resource Locator (URL) of any website that redirects the User to SiHi. The Administration will also collect all the device’s information that will enable the improvement of the User’s experience, such as, but not limited to, the device’s language and the type of operating system.

    - When using SiHi, we automatically collect some information, such as tech-related information, including User’s IP address used to link its device to the Internet, the browser’s name and version, time-zone, language, or other information related to the User’s activity and/or utilization of SiHi.

    - We may obtain your user data if you use any of the other platforms or applications that we operate or take advantage of other services we offer.

6. The Collection of Personal Data of Children or Their Equivalents

If a User provides personal data about someone under the age of eighteen (18) or someone who is mentally incompetent, they must acknowledge that he is the legal guardian and agrees to the use or processing of personal data, they should also provide evidence that proves guardianship, if required.

7. Personal Information Retention Period

Your personal information and personal identifying data - including health data - will be retained according to the specified retention periods, for as long as it is necessary to achieve the purposes for which it was collected, or in accordance with the fulfilment of legal, regulatory, accounting or reporting requirements. These periods may vary depending on the circumstances and requirements, and the duration of data storage is subject to regular periodic review to ensure that user data is not stored for longer than necessary. As long as we retain your data, we shall use all reasonable administrative, technical, and physical safeguards to protect your data from unauthorized use or disclosure.

The Administration will retain all non-identifying data of the User for the sole purpose of developing and improving the experience of using SiHi as mentioned in Section (3) above.

8. Personal Data Protection and Access

  1. We will continuously develop security practices to ensure that information and systems are maintained and confidential using the organizational, administrative, and technical procedures and means necessary to protect your data from any unauthorized access, use, alteration, or destruction, including conducting internal and external audits and data encryption, and training employees in privacy.
  2. Access to your identifying data – in is limited to authorized persons only, based on the need for knowledge, and their handling of information will be the subject of direct guidance, control, and monitoring by the administration. They are committed to maintaining the confidentiality of information.
  3. With regard to personal health data, it will be protected and sealed, and will access to it will only be authorized to those who have the authority to break this seal - such as the treating health practitioner - or whenever your interest so requires or under the applicable laws and regulations.
  4. A log will be kept to record any access to your personal data for the Administration or competent authorities’ auditing purposes.

9. Personal Data Disclosure

We will always ensure maintaining the privacy and confidentiality of your personal data, and shall not share or disclose such data unless permitted and/or required by law, or when we believe – acting in good faith – that such disclosure would be necessary for compliance or to provide products and services or technical support as requested by the User and in accordance with this Policy, or if we think it is important or necessary to protect public health and national security.

  1. Disclosure to Relevant Parties:

    - We may – to the necessary and reasonable extent – disclose your personal data to entities – whether public or private – that are involved in providing the services of SiHi, including our partners and contractors; to provide you with requested services, or the information regarding the services or new services, or to send invitations to participate in screening of applicants regarding new products or new/current services, as well as to improve SiHi’s services and other internal purposes.

    - We may also disclose to entities authorized by the government authorities to receive, process, transfer, or pass requests for those services or provide SiHi services whenever the implementation of the service requires access, storage, processing, and use of those data by any of those parties.

  2. Disclosure to Third Parties:

    We will not disclose or share any of your personal data to third parties, except for the following cases:

    - Disclosure to a government entity is permitted if that disclosure is in accordance with the applicable laws and regulations implemented in the Kingdom of Saudi Arabia or any order issued by the government authorities therein.

    - In the case of using the support of a third party, you will use trusted and referenced entities, while requesting, and confirming its compliance with the confidentiality standards approved by the Administration, noting that the Administration will put in place all necessary safeguards and undertakings to ensure data privacy and confidentiality, including signing non-disclosure agreements with any 3rd party,

  3. Disclosure to entities outside the Kingdom of Saudi Arabia:
    We will not disclose or process any of your personal data outside the Kingdom of Saudi Arabia unless we obtained the necessary approvals whether your explicit consent or the approval of the relevant government authorities. This is done if necessary or to achieve the intended purposes of collecting and processing them in the first place.

10. Use of External Links

  1. SiHi may contain links to third parties’ sites or services, which may be subject to separate privacy policies. Kindly note that such links are out of our control, and we are not responsible for any of their policies. Reviewing those links' policies is within the User’s responsibility.
  2. SiHi is not associated with any trademarks, logos, symbols, commercial or service, or any other means used or appearing on websites linked to this platform or any of its contents and is not considered a participant in any way.
  3. The Administration reserves the right to disable, cancel or forward any link in any way.

11. User’s Rights (Your personal rights)

  1. With consideration to the (Personal Data Retention) clause above, you may – at any time - request any of the following:

    - Knowing the purpose and statutory reason for collecting and using your personal data.

    - Accessing your personal data and obtaining a copy thereof per your request.

    - Correct, complete, or update your Personal information in accordance with SiHi’s policies.

    - Have your account deactivated, unless there was a legal justification to maintain it, or whenever the data was linked to a case that is looked before a judicial authority.

    - Withdraw your consent on reviewing your health record and/or any of the matters to which you have expressly consented unless there is a legal justification to prevent such withdrawal, and the possibility of requesting re-consent if required at any time.

  2. If you wish to submit any request as described above, you may do it by contacting us at: SIHISupport@ksu.edu.sa. Please note that the Administration may require additional data to respond to the User’s request or to confirm their identity.

12. Your responsibility as a user to protect privacy

To be able to help you protect your personal data, we recommend the following:

13. Policy Update

We reserve the right to modify this Privacy Policy at any time, and you will be notified for your consent. If the updated version of the Privacy Policy is not accepted, we reserve the right to suspend or terminate your account.

Issue number: 1.02

Update date: 04- December- 2024