• Info@mekaaz.com
  • 8006 Laysen Valley, King Khalid Br. Rd, Riyadh 12329, Kingdom of Saudi Arabia
Business Survey
User Survey
Business Survey
User Survey
Business Survey
User Survey

Me’kaaz Privacy Policy

1. Introduction

Welcome to Me’kaaz, a pioneering health tech platform dedicated to enhancing chronic care management through innovative virtual care solutions. This Privacy Policy outlines our commitment to protecting the privacy and security of our users’ information, detailing how we collect, use, store, and share your personal and clinical data. By using Me’kaaz’s services, you trust us with your health information, and we are committed to safeguarding this trust with the highest standards of privacy practices.

1.1 Purpose of This Policy

The purpose of this Privacy Policy is to transparently explain:

  1. Detailing the types of personal and clinical data collected through our platform.

  2. Outlining the purposes for processing your data, including how it enhances our services and complies with legal obligations.

  3. Describing with whom and under what circumstances we share your data, and the robust security measures in place to protect it.

  4. Clarifying your rights regarding your personal and clinical data and how you can exercise these rights.

1.2 Scope of This Policy

This Privacy Policy applies to all services and products offered by Me’kaaz, including, but not limited to, our web and mobile applications, wearable health devices, customer support services, and any interaction you may have with our clinical or administrative staff. Whether you are a patient using our platform, a healthcare provider partnering with us, or a visitor to our website, this policy is relevant to you.

1.3 Emphasis on Clinical Data

Given the sensitive nature of the clinical data we handle, such as medical histories, treatment information, and health metrics from wearable devices, we take extra precautions to ensure its confidentiality, integrity, and availability. We comply with applicable health data protection regulations, including those specific to Saudi Arabia, and adhere to international best practices to manage this data responsibly.

1.4 Compliance and Regulatory Considerations

Me’kaaz operates in the dynamic and highly regulated health tech industry of Saudi Arabia. We are committed to compliance with all relevant laws, including but not limited to, the Personal Data Protection Law (PDPL), Health Insurance Portability and Accountability Act (HIPAA) where applicable, and other global data protection regulations that impact our operations. Our practices are designed to meet or exceed the regulatory requirements for data protection and privacy.

1.5 Updates to This Policy

As the health tech industry evolves, and as our services expand and improve, we may update this Privacy Policy to reflect changes in our practices or in response to regulatory adjustments. We will provide notice of these changes as described in Section 8 of this policy.

1.6 Contact Us

If you have any questions or concerns about our privacy practices or this Privacy Policy, please contact us using the information provided at the end of this document. We value your feedback and are committed to addressing any concerns promptly and transparently.

2. Information We Collect

At Me’kaaz, we collect various types of information to provide and improve our services, ensure user security, and comply with legal obligations. The data collected can be categorized into three main types: Personal Information, Health Information, and Automatically Collected Information.

2.1 Personal Information

This includes data that can personally identify you as an individual. We collect this information through your interactions with our services, such as when you create an account, contact customer support, or participate in surveys. Specifically, we collect:

  1. Your name, address, email address, and telephone number.

  2. Your username, password (stored in encrypted form), and other information necessary for account setup and access.

  3. Credit/debit card information and other billing details if you purchase anything from our platform. This information is processed directly by our payment processors, and we do not store full credit card details.

  4. Any information you provide when you communicate with us via emails, letters, phone calls, or other forms of communication.

2.2 Health Information

As a health tech company focused on chronic care management, we collect detailed health information that is critical for providing personalized medical services and improving patient outcomes. This includes:

  1. Information collected from our wearable devices, such as blood pressure readings, heart rate, blood glucose levels, and oxygen saturation.

  2. Information about your previous medical conditions, treatments, and medications, as provided by you or your healthcare provider.

  3. Information about your current health symptoms as entered into our mobile app or reported to healthcare providers through our platform.

  4. Responses to treatments or medications, as tracked through our platform, which help in adjusting and personalizing your care plans.

  5. Information related to your lifestyle habits, such as diet, exercise, and sleep patterns, which can influence treatment plans and health advice.

2.3 Automatically Collected Information

When you access and use our platform, certain information is automatically collected. This includes:

  1. Information that your browser sends whenever you visit our site or when you access the services via our mobile application. This log data may include your IP address, browser type, browser version, the pages of our platform that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

  2. We use cookies and similar tracking technologies to track activity on our services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

  3. Information about the device you use to access our platform, including the hardware model, operating system, unique device identifiers, and mobile network information.

2.4 Sensitivity of Data

Given the sensitivity of the personal and health information we collect, we adhere to stringent security measures and comply with applicable legal frameworks, including local Saudi Arabian regulations and international data protection laws, to protect your data.

3. How We Use Your Information

Me’kaaz uses the information we collect to deliver, maintain, and improve our services, to develop new services, and to protect Me’kaaz and our users. Below are the specific purposes for which we use the information:

3.1 To Provide, Personalize, and Improve Our Services

  1. We use your personal and health information to provide and operate our health tech services effectively, including managing your account, delivering health monitoring, and facilitating communication with healthcare providers.

  2. Your health data enables us to tailor recommendations and treatment plans specifically suited to your health conditions and personal preferences.

  3. We analyze usage patterns and feedback to improve the functionality and user-friendliness of our services. This includes optimizing our AI algorithms for better health prediction and management.

3.2 To Communicate With You

  1. We use your contact details to send you service updates, respond to your inquiries, and provide support when needed. This may include technical notices, security alerts, and administrative messages.
  2. Based on the clinical data captured through our devices and apps, we may send alerts concerning your health conditions or any critical health data detected by our systems.

3.3 For Research and Development

  1. We perform statistical analyses on information including health data to better understand health trends and outcomes. This aids in improving our predictive models and the efficacy of care protocols.
  2. With your consent, we may use your de-identified data in clinical research studies aimed at advancing medical knowledge and developing new treatments for chronic conditions.

3.4 To Ensure Legal Compliance

  1. We process your information to fulfill our regulatory requirements under Saudi law and international standards. This includes maintaining records, compliance checks, or screening and verifying information against governmental databases as required by law.

  2. We use information to enhance the security, integrity, and safety of our services for all users. This includes detecting, investigating, and preventing fraudulent transactions and other illegal activities and protecting the rights and property of Me’kaaz and others.

3.5 For Marketing and Promotion

  1. We may use your contact information to promote new products, offers, and services provided by Me’kaaz and our selected partners. This will always be conducted under compliance with applicable laws and where appropriate, with your consent.

  2. We engage in activities to maintain and enhance our relationship with you. This includes conducting surveys for feedback, promoting community events, and offering special features or promotions.

3.6 To Share with Healthcare Providers

With your explicit consent, we share relevant health data with healthcare providers to ensure continuity and comprehensiveness of care. This facilitates a more integrated healthcare approach, allowing for timely interventions and better health outcomes.

4. Sharing and Disclosure

Me’kaaz is committed to maintaining the confidentiality and security of your information. However, there are circumstances under which we share your information with certain third parties. Below we detail these situations and the parties involved:

4.1 Healthcare Providers

  1. With your explicit consent, we share relevant clinical data with your healthcare providers to facilitate coordinated and comprehensive care. This includes sharing data from our devices and apps that monitor your health conditions.

  2. In cases of medical emergencies, we may share your information with medical personnel or healthcare facilities to ensure timely and appropriate treatment.

4.2 Service Providers

  1. We engage third-party companies to assist in the processing of information for specific functions, such as data hosting, maintenance services, database management, and analytics. These providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
  2. For processing payments, we use trusted third-party payment processing services. We share with them your payment information, but they are bound by their Privacy Policies to safeguard this data.

4.3 Legal Requirements and Compliance

  1. We may disclose your information to government or law enforcement officials if it becomes necessary for investigating, preventing, or taking action regarding illegal activities, including fraud and identity theft, potential threats to the physical safety of any person, or as otherwise required by law.

  2. Your personal and clinical data may be disclosed where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena.

4.4 Business Transfers

If Me’kaaz is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you of any change in control or use of your personal data and choices you may have regarding the information.

4.5 International Transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable us to use the information in accordance with this policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

4.6 Aggregate and De-Identified Information

We may share aggregated or de-identified information that does not directly identify you with partners like research groups, health organizations, or universities for the purpose of research and improving health outcomes. This data is used in a way that does not directly identify individual users.

5. Data Security

Me’kaaz is committed to protecting the security of your personal and health information. We employ a variety of security technologies and organizational measures to help protect your data from unauthorized access, use, or disclosure. Here are the key aspects of our data security approach:

5.1 Encryption

  1. All data transmitted between your devices and our servers is encrypted using industry-standard TLS (Transport Layer Security). This ensures that data in transit cannot be easily intercepted.

  2. We employ strong encryption to secure your data stored on our servers. This includes encrypting your personal and clinical data at rest, ensuring that it is accessible only to authorized systems and personnel.

5.2 Access Controls

  1. We implement robust authentication methods to ensure that only authorized users can access their accounts. This includes the use of strong passwords, biometric authentication, and two-factor authentication (2FA) where appropriate.
  2. Access to sensitive data within our systems is governed by strict role-based access controls. Employees and contractors are granted access only to the extent necessary for their job functions.

5.3 Network Security

  1. We employ advanced firewall protection and intrusion detection systems to monitor and protect our network traffic from malicious activities and potential breaches.

  2. Our network infrastructure undergoes regular security audits and vulnerability scans conducted by independent security experts to identify and remediate potential security issues.

5.4 Data Integrity and Backup

  1. We perform regular data integrity checks to ensure that the information we store is accurate and unaltered.
  2. Data is regularly backed up in multiple geographically dispersed data centers to prevent data loss. These backups are also encrypted and securely stored.

5.5 Incident Response

  1. We have an incident response plan in place that outlines procedures for responding to potential security breaches. This plan is regularly reviewed and updated to adapt to new security threats.

  2. In the event of a data breach, we are prepared to notify affected individuals and relevant authorities in accordance with local laws and regulations promptly.

  1. 5.6 Employee Training and Awareness

    1. All employees receive regular training on data protection and security, which includes the importance of protecting personal and health information and the specific measures they must follow to maintain security.

    2. All employees and contractors are required to sign confidentiality agreements that obligate them to protect customer information and comply with our data privacy policies.

    5.7 Compliance

    We ensure that our data security practices are compliant with applicable Saudi Arabian regulations and international standards, particularly those concerning health data such as HIPAA (Health Insurance Portability and Accountability Act) and PDPL (Personal Data Protection Law) where applicable.

    6. Data Retention

    Me’kaaz recognizes the importance of responsible data management and is committed to retaining personal and health information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

    6.1 Retention Periods

    1. Personal information associated with your account, such as your name, email address, and contact details, is retained for as long as your account is active. Should you choose to deactivate your account, we will retain specific information for a limited period to comply with legal obligations, resolve disputes, and enforce our agreements.

    2. Clinical data collected through our services is retained as long as necessary to continue to provide services to you. After you cease using our services, we retain your clinical data for a period determined by applicable laws and regulations, which stipulate the minimum and maximum retention periods for medical records.

    3. Financial transaction data related to purchases and other financial interactions with Me’kaaz are retained for a period required by tax and accounting laws in Saudi Arabia.

    4. Data used for analytics or logs that may indirectly identify you is typically retained for a shorter duration, depending on the purpose of the data collection and the tools used.

    6.2 Legal and Regulatory Requirements

    We adhere to applicable Saudi Arabian laws and international regulations that require data retention for specific periods. For instance, health data may need to be retained for extensive periods for compliance with health oversight and regulatory requirements.

    6.3 Data Minimization

    Me’kaaz practices data minimization principles by ensuring that we only retain the minimum amount of personal and clinical data necessary for legal compliance and to serve our operational needs.

    6.4 Secure Disposal

    Upon expiration of the retention periods, personal and clinical data is securely disposed of or anonymized, so it cannot be reconstructed or read. We use industry-standard methods to safely delete data, including:

    1. Secure shredding and destruction of any physical documents.

    2. Use of certified wiping software to irreversibly erase digital data.

    6.5 Review and Adjustment of Retention Policies

    Our data retention policies are regularly reviewed and adjusted in response to legal and regulatory changes, operational requirements, and best practices in data management. This ensures that our policies are up-to-date and aligned with current laws and technologies.

    6.6 Access to Retained Data

    During the retention period, access to personal and clinical data is strictly limited to authorized personnel who require the data to perform their job duties. Such access is controlled through secure authentication mechanisms and is logged for audit purposes.

    7. Your Rights

    Me’kaaz recognizes and respects your rights concerning your personal and clinical data. We are committed to ensuring that you can exercise these rights easily and transparently. Below, we outline the rights available to you and the process for exercising them:

    7.1 Right to Access

    You have the right to request access to the personal and clinical data that Me’kaaz holds about you. This allows you to receive a copy of the personal data we hold and to check that we are lawfully processing it.

    7.2 Right to Correction

    If you believe that any information we hold about you is incorrect or incomplete, you have the right to request that we correct such information. You can also update many types of personal information directly through your account settings on the Me’kaaz platform.

    7.3 Right to Erasure

    You can request the deletion of your personal data when there is no good reason for us to continue processing it. This is also known as the “right to be forgotten.” However, we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    7.4 Right to Restrict Processing

    You have the right to request that we suspend the processing of your personal and clinical data in the following scenarios:

    1. If you want us to establish the data’s accuracy;

    2. Where our use of the data is unlawful but you do not want us to erase it;

    3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or

    4. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

    7.5 Right to Data Portability

    You have the right to request the transfer of your personal data to another party. This right applies to personal data you have provided to us where the processing is based on your consent or for the performance of a contract, and when processing is carried out by automated means.

    7.6 Right to Object

    You have the right to object to the processing of your personal and clinical data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

    7.7 Right to Withdraw Consent

    In cases where the basis of our processing your personal data is your consent, you have the right to withdraw this consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

    7.8 Rights Related to Automated Decision Making and Profiling

    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such profiling is necessary for entering into, or performance of, a contract between you and us.

    7.9 Right to Complaint to a Supervisory Authority

    If you feel that your rights have been breached, you have the right to file a complaint with the appropriate data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us initially.

    7.10 How to Exercise Your Rights

    1. To exercise any of your rights, please contact us using the contact details provided at the end of this Privacy Policy. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

    2. We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

    7.11 Special Considerations for Clinical Data

    Given the sensitive nature of the clinical data we handle, we take extra precautions to ensure that such data is handled with the highest level of care and security. Your rights concerning clinical data are especially prioritized, and we ensure all legal and ethical standards are met in processing such requests.

    8. Changes to this Privacy Policy

    At Me’kaaz, we are committed to continually reviewing and updating our Privacy Policy to ensure that it remains accurate, transparent, and compliant with applicable laws and best practices. This section explains how we handle changes to this policy, what kind of changes you might expect, and how these changes will be communicated to you.

    8.1 Review and Update Cycle

    1. We regularly review our Privacy Policy to ensure that it accurately reflects our current data practices and aligns with evolving legal and regulatory requirements.

    2. Changes to this policy may be triggered by new data protection laws, changes to our business practices, technological advancements, or findings from periodic privacy impact assessments.

    8.2 Types of Changes

    1. These include grammatical corrections, structural changes, or clarifications of existing sections without altering the meaning or implications of the policy. Such changes may be made without prior notification to users.

    2. These involve modifications that affect the ways we collect, use, or share personal or clinical data. This might include changes due to new legal requirements, significant business process adjustments, or shifts in technology use.

    8.3 Notification Procedures

    1. For substantial changes, we will notify you through prominent means, such as a notice on our website, direct communication via email, or through our mobile application. The method chosen will aim to ensure that you are adequately informed of the changes.

    2. We aim to provide notice of substantial changes before they take effect. This notice period helps you review the changes and, if necessary, adjust your use of our services accordingly.

    8.4 Your Acceptance of Changes

    1. Your continued use of our services after the changes to the Privacy Policy have been notified and taken effect will constitute your acceptance of those changes. If you do not agree with the updated policy, you have the option to discontinue using our services.

    2. In cases where changes affect how we handle sensitive or clinical data, or where otherwise required by law, we may also seek your explicit consent to the revised terms.

    8.5 Historical Versions

    To ensure transparency, we maintain an archive of previous versions of our Privacy Policy. Upon request, we can provide you with access to earlier versions to help you understand how our data practices have evolved over time.

    8.6 Contact Information for Concerns

    If you have any concerns or questions about any changes made to our Privacy Policy, please do not hesitate to contact us through the provided contact details. We value your feedback and are committed to addressing any concerns you may have.

    9. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at Info@mekaaz.com

    By using the Me’kaaz platform, you consent to the terms outlined in this Privacy Policy.

+966 505 838 386

Give Us A Call

Info@mekaaz.com

Drop Us a Line

8006 Laysen Valley, King Khalid Br. Rd, Riyadh 12329, Kingdom of Saudi Arabia

Facebook-f Linkedin Instagram

Quick Links

Useful Links

Newsletter

Get updates & stay connected subscribe to our newsletter

Copyright © 2024 | Me’kaaz All rights reserved.

en_USEN
en_USEN arAR