سياسة الخصوصية

Introduction & Scope

This Privacy Policy explains how Al-Hakeem Digital Clinics Platform (the "Platform") collects, uses, and safeguards personal information when users use the Platform.

This Policy is supplementary to the General Terms & Conditions and applies to all users, including doctors, patients, pharmacists, and visitors.

By using the Platform, the user acknowledges having read, understood, and accepted this Policy. If you do not agree, please refrain from using the Platform.

Definitions

• Personal Data: any information relating to an identified or identifiable natural person, directly or indirectly.
• Health Data: data relating to the user's health condition; treated as sensitive data.
• Processing: any operation performed on data, including collection, storage, use, sharing, and deletion.
• User: any person who creates an account on the Platform or uses it in any way.
• Third Party: any party outside the Platform that may receive data within a defined and controlled framework.

Data We Collect

The Platform collects the following categories of data depending on how you use it:

• Account data: name, email, phone number, nationality, date of birth, and national ID where required.
• Professional data (doctors): certificates, licenses, specialty, place of practice, and supporting documents.
• Health data (patients): symptoms, medical history, prescriptions, consultation outcomes, and clinical notes.
• Technical data: IP address, device type, operating system, browser, and session identifiers.
• Usage data: in-platform actions, session timestamps, and interaction logs.
• Payment data: processed through approved payment providers; the Platform does not store full card details.

We adhere to the principle of data minimization: we only collect what is genuinely needed to deliver the service or what is required by law.

How We Collect Data

• Directly from you when you register, complete forms, or use any feature of the Platform.
• Automatically when you interact with the Platform (technical and usage data).
• From relevant verification authorities to validate licenses and certificates (for doctors).
• From other users when they communicate with you within the scope of the service (such as consultation data).

Legal Basis for Processing

Processing of your data is based on one or more of the following grounds:

• Performance of the contract: to deliver the service agreed between you and the Platform.
• Explicit consent: for sensitive and health data; consent may be withdrawn at any time without retroactive effect.
• Legal obligation: to meet regulatory requirements and medical record retention duties.
• Legitimate interests: for security, fraud prevention, and service improvement, without infringing on your rights.

Purposes of Processing

Your data is processed exclusively for the following purposes:

• Creating and managing your account and verifying your identity.
• Delivering medical consultations, issuing prescriptions, and facilitating their dispensing.
• Verifying doctor licenses through the relevant authorities.
• Operational communication with you about the service (alerts, appointments, updates).
• Improving Platform performance using aggregated or de-identified analytics wherever possible.
• Security, fraud prevention, and protection of the Platform and its users.
• Compliance with any applicable legal or regulatory obligations.

We do not use your data for purposes not disclosed in this Policy without prior notice.

Sharing & Disclosure of Data

The Platform does not sell personal or health data to any third party.

Your data may only be shared, within necessary limits, in the following cases:

• With the doctor or patient party to a consultation, within the scope of that consultation.
• With licensed pharmacists when validating a prescription via QR code, limited to prescription data only.
• With operational service providers acting on our behalf (such as cloud infrastructure, communication services, payment processors), bound contractually to confidentiality and prohibited from any other use.
• With regulatory or judicial authorities upon a binding legal request.
• With a legal successor in the case of merger, acquisition, or restructuring, with prior notice to users where reasonably possible.

Data Storage & Location

User data is stored on trusted cloud infrastructure and is geographically segmented per country of service to the extent practicable, in observance of data sovereignty requirements in that country.

Hosting providers used by the Platform hold industry-recognized security certifications and comply with applicable data protection standards.

Data Retention

We retain data for the following periods:

• Account data: for the duration the account is active.
• Medical records: for the period required by medical record retention laws of the country of service (which may extend for years depending on the regulator).
• Security and audit logs: for a reasonable period for incident investigation and compliance.
• Billing and payment data: for the period required by tax and accounting laws.

Upon account deletion or closure, data is deleted or rendered anonymous, except where retention is required by law.

Security Measures

We apply technical and organizational measures appropriate to the nature and sensitivity of the data, including but not limited to:

• Encryption in transit (TLS) and at rest using industry-recognized standards.
• Strict access controls based on the principle of least privilege.
• Multi-factor authentication for sensitive administrative access.
• Periodic security reviews and log monitoring.
• Training of staff on data protection practices.

While we apply these measures, no electronic system is entirely immune to risk; the Platform therefore cannot guarantee absolute security, but commits to following established professional practices and continuously updating them.

Cross-Border Data Transfers

Some technical operations may require processing data outside the country of collection (such as regional cloud hosting). In such cases, we apply appropriate legal and technical safeguards, including data processing agreements and confidentiality obligations, and ensure that the receiving party provides a comparable level of protection.

Use of AI in Processing

We may use artificial intelligence technologies for limited operational tasks such as: prescription triage, appointment suggestions, anomaly detection, and service performance analysis.

AI processing of health data is performed on de-identified or aggregated data wherever technically possible.

AI does not make autonomous medical decisions; clinical decisions remain the responsibility of the treating doctor. Where an automated decision produces a legal effect on you, you have the right to be informed and to request human review.

Cookies & Similar Technologies

We use cookies and similar technologies for authentication, preference storage, security, and analytics.

You may control these files through your browser settings, noting that disabling essential cookies may affect the functionality of certain Platform features.

Your Rights as a User

Subject to the laws applicable in your country, you are granted the following rights and may exercise them through your account settings or the Platform's official contact channels:

• Right of access: to obtain a copy of your processed data.
• Right to rectification: to request correction of any inaccurate or incomplete data.
• Right to deletion: to request deletion of your data where retention is not required by law.
• Right to object: to object to or restrict certain types of processing.
• Right to data portability: to receive your data in a structured, machine-readable format where technically feasible.
• Right to withdraw consent: to withdraw any prior consent at any time, without retroactive effect on lawful prior processing.
• Right to complain: to lodge a complaint with the competent regulatory authority in your country.

We may verify your identity before fulfilling any request, in order to protect your data from unauthorized access.

Children's Privacy

The Platform is not directed at children under the legal age of consent in their country.

Where a consultation concerns a minor, the account must be managed by a parent or legal guardian who provides consent to processing the minor's data on their behalf.

If we become aware of having collected data of a minor without parental consent, we will promptly delete it.

Sensitive Health Data

Health data receives special protection. It is processed only for purposes essential to delivering the service, where you have given explicit consent, or where required by law or judicial order.

Access to health data is restricted to staff who actually need it to perform their roles, subject to logging and review.

Data Breach Notification

In the event of a security incident affecting your personal data, the Platform commits to notifying affected users and competent regulatory authorities in accordance with applicable laws and within the timeframes legally required.

The notice will describe the nature of the incident, its approximate scope, the measures taken to mitigate it, and the steps recommended for the user.

Third-Party Links & Services

The Platform may include links or integrations with external services such as payment gateways, identity verification services, and communication providers.

Privacy practices of such parties are governed by their own policies, and the Platform bears no responsibility for them. You are advised to review the privacy policies of each party before interacting with it.

Amendments to This Policy

We may update this Policy from time to time to reflect changes in our services or in legal requirements.

Material amendments are announced in advance through an in-app notification or via the email registered with us.

Your continued use of the Platform after the amendment takes effect constitutes implicit acceptance of the updated version.

Governing Law & Jurisdiction

This Policy is governed by the laws of the country where the user accesses the service, with respect to data protection rights.

Where multiple jurisdictions apply, we strive to apply the standard most protective of the user, to the extent permitted by law.

Disputes are subject to the same governing law provisions set forth in the General Terms & Conditions.

Contact Us

For questions about this Policy or to exercise any of your rights, you may contact the Platform's privacy team via:

• The official contact channels published on the Platform.
• Dedicated privacy email: privacy@alhakeem.app

We will make reasonable efforts to respond within the timeframes required by applicable regulations.