This Privacy Policy sets out the basis on which any personal data collected from you or other sources or that you provide to us (“Personal Data”) will be processed by us in connection with your access and use of the Platform and the Services. By using our Platform and Services, you agree to the handling of your Personal Data in accordance with this Privacy Policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. We provide personally identifiable patient information only to those specific healthcare providers with whom a user-patient books appointments and consultations to allow proper patient treatment and care. Information may also be handled by third party partnered service providers such as insurance, corporate enterprises and hosting services that are bound by similar privacy restrictions.
If you use our Platform and Services, you consent to the collection, use and sharing of your personal data under this Privacy Policy (which includes all other documents referenced in this Privacy Policy) and agree to the Terms of Use for the Platform. We created this Privacy Policy to give you confidence as you use the Platform and Services and to demonstrate our commitment to the protection of privacy.
The Platform may include links to Services of the Platform from third-party websites, plug-ins and applications including those of and to Healthcare Providers, Insurance and Corporate Enterprises. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and applications and are not responsible for their privacy statements. When you leave our Platform, we encourage you to read the privacy notice of every website and application you visit.
Profile data of Healthcare Providers and insurance networks are collected through publicly available content on search engines, various websites and journals and we make every effort to keep this updated. However, since we do not manage this data, we do not guarantee the accuracy and validity of all such data. Healthcare Providers who have registered and entered into an agreement with us are responsible for updating their Profile data, consultation schedules and content at all times.
Healthcare providers, insurance companies, corporate enterprises and other third parties who have registered and entered into an agreement with us in relation to our Services available on the Platform, will be subject to additional provisions as to how we will use Personal Data as set out in such separate agreements.
References in this Privacy Policy to “we”, “our” or “us” (or similar) refer to AWP MEA HOLDING C0. WLL, Block 428, Road 2802, Building 79, Flat No. 132, Al Seef, Manama, Bahrain or one or more of our affiliates. AWP MEA HOLDING C0. WLL is the developer and owner of the registered trade name “Healthigo”. References to “user” or “you” (or similar) are references to you as an individual or legal business entity as the case may be.
Our Privacy Policy is subject to changes in compliances, regulatory mandates and changes in our business and we keep our privacy policy updated accordingly. The current version of this Privacy Policy will be effective upon posting on the Platform. We may e-mail periodic notices of any changes to our Privacy Policy, but it is your obligation to regularly check the Privacy Policy on the Platform. Your continued use of the Platform following any such change constitutes and implies your agreement to the Privacy Policy in effect as on the dates of use of the Platform and Services.
BY VISITING THE SITE OR USING OUR SERVICES YOU CONSENT TO THE COLLECTION, USE AND SHARING OF YOUR INFORMATION IN THE MANNER OUTLINED BY THIS PRIVACY POLICY AND THE TERMS OF USE. IF YOU DO NOT AGREE WITH THES POLICIES, YOU CANNOT USE THE SITE OR OUR SERVICES.
This current version of our Privacy Policy stands updated on 1 June 2022. If you have any queries in relation to our Privacy Policy or your Personal Data please contact us at info@healthigo.com.
Personal data, or personal information, refers to any information about an individual from which that person can be identified. We may collect, use, store, transmit and transfer different kinds of personal data about you which we have grouped together as below:
Personal data, or personal information, refers to any information about an individual from which that person can be identified. We may collect, use, store, transmit and transfer different kinds of personal data about you which we have grouped together as below:
In order for us to verify your identity, we may need to request from you a valid proof of identification (e.g. in the form of a copy of your passport, resident visa or permit, tourist/business/visitor visa, national ID card and/or driver’s license).
Business Entity Data:
For the purpose of our business and Services, we may partner with Healthcare Providers and third-party companies to post content, provide Services from the Platform, facilitate users or exchange information in accordance with this Privacy Policy.
We may collect business data including but not limited to (a) title and full name; (b) business entity name, locations and addresses; (c) expertise and procedures; (d) languages spoken; (e) accepted forms of payment; (f) qualifications and education; (g) medical insurance policies; (h) local registration and licence details; (i) client/customer/referral details; and (j) third party user details. In addition, Healthcare Providers and third-party companies that partner with us enter into specific agreements and any specific clauses will be governed by those relevant agreements.
Financial Data:
We may also need to collect select financial information from you, such as your credit card and/or bank account details. We use this financial information for billing purposes and for the fulfilment of your orders.
Transactional Data:
We may collect transactional information (e.g. consultation details, symptoms, deals redemptions) based on your activities using the Platform and Services. This transactional information is used solely in relation to the transactions you undertake on the Platform and for no other reasons.
Technical Data:
We may collect information about your computer (e.g. browser type, make and model (mobile phones only), operating system, hardware version, platform, device settings and other technology identification on the devices used to access our Platform, file and software names and types, device identifiers, time zone setting and location, device locations such as through GPS, Bluetooth or WiFi signals, browser plug-in types and versions, operating system and platform, connection information such as the name of your mobile operator or ISP, browser type, language and time zone, and navigation information).
We may collect your Internet protocol (or IP) address (which is a unique number assigned to your computer server or your Internet service provider (or ISP)) to analyze user trends and improve the administration of the Platform and Services. Finally, we may collect additional information from or about you in other ways not specifically described here. E.g. we may collect information related to your contact with our customer support team or store results when you respond to a survey. We may also collect feedback, ratings and other comments relating to your use of the Platform and/or Services.
Communications and Marketing Data:
We may use a combination of all data collected from you including your preferences in receiving marketing and other communication from us, our affiliates and partners. All data remains anonymized, encrypted during transmission and all communications are routed through the Platform in order to maintain stringent data privacy and protection. Personalization of communication takes place within the secure environment of the Platform.
Statistical Aggregation of Data:
Where we aggregate personal information for statistical purposes, such aggregated personal information are anonymized. We collect, use and share aggregated data such as statistical or demographic data derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. E.g. we may aggregate your usage data to calculate the percentage of users accessing a specific Platform feature or Service.
We do not collect any other Special Categories of Personal Data about you (this includes details about your political opinions, trade union membership, information about your health and genetic and biometric data, or any information about criminal convictions and offences).
Minors:
By accessing, using and/or submitting information to or through the Platform and the Services, you represent that you are not a child (minor). If we learn that we have received any information directly from a child without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services, and we will subsequently delete that information. If you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.
If you fail to provide personal data:
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with consultation booking services. In this case, we may have to cancel an appointment you have booked through the Platform, but we will notify you if this is the case at the time).
Passwords and Confidentiality:
If you are provided with a password or any other piece of information as part of our security procedures for a registration-only section of our Platform, you are responsible for maintaining the confidentiality of your password and user name for the Platform and you are responsible for all activities that are carried out under them. We do not have the means to check the identities of people using the Platform and we will not be liable where your password or username is used by someone else. You agree to contact us immediately of any unauthorised use of your password or username of which you become aware. We have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion, you have failed to comply with any of the provisions of these terms or the Terms of Use.
Following your registration on the Platform, you should not post any personal information (including any financial information) anywhere on the Platform other than on the My Account section of the Platform. Restricting the posting of personal information to the My Account section of the Platform protects you from the possibility of fraud or identity theft. The posting by you of any personal information anywhere on the Platform other than on the My Account section of the Site may lead to the suspension of your use of the Site.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity and Contact by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Automated technologies or interactions. As you interact with our Platform, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies or other technology tools.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
a) Technical Data from the following parties:
i. analytics providers;
ii. advertising networks; and
iii. search information providers.
b) Contact, Financial or Transaction Data from providers of healthcare, insurance, technical and payment services.
c) Healthcare Provider and Care Provider Data from publicly available sources and regulatory authorities.
d) Insurance networks data from publicly available sources and regulatory authorities.
We only use your personal data as per the laws of the specific country. Most commonly, we may use your personal data in the following circumstances:
a) where we need to perform the contract we are about to enter into or have entered into with you;Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to. Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out in the table below a summary of the circumstances in which we will use your Personal Data, the type of Personal Data we will use and the grounds on which we will be permitted to use such Personal Data in such circumstances.
Purpose/Activity | Type of Personal Data |
---|---|
To list you as a Business Entity | (a) Healthcare Provider (b) Insurance Provider (c) Third-party Partner |
To register you as a User | (a) Identity (b) Contact |
To process your consultation / appointment booking request | (a) Identity (b) Contact (c) Health and Other Special Data (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications |
To manage our relationship with you which
will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
To enable you to partake in a prize draw, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
To administer and protect our business and Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
To deliver relevant Platform content to you and measure or understand the effectiveness of the Services | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | (a) Technical (b) Usage |
To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications |
Deal with legal disputes and claims | (a) Identity (b) Contact (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications |
Comply with a legal obligation, like a court order requiring us to release information | (a) Identity (b) Contact (d) Health Provider (e) Financial (f) Transaction (g) Marketing and Communications |
The above data is used for processing transactions you have made on our Platform for the Services and forms the basis of legitimate interest as described below:
a) For the purpose of performance of a contract with you
b) For our business interests including but not limited to keeping our records updated
to provide our services to our customers; study how customers use our
products/services to develop them and grow our business; running our business,
provision of administration and IT services, network security, to prevent fraud and
in the context of a business reorganisation or group restructuring exercise
c) Compliance with a legal obligation
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly
around marketing and advertising.
Promotional offers from us
We may use your identity, contact, technical, usage and profile data to form a view on
what we think you may want or need, or what may be of interest to you. This is how
we decide which products, services and offers may be relevant for you (we call this
marketing). You will receive marketing communications from us if you have requested
information from us or purchased [goods or services] from us and you have not opted
out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any
third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time
by following the opt-out links on any marketing message sent to you or by contacting
us at any time by sending an email to info@healthigo.com. Where you opt out of
receiving these marketing messages, this will not apply to personal data provided to
us as a result of a product/service experience or other transactions.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when
websites set or access cookies. If you disable or refuse cookies, please note that some
parts of this website may become inaccessible or not function properly.
Change of purpose
We will only use your personal data for the purposes for which we collected it,
unless
we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If you wish to get an explanation as to how the
processing for the new purpose is compatible with the original purpose, please contact
us. If we need to use your personal data for an unrelated purpose, we will notify you
and we will explain the legal basis which allows us to do so.Please note that we may process your personal data
without your knowledge or
consent, in compliance with the above rules, where this is required or permitted by
law.
We may share your Personal Data with the parties set out below for the purposes set
out in the table above.
a) Internal Third Parties being companies in our group and provide IT and system
administration, product development, business development and back office
services and undertake reporting:
b) External Third Parties being:
i. in the case of Healthcare Provider Data, to our users through our Platform;
ii. in the case of Insurance data, to concerned parties through our Platform;
iii. in the case of Identity, Contact, Financial Data and Transaction Data, to
Healthcare Providers with whom you have booked appointments for online
consultations through our Platform;
iv. service providers acting as partners or
processors who provide our services,
referrals, IT, system administration and payment processing services.
v. Professional advisers acting as processors or joint controllers including
lawyers, bankers, auditors who provide consultancy, banking, legal, insurance
and accounting services.
vi. Regulators and other authorities acting as processors
or joint controllers based
in the specific country who require reporting of processing activities in certain
circumstances.
vii. Third parties to whom we may choose to partner with, sell, transfer or merge
parts of our business or our assets. Alternatively, we may seek to acquire other
businesses or merge with them. If a change happens to our business, then the
new owners may use your personal data in the same way as set out in
this privacy policy. We require all third parties to respect the security of your
personal data and to treat it in accordance with the law. We do not allow our
third-party service providers to use your personal data for their own purposes
and only permit them to process your personal data for specified purposes and
in accordance with our instructions.
The Personal Data that we collect from you may be transferred to, and stored at, a destination outside of the jurisdictions in which the persons to whom such Personal Data relates to, unless mandated by law to be available in that country. It may also be processed by staff operating outside such jurisdictions who work for us or for one of our suppliers / vendors. Such staff may be engaged in, among other things, the fulfilment of your booking/appointment, and the provision of support services. In such case, your Personal Data may be transferred, stored, processed and used by our affiliated companies and/or non-affiliated service providers in one or more countries outside your originating country.
We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. Whenever we transfer your personal data out of such jurisdictions or to third parties, we aim ensure a similar degree of protection is afforded to it by the use of contractual obligations.
We maintain commercially reasonable technical, administrative, and physical safeguards to ensure your Personal Data is treated securely and in accordance with this Privacy Policy, and to protect against unauthorized access or alteration to, disclosure, or destruction of your Personal Data. We may use encryption technology to secure your Personal Data during transmission to our Platform as well as external firewall and on-host firewall technology to prevent network level attacks. Only those authorized employees, contractors, and agents who need to know your Personal Data in connection with the performance of their services are allowed to access this Personal Data.
It is important for you to protect yourself against unauthorised access to your password and to your devices used to access our Services. You are responsible for keeping your password confidential. E.g. ensure that you sign off when you have finished using a shared device.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Platform and any transmission is at your own risk.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you
Under certain circumstances, you have rights under data protection laws in relation to
your personal data. In particular, you have the right to:
Request access to your personal data.
This enables you to receive a copy of the
personal data we hold about you and to check that we are lawfully processing it.
Request
correction of the personal data that we hold about you. This enables you to
have any incomplete or inaccurate data we hold about you corrected, though we may
need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios:
a) If you want us to establish the data's accuracy.
b) Where our use of the data is unlawful, but you do not want us to erase it.
c) Where you need us to hold the data even if we no longer require it as you need it
to establish, exercise or defend legal claims.
d) You have objected to our use of your data, but we need to verify whether we have
overriding legitimate grounds to use it.
Request transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us by email at info@healthigo.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within 30 working days. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
During the course of any online consultation with a practitioner which is held on our Platform, you may exchange with the practitioner through the Platform special personal data including in relation to health (health history, symptoms, examinations and tests and the results thereof, diagnosis, treatment and care plan), ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data as relevant to the practitioner. This information is held and used by the practitioner or the healthcare provider in accordance with its privacy policy, terms and conditions of service and applicable laws and regulations. It is the responsibility of the patient to request for and consent to the privacy policy and terms and conditions of the practitioner. We do store any such information on our systems and delete such information (if shared via the Platform) from our systems after the end of any such online consultation.
If you have questions or concerns about our collection and use of your personal information, please contact our support team on info@healthigo.com.