Privacy Policy & Personal Data Protection

Huduoa Medical Center

1. Introduction

At Huduoa Medical Center, we are committed to protecting the privacy and confidentiality of our users and patients. Personal data is processed in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and its implementing regulations.

This policy explains how we collect, use, store, and safeguard personal data, including sensitive information related to psychological and medical services.

2. Scope of Application

This Privacy Policy applies to all data collected through:

Website and online platform
Online sessions and consultations
Registration forms
Communication channels (WhatsApp, phone, email)
In-person visits at the center

3. Types of Data We Collect

3.1 Personal Data

We may collect the following information:

Full name
Mobile number
Email address
National ID / Residency ID / Passport number
Age
Gender
City

3.2 Sensitive Data (When Services Are Provided)

As part of delivering psychological services, we may process sensitive information, including:

Mental health-related information
Session and consultation records
Professional notes

Such data is handled with enhanced security and confidentiality measures in compliance with applicable regulations.

3.3 Technical Data

We automatically collect certain technical information, such as:

IP address
Device type and operating system
Browser type
Log files and system activity
Cookies and tracking technologies

3.4 Usage Data

We may collect data related to how users interact with our platform, including:

Platform activity
Services accessed
Appointment history
User interaction records

4. Purpose of Data Processing

Personal data is processed for the following purposes:

Creating and managing user profiles and medical/consultation records
Identity verification
Delivering psychological consultations and services
Appointment scheduling and follow-ups
Improving service quality and user experience
Processing payments and issuing invoices
Sending service-related notifications and updates
Complying with legal and regulatory requirements

5. Legal Basis for Processing

We process personal data based on:

Provision of healthcare or consultation services
Compliance with applicable laws and healthcare regulations
Where applicable, user consent

6. Data Sharing

We do not disclose personal data to third parties except in the following cases:

Authorized service providers (e.g., payment gateways, IT systems)
Government authorities when legally required
Healthcare professionals directly involved in providing services

All data sharing is conducted under strict confidentiality and data protection standards.

7. Data Storage & Security

We implement a combination of technical and organizational measures to protect personal data:

Technical Safeguards

Secure HTTPS connections and SSL encryption
Encryption of sensitive data (where applicable)
Firewalls and system protection mechanisms
Intrusion detection systems
Regular backups
Audit logs and activity monitoring

Organizational Safeguards

Role-based access control
Individual user accounts for staff
Restricted access based on job responsibilities
Staff training on data protection practices

8. Cookies

We use cookies and similar technologies to enhance performance and improve user experience. Users may control cookie settings through their browser preferences.

9. Cross-Border Data Transfer

Personal data is not transferred outside the Kingdom of Saudi Arabia unless permitted under applicable regulations and with adequate safeguards.

10. Data Retention

Personal data is retained in accordance with applicable laws and operational needs:

Medical and consultation records: As required by healthcare regulations
Account and usage data: As required by Saudi regulations
Financial records: In line with accounting and legal requirements
Technical logs and cookies: Based on operational necessity

Once the retention period ends, data is securely deleted or anonymized.

11. User Rights

Users have the right to:

Access their personal data
Request correction or updates

Additional rights may apply in accordance with applicable regulations.

12. Limitation of Liability

While we take all reasonable measures to protect data, absolute security cannot be guaranteed in online environments. Users are responsible for maintaining the confidentiality of their account credentials.

13. Data Breach Response

In the event of a data breach, appropriate measures will be taken, including investigation and notification of relevant authorities where required.

14. Policy Updates

We reserve the right to update this Privacy Policy at any time. Changes will be communicated through appropriate channels.

15. Contact Information

For any inquiries related to this policy, please contact:

Email: info@huduoa.com.sa