EN
    • My Rx Orders
    • Health Services
    • LAKUM

    Al Habib ePharmacy is the online platform of MIDDLE EAST PHARMACIES COMPANY, offering convenient online ordering and 24/7 service

    Follow Us
    Payment Methods
    HMG Medical Group
    About Us
    Pharmacy Locations
    Account Details
    My Account
    My Orders Status
    Refunds & Returns
    My Rx Orders
    My Wishlist
    Back In-stock notification list
    Important Links
    Support
    Privacy Policy
    LAKUM Terms and Conditions
    Website Terms of Use
    Online Services Terms Of Use
    App User Agreement
    Contact Us
    Call Us
    Chat with us
    Copyright © HMG Group. All rights reserved.

    Privacy Policy Updated

    The privacy policy of Dr. Sulaiman Al Habib Medical Group has been updated. Please review it

    Privacy Policy

    Introduction

    This Privacy Policy applies to the Data collected from users of the websites www.alhabibpharmacy.com  and www.Hmgpharmacies.com  and mobile application ALHABIB PHARMACY (collectively the Sites), made available by Middle East Pharmacies Company, a company established under the laws of the Kingdom of Saudi Arabia (Pharmacies, we, us, our), including any services accessed via the Sites.

    Policy Update

    We may at any time update the Privacy Policy by publishing the varied Privacy Policy on the Sites. If you are accessing your own account or a particular service, we may provide you with further notice that the Privacy Policy has been updated.

    This Privacy Policy was last updated on 01 October 2024.

    By using any of our services, including the Sites, Telehealth Services and Online Pharmacy, you expressly agree and consent to our use of your Data in accordance with this Privacy Policy, including the disclosures described herein and the potential transfer of your Data to another territory.

    Compliance

    Our Sites and our online services are intended for users located in the Kingdom of Saudi Arabia (KSA). We comply with all applicable data protection laws in this jurisdiction, which includes the Saudi Arabia Personal Data Protection Law as amended (the KSA PDPL).

    Data collection and use :

    We may collect, process and retain the following types of information about you (which will be referred to as Data in this Privacy Policy) from the Sites including:

    a)          information which is able to personally identify you and which may be provided by you at the time of voluntary registration for the services offered by us or gathered through your use of the Sites (including when you make enquiries through the Sites), this may include name, address, email address, date of birth, mobile number, marital status, family members or dependent, National ID card/number, username etc. In addition, this may include information about a deceased individual if it would lead to them or a member of their family be identified specifically; 

    b)          financial information (for example, credit card details, bank details); 

    c)          information related to your use of the Sites (for example, domain name, IP address and cookies, location data); 

    d)          information relating to your purchase of or access to a product or service (such as records of purchase, delivery details, payment receipts etc.); 

    e)          any feedback or comments provided by you online;

    f)           information which we consider to be Sensitive Personal Information concerning, including or relating to your health and which may include information: 

    (i)         about your individual health, including your medical history;
    (ii)        about your physical attributes, such as weight, height, blood pressure etc.; 
    (iii)       about any disabilities that you may have or have had;
    (iv)        about any healthcare services that are being provided, or have been provided, to you; 
    (v)        provided by you in connection with the donation, by you of any body part or any bodily substance, or derived from the testing or examination of any body part, or any bodily substance of you; and
    (vi)       about you which is collected before, or in the course of, and incidental to, the provision of any healthcare services; 
    g)          information relating to your medical insurance coverage, should you choose to provide it for direct billing purposes;

    h)          information relating to your employment and career (for example job title, employer’s name and address, work experience, payment etc.); and 

    i)            any other information you independently choose to provide to us via the Sites from time to time (for example, if you complete an enquiry form, register for a promotion or participate in a support chat service).

    The Sites will record and track the use you make of the Site through the use of, amongst other things, cookies and other monitoring tools and devices. You can choose to turn off non-essential cookies in your browser and you can delete them from your hard drive. You do not need to have cookies turned on to use the Sites but you will need them to use and access some parts of the Sites and to access personalised or secure content on the Sites. We may use essential cookies which are strictly necessary without your consent and are automatically set. You will not be able to disable these unless you change your browser or device settings. Some webpages in the Sites may not function as intended if the essential cookies are turned off. The use of essential cookies will not prejudice your rights as a data subject and no Sensitive Personal Information will be processed.

    Collection of Data is mandatory unless stated otherwise. In cases where you do not provide the requested Data, then we may not be able to comply with our obligations under applicable laws and it may affect our Site services available to you.

    How we use your Data:

    We use your Data as necessary for us to provide services to you (such as schedule appointments, maintain medical records, analyse your Data etc.), to carry out the transactions you have requested or to operate the Sites. This may involve us analysing patient medical records and analytics including, but not limited to, diagnosis, prescriptions, lab results, etc. and communicating with your insurance provider.

    We may also use such Data to:

    a)          track traffic patterns to and from the Sites (and which may include retaining details of your IP address, operating system, browser, domain and other user information (e.g. your username));
    b)          inform what advertising is being shown;
    c)          ensuring that the content of the Sites is presented in the most effective manner for you and for the device which you are using to access the Sites;

    d)          to review, develop, facilitate or improve our delivery of the Sites and the services available on the Sites;

    e)          simplify the entry of your Data in certain online forms;  

    f)           enable you to enter the Sites and access and use certain services provided via the Sites;

    g)          to contact you for follow-up purposes if a consultation session is ended due to a technical fault or for some unknown reason;

    h)          to respond to any queries, requests, or comments that you have submitted; 

    i)            to review, develop and improve the services which we offer; 

    j)            to notify you about changes to the Sites or our services, where applicable;

    k)          to protect the safety of members of the public and users of our services; 

    l)            for non-personally identifiable information only, with advertisers and other third-party providers for marketing purposes; 

    m)        with vendors, administrative service providers, technology providers, and carefully selected business associates for data validation, enhancement, information verification and suppression services; 

    n)          for any other purpose for which the user provides consent; and

    o)          as necessary to comply with legal and regulatory obligations, including record keeping, and if necessary in the exercise or defence of legal claims. 

    We use Sensitive Personal Information in order to ensure that we are able to offer our services requested by you and/or provided by us to the best of our ability. We will use the Sensitive Personal Information to assist in the provision of information to you about your health or your medical records and to provide our services, including considering your Sensitive Personal Information to make recommendations and diagnoses. We will store Sensitive Personal Information in your medical records in accordance with prevailing practice in the medical industry in the relevant territory where you are based and in accordance with our legal obligations.

    On what basis do we process your Data :

    We will process your Data for the purposes set out in this Privacy Policy on the following bases in the KSA:

    a)          where we have obtained your specific, or where necessary, explicit consent to such use. We will in each case inform you about the processing of your Data and your related rights prior to obtaining your consent;

    b)          it is necessary for the performance of a previous agreement with you;

    c)          it is necessary for our legitimate interest, providing the Data does not include Sensitive Personal Information. Using your Data helps us to operate, improve and minimise any disruption to our Sites. We also have a legitimate interest in sending you information on the products, services and offerings we believe will be of interest to; and

    d)          it is necessary for compliance with our legal and regulatory obligations.

    We will not process your Data in a manner that is inconsistent with the purpose for which we have collected the Data or the basis on which we have relied to collect your Data.

     

    Marketing :

    We may use your Data (with the exception of Sensitive Personal Information) to contact you directly to provide you with information about services that you have requested from us or which we feel may interest you, provided we receive your explicit consent. You can opt out of receiving such communications at any time.  

    With whom do we share your Data?

    We will not disclose Data to third parties except as provided in this Privacy Policy or as permitted or required by law or any court of competent jurisdiction.

    By using our services, you agree and provide your consent to our disclosure of information as described in this Privacy Policy. In particular, you understand that if you instruct us to seek payment authorisation from your insurer we may need to disclose sensitive medical information to your insurer, including details of the treatment or products sought, and you consent to such disclosure. You understand that your Data may be transferred outside the territory in which you reside for processing by us, and you consent to such transfer.

    We may disclose Data, which may include Sensitive Personal Information:

    a)          to providers of information technology services; these are predominantly members of the Pharmacies group, however third party cloud service providers may be used for storage and processing of video consultations or similar;

    b)          to members of our group;

    c)          to competent regulatory, government or court authorities in response to a legally binding request or legal compliance obligation or in the pursuit of substantial public interests such as infectious disease identification and control;

    d)          to emergency services or other specialist intervention providers, if we believe you or other members of the public may be in imminent danger;

    e)          to your medical insurance provider, if you have instructed us to do so for billing purposes and we offer a direct billing service at the time;

    f)           to third-parties who maintain databases that we need to cross-reference your information against; 

    g)          to payment gateways to process your payments;

    h)          to another healthcare professional for the purposes of ensuring the provision and enhancement of ongoing medical treatment or healthcare services or the provision of medicines;

    i)            to communicate with patients about their care or well-being;  

    j)            to communicate with family members and others involved in the patient’s care;

    k)          to conduct or participate in medical research; 

    l)            for public health purposes;

    m)        in accordance with usual and recognized professional practice relative to the circumstances and permitted by law; or

    n)          if such information is already publicly known through lawful disclosure by you or your legal representatives.

    Any third party acting as our supplier or sub-contractor will be under a legally binding duty of confidentiality and we will secure commitments from such third parties to keep your Data secure and not to use it for any other purpose other than the purpose for which we have engaged that third party (such as providing hosting services).

    We will share your Data with the third parties set out above for the specified purposes set out herein and in accordance with this Privacy Policy, to the minimum extent required, and in compliance with the law.

    Where will we process your Data

    The Data you submit may be transferred, stored and hosted outside of the KSA, and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively. These and all other transmissions will remain secure and under our control.

    If you are a KSA resident, when we transfer your Data to third parties based outside the KSA, we will do so in compliance with the requirements set out in the KSA PDPL and its Implementing Regulations and Data Transfer Regulation.

    We will strive to implement appropriate measures and safeguards for example the SDAIA Standard Contractual Clauses, to ensure that your Data remains protected and secure when it is transferred outside your home country, and you can exercise your rights effectively.

    Your rights :

    Under certain conditions, you may have the right to: 

    ·       access your Data held by us; 

    ·       request the deletion of Data; 

    ·       correct, complete or update your Data; 

    ·       obtain your Data in a legible and clear format; and

    ·       withdraw consent at any time. 

     

    To exercise your rights, including the right to withdraw consent granted to us in accordance with this Privacy Policy, please contact us using the details provided in the Enquiries and complaints section of this Privacy Policy.

    If any request is repetitive, manifestly unfounded, or requires disproportionate efforts, we reserve the right to refuse it, in which case we will notify you of the refusal and the reason behind it.

    We will make every reasonable effort to honour your data subject request in line with the applicable laws. In the event we require additional time due to the complexity of the request, we shall promptly inform you of the same. We may ask you to provide proof of your identity. We shall aim to comply with all requests promptly and in line with statutory deadlines. Subject to applicable laws, we may not always be able to fully address your request, for example:

    ·       If it would impact the confidentiality we owe to others; 

     

    ·       We are legally entitled to deal with the request in a different way; or

     

    ·       If the request involves deletion of Data and its retention is required to comply with legal requirements.

     

    If you are not satisfied with our use of your Data in respect of the Sites or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then please contact us using the details provided in the Enquiries and complaints section of this Privacy Policy.

    You may in addition have the right to complain to any regulatory authority that supervises our processing of your Data or, where you are based in KSA, the Saudi Data & Artificial Intelligence Authority through sdaia.gov.sa or any other competent authority designated with the authority to receive such complaints from time to time.

    Aggregated non-personal Data :

    We may share anonymised Data or derivations of such data with third parties for research, statistical or epidemiological purposes in accordance with the law and/or regulations or courts of the competent jurisdiction. We will ensure that you cannot be identified from any such Data before sharing it.

    Proper provision of medical services :

    If you are accessing our medical services, such as our telehealth services, you must ensure that you provide full and accurate information as requested by the data entry fields on our Sites and by the consulting physician. Our physicians rely on the information you provide to inform their assessment of you. If you provide inaccurate or incomplete Data, then the assessment you receive may be based on a false understanding of your circumstances and this could lead to adverse healthcare outcomes. We accept no responsibility for acting on Data which you have provided and which is not complete or accurate. 

    Children :

    We are committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children's online activities and interests. Due to the nature of medical services, however, our services may be of benefit to children and the ability to access certain services online may be more convenient and less stressful than accessing services in a face-to-face environment.

    Under our Online Service Terms of Use, we require any person creating an account to be at least 16 years old and for any person creating an account on behalf of a child to confirm to us that they are the child’s legally responsible parent or guardian.

    Security :

    We are committed to protecting the Data you provide us. We have implemented security policies, rules and technical measures to protect the Data that we have under our control, in accordance with applicable data protection laws. The security measures are designed to prevent unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. 

    In addition, we limit access to your Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Data on our instructions and they are subject to a duty of confidentiality.

    We have put in place procedures to deal with any suspected Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

    Data retention :

    We will keep your Data only for as long as is necessary to respond to any queries or complaints, to improve the services that we offer to you, to comply with any legal obligations to which we may be subject, and to comply with medical good practice and regulatory requirements in relation to the retention of medical records. 

    To determine the appropriate retention period for Data, we consider the amount, nature, and sensitivity of the Data, the potential risk of harm from unauthorised use or disclosure of your Data, the purposes for which we process your Data and whether we can achieve such purposes through other means, and the applicable legal requirements.

    When your Data is no longer required, we will ensure it is securely deleted or anonymised.

    If you are residing in the Kingdom of Saudi Arabia and order physical goods from us, such as through our online pharmacy, we will only retain the Data related to the transaction for as long as necessary, taking into account the nature of the transaction, unless we are required to retain the Data longer by law.

    Third party sites :

    Our Sites may provide links to third-party websites for your convenience. If you access those links, you will leave our Sites. We do not control those third party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party websites. This Privacy Policy does not cover the personal data you choose to give to unrelated third parties. We encourage you to review the privacy policy of any company before submitting your Data. Some third-party companies may choose to share their personal data with us; that sharing is governed by that third-party company's privacy policy.

    Enquiries and complaints 

    If you have any questions or concerns in relation to our use of your Data, or would like to exercise your rights under this Privacy Policy, you can contact us by email at

    [email protected]

    or by postal mail at:

    Alsharq Alawsat Pharmacies Company

    8787 King Fahd Road – Olaya – Unit 1 – Riyadh 12214-2490.

     

    Transfer on merger, sale or other event

    In the event that Pharmacies is acquired by or merged with a third-party entity, or all or substantially all of its assets are sold, assigned or transferred to a third party, or upon the occurrence of a change of control of Pharmacies or its bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application to Pharmacies of laws or equitable principles affecting creditors’ rights generally, the information collected by Pharmacies from users may be transferred or assigned as part of such merger, acquisition, sale, change of control or other specified event, but to the extent permitted by applicable law, the obligations of this Privacy Policy shall remain binding on Pharmacies’ successors and assigns.

     

    Emails are sent from the domain raedhealth.com, owned by NoDiet, in collaboration with Dr. Sulaiman Al Habib Pharmacies, as part of the digital medical service process, with the user’s consent provided within the medical declaration form.