Privacy Policy |سياسة الخصوصية

Aaruexx Unified Digital Health Platform (UDHP)
منصة Aaruexx الموحدة للصحة الرقمية

Confidential – For Internal Use Only | سري – للاستخدام الداخلي فقط

Data Controller:

· Eshana Business Solutions W.L.L. (Bahrain) – controller for data collected via the Website/ Portals/ Apps and operations.

Platform Covered:

· Website: www.aaruexx.me

· Android & iOS Mobile Apps

· Platforms and APIs collectively referred to as “Aaruexx UDHP”, “we”, “us”, “our”.

This Privacy Policy is tailored for the Aaruexx Unified Digital Health Platform (UDHP) — including the website (www.aaruexx.me), mobile apps, and associated the platform, for use in the Kingdom of Bahrain.

Compliances:

Aaruexx UDHP respects individual privacy rights and is committed to protecting and securing personal data in accordance with applicable privacy and data protection laws including Bahrain-PDPL, EU-GDPR, and other relevant laws including the below:

· Bahrain Personal Data Protection Law (PDPL) No. 30 of 2018

· Bahrain Telecommunications Law No. 48 of 2002

· Bahrain Electronic Communications and Transactions Law No. 54 of 2018

· Bahrain Information Technology Crimes Law No. 60 of 2014

· EU General Data Protection Regulation (GDPR)

· Bahrain NHRA Good Documentation Practice Policy 2020

User Categories:

This policy covers all user categories:

· Personal Users (Patients)

· Health Professionals

· Healthcare Providers

· Insurance & Third-Party Administrators (TPAs)

· Corporate Clients

This Privacy Policy explains:

· What personal data we collect

· How and why we collect it

· How we use, store, share, and protect it

· Your rights with respect to your personal data

This policy applies to all users of our website, apps, and digital health platform.

Policy Terms:

This Privacy Policy includes details of the policy terms as listed below, which users shall explicitly consent to and agree to use the Aaruexx UHDP Website/Portal/Mobile Apps:-

· Personal Data Collected

· The purpose, usage,

· Means and Modes of Personal Data Collection,

· How and to whom Aaruexx UDHP will disclose such information.

· How we use the Personal Data

· How your data is used and processed

· Retention and destruction of such information

· Personal information is transferred or becomes subject to a different privacy policy

· Customer Support

· User Rights

· Rights of the Aaruexx UDHP

Introduction:

Eshana Business Solutions W.L.L. (“us”, “we”, or “ESHANAHEALTH”, which also includes its affiliates, partners and group companies) is the exclusive License holder of Aaruexx UDHP for the Kingdom of Bahrain (Bahrain) region licensed by Eshana Healthcare Private Limited, the author, publisher and owner of the Aaruexx IPR (Intellectual Property Rights) including but not limited to its Trademarks, Copyright and Patents or such IPR that it will own in the future; of the internet resource The Aaruexx Unified Digital Health Platform (“Aaruexx UDHP”) which is accessed through the ESHANAHEALTH owned website www.aaruexx.me on the world wide web as well as the licensed software, services and applications provided by Aaruexx UDHP, including but not limited to the ‘Aaruexx UHDP’ Platform and the digital health ecosystem (together, with the Website, Platform, Portals and Mobile Apps, referred to as the “Services”).

This privacy policy (“Privacy Policy“) explains how we collect, use, share, disclose and protect Personal Data about the Users of the Services, including the Providers (as defined in the Terms of Use set out in the Aaruexx UDHP Bahrain-Terms and Conditions, which may be accessed via the following web-link https://www.aaruexx.me/terms-of-use (the “Terms of Use”), the End-Users (as defined in the Terms of Use), and the visitors of Website/Platform/Portal/Apps (jointly and severally referred to as “you” or “Users” in this Privacy Policy). We created this Privacy Policy to demonstrate our commitment to the protection of your privacy and your Personal Data. Your use of and access to the Services is subject to this Privacy Policy and our Terms of Use. Any capitalised term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms of Use.

By using the services or by otherwise giving us your information, you will be deemed to have read, understood and agreed to the practices and policies outlined in this privacy policy and agree to be bound by the privacy policy. You hereby consent to our collection, use and sharing, disclosure of your information as described in this privacy policy. We reserve the right to change, modify, add or delete portions of the terms of this privacy policy, at our sole discretion, at any time. If you do not agree with this privacy policy at any time, do not use any of the services or give us any of your information. If you use the services on behalf of someone else (such as your child) or an entity (such as your employer), you represent that you are authorised by such individual or entity to (i) accept this privacy policy on such individual’s or entity’s behalf, and (ii) consent on behalf of such individual or entity to our collection, use and disclosure of such individual’s or entity’s information as described in this privacy policy.

When this policy applies:

This Privacy Policy applies to all of the services offered by the owners and Data Controllers and its affiliates, Including services offered on third-party sites, such as advertising services, strategic partners and associates. The aspects of this Privacy Policy do not apply to that extent of the services that have separate privacy policies that do not incorporate this Privacy Policy.

This Privacy Policy doesn’t apply to: The information practices of other companies and organisations that advertise our services, Services offered by other companies or individuals, including products or sites they offer that may include our services to which the policy applies, or products or sites displayed to you in search results, or linked from our services.

Privacy Commitment

This Privacy Policy states the following:

· Eshana Business Solutions W.L.L. is committed to protecting user privacy during the use of the website ‘www.aaruexx.me’ and the ‘Aaruexx UDHP’ digital products; and recognises the responsibility to hold user personal information secure and confidential.

· Users can visit the www.aaruexx.me website without revealing any personal information. However, registered users require submitting relevant personal information about yourself or others, which is treated securely, fairly, and lawfully. Any information collected, stored or processed is done in accordance with all applicable laws and regulations in all operating jurisdictions, including the EU’s General Data Protection Regulation and Bahrain’s Personal Data Protection Law.

· When we ask you for personal information online, it will only be in response to you using one of our online products or services, such as Aaruexx UDHP user accounts and ‘Services’ on the Aaruexx 4ME App, Aaruexx DocPro App and Aaruexx Business Portals Platform. We may use the personal information you provide for the purpose of providing more relevant content to you.

· This Privacy policy sets out the basis upon which any personal data we collect from you, or provided to us will be processed by us. Please read this policy carefully to understand how your personal information will be treated. By submitting your personal details to us, you explicitly agree to the Privacy Policy and User Policies, in accordance with the terms and conditions in this policy. However, should applicable laws or regulations dictate, no personal information will be stored or processed without your explicit written approval, which you may revoke at any time. This policy may be changed from time to time as notified on the Website/Apps/Portal/Platform; so please read and agree to the same periodically.

Table of Contents | جدول المحتويات

(English)

(العربية)

1. Definitions

١. التعريفات

2. Legal Framework

٢. الإطار القانوني

3. Categories of Data Collected

٣. فئات البيانات التي يتم جمعها

4. Purpose of Processing

٤. أغراض المعالجة

5. Lawful Basis for Processing

٥. الأساس القانوني للمعالجة

6. Data Protection & Security

٦. حماية البيانات والأمان

7. Cross-Border Data Transfers

٧. نقل البيانات عبر الحدود

8. Data Sharing

٨. مشاركة البيانات

9. Data Retention

٩. الاحتفاظ بالبيانات

10. User Rights

١٠. حقوق المستخدم

11. Cookies & Tracking

١١. ملفات تعريف الارتباط والتتبع

12. Accountability & Governance

١٢. المساءلة والحوكمة

13. Contact Information

١٣. معلومات الاتصال

14. Amendments

١٤. التعديلات

15. Children’s Data

١٥. بيانات الاطفال

16. Consent

١٦. موافقة

17. Changes to this Policy

١٧. تغييرات على هذه السياسة

18. Privacy Statements

١٨. بيانات الخصوصية

1. Definitions

1.1 “Platform” refers to the Aaruexx Unified Digital Health Platform (UDHP), including the website www.aaruexx.me and associated website, network, portals and mobile applications.
1.2 “Personal Data” means any information relating to an identified or identifiable natural person directly or indirectly, as defined under Bahrain Personal Data Protection Law No.30 of 2018 and GDPR.
1.3 “Sensitive Personal Data” includes health information, medical records, biometric identifiers, medical history, diagnostic information, and other data disclosed by users, in the context of healthcare services, classified under Bahrain PDPL and GDPR.
1.4 “Controller” refers to Eshana Business Solutions W.L.L., Bahrain, responsible for determining the purposes and means of processing personal data; which means any operation performed on personal data including collection, use, storage, transfer, disclosure, erasure, or destruction.

1.5 “User” refers to personal users, health professionals, healthcare providers, insurance companies/TPAs, and corporate clients accessing the Platform. The types of users are elaborated below:

· Personal Users: Individuals who register on the Aaruexx UDHP platform through the Aaruexx 4ME mobile App; for their personal healthcare including scheduling doctor’s appointments, physical or virtual consultations, health records, sick leave and medical reports and e-prescriptions, etc. for their own personal purpose.

· Health Professionals: Users registering on Aaruexx DocPro Mobile App as practicing health professionals, to use the Aaruexx UDHP Platforms for scheduling appointments, provide physical or virtual consultations, use the Smart EMR (ASeMAR), order medications, and issue prescriptions and sick leave, provide follow ups, and manage their OPD services; manage queries, receive patient investigation reports, manage inward and outward Referrals, manage Insurance Claims queries,

· Healthcare Providers: Business Account users registered on the Aaruexx Providers Portal, including Clinics, Dental Clinics, Medical Centres, Hospitals, Diagnostic and Therapy Centres, Pharmacies, Rehab and long term care centres, Opticians; where Provider Admins can set up users, like Doctor, Nurses, Technicians, Pharmacists, Officials, etc.. Setup their service profile, pricing and discounts, Insurance Network, formularies; and where doctors use the Provider Portal to provide consultations, generate Health Records on the Aaruexx Smart EMR (ASeMAR), provide Referrals, submit Insurance Claims, manage their appointment schedules, generate cash invoices, e-prescriptions and sick leave sanctions. Doctors under the Provider Portal can also use the Aaruexx DocPro Mobile app to manage their patient care services.

· Insurers/TPAs: Business Users registered on the Aaruexx Insurance/TPA Portal, who can set up their Healthcare Providers Network, Corporate Client network, use the Aaruexx Smart TOB (ASeTOB) to set up their Insurance Policy Benefits, Insurance Products and receive instant automated insurance claims and patient medical reports, automated Claim invoices; from providers/doctors in their network; accept, approve or reject claims, and interact with doctors to raise queries and process claims.

· Corporate Clients: Business Users registered on the Aaruexx Corporate Portal, who can set up their employees’ lists, Health Insurance coverage, and monitor insurance usage, medical visit reports, manage sick leaves, manage active employees, avail cost effective Insurance Policy products, ensure efficient use of health insurance coverage provided to their employees. The employees use the Aaruexx 4ME mobile App to engage and manage their personal medical services under their Corporate Employer.

Definitions of Technical Terminologies:

· Cookies: A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies. Learn more about how we use data including cookies, when you use our partners' sites or apps.

· Device: A device is a computer that can be used to access our services. For example, desktop computers, tablets, smart speakers, and smartphones are all considered devices.

· Sensitive personal information: This is a particular category of personal information relating to topics such as confidential medical facts, racial or ethnic origins, political or religious beliefs, or sexuality.

· Detect abuse: When we detect spam, malware, illegal content (including child sexual abuse and exploitation material), and other forms of abuse on our systems in violation of our policies, we may disable your account or take other appropriate action. In certain circumstances, we may also report the violation to appropriate authorities.

· Non-personally identifiable information: This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.

· Personal information: This is information that you provide to us which personally identifies you, such as your name, email address, or billing information, or other data that can be reasonably linked to such information by us, such as information we associate with your user Account.

· IP address: Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet. Learn more about how we use location information.

· Server logs: Like most websites, our servers automatically record the page requests made when you visit our sites. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser. Depending on the user’s service, a different address may be assigned to the user by their service provider each time they connect to the Internet.

2. Legal Framework

This Privacy Policy is issued in compliance with the relevant Laws of the Kingdom of Bahrain:

The Law on the Protection of Privacy (Law No. 30 of 2018)

Electronic Communications and Transactions Law (Law No. 54 of 2018)

Law No. 60 of 2014 on Information Technology Crimes

Telecommunications Law No. 48 of 2002

The Bahrain Cyber Security Law (Law No. 16 of 2018)

NHRA -Good Documentation Practice Policy-June-2020

GDPR- General Data Protection Regulation (EU)- 2016/679; version OJ L 119, of 4th May 2016; corresponding to OJ L 127, of 23rd May 2018 effective from 25th May 2018. (refer to link: www.gdpr-info.eu.)

3. Categories of Data Collected

3.1 Personal Identification Data: Name, date of birth, nationality, contact details.
3.2 Health Data: Medical records, prescriptions, diagnostic reports, treatment history.
3.3 Professional Data: Licenses, qualifications, affiliations of healthcare professionals.
3.4 Corporate Data: Employer details, insurance coverage, corporate health program data.
3.5 Technical Data: IP address, device identifiers, cookies, usage logs.

Specific Personal Data collected:

A. Personal Information

· Full Name

· Date of Birth and Gender

· National ID / Passport Number and images

· Contact Details (Email, Phone)

· Address, Location

· Employer details, Health Insurance details, corporate health programs.

· Photo/Selfie Image/ Biometrics/ Face Id

· Marketing communications related data

B. Health Data (Sensitive)

Collected only with explicit user consent and for medical services:

· Medical history

· Test Results, Diagnoses

· Appointments

· Clinical Records

· Medical records, prescriptions

· Insurance claim details

· Payments and billing details

· Sick Leave data

· Referral and care flow details

C. Usage & Technical Data

· IP addresses

· Device identifiers

· Browser and device information

· App usage logs

· Cookies and tracking data

D. Health Professionals Data

· NHRA Medical License

· License Category and Privilege

· Specialty and Designation

· Contact details Email/Phone

· Specialisation and Sub Specialisation

· Place/s of Practice and Location/s

· Qualifications and Professional Experience

· Professional Profile and Areas of Expertise

· OPD Schedule/s

· Digital Signature and Stamp

· Photograph

· Affiliations with Healthcare Providers

E. Healthcare Providers Data

· Type of Health facility

· NHRA Facility License and Company CR

· Authorisation from Owner/Managing Director

· Responsible Person Name, Email, Phone

· Departments and Services

· List of Health Professional Users/ Practicing Doctors

· Service Prices List

· Insurance/TPA Network and Discounts

· In house Pharmacy-Formulary

F. Insurance/TPA Data

· Company CR and CBB License

· Authorisation from Owner/Managing Director

· Responsible Person Name, Email, Phone

· Provider Network

· Corporate Clients details

· Insurance Policies- Table of Benefits (TOB) details

· Location and Address

G. Corporate & Insurance Data

For Organisational Accounts:

· Company name and registration

· Authorisation from Owner/Managing Director

· Responsible Person Name, Email, Phone

· Industry, employee count

· Insurance details and insured employee details

· Corporate contacts

Collection of Personal Data:

Generally some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. You hereby consent to the collection of such information by Aaruexx UDHP. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:

· Contact data (such as your email address and phone number);

· Demographic data (such as your gender and your date of birth);

· Data regarding your usage of the services and history of the appointments made by or with you through the use of Services;

· Other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters) including any images and other documents/files;

· Data shared by the Providers pertaining to the treatment availed by you.

The information collected from you by Aaruexx UDHP may constitute ‘Personal Data’ or ‘Sensitive Personal Data. “Personal Data” is defined under the Personal Data Protection Law (PDPL) to mean any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data, through the use of identification elements such as his/her name, voice, image, identification number, his/her electronic identifier, his/her geographical location, or by one or more physical, physiological, economic, cultural or social characteristics.

The Personal Data Protection Law further defines “Sensitive Personal Data” of a person to mean any data which directly or indirectly reveals a natural person’s family, ethnic origin, political or philosophical opinions, religious beliefs, criminal record, biometric data, or any data relating to such person’s health and physical, psychological, mental, genetic or sexual condition, including information related to the provision of healthcare services to him/her which reveals his/her health status. Aaruexx UDHP will be free to use, collect and disclose information that is freely available in the public domain without your consent.

The personal data collected for the specific services

We collect a range of personal data directly from you and, in some instances, from third parties. We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together.

We also collect; use and share aggregate data, such as statistical or demographic data, for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

How we collect your personal data

We use different methods to collect data from and about you including through:

Direct interactions: You may give us your Identity, Contact, Profile, Sensitive Personal Data, Insurance, Business and Medical Data by filling in forms, using our mobile app, using our Portal, or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:

· Download and use our mobile app;

· Visit and use our Portal;

· Apply for our services;

· Apply for one of our job positions;

· Visit our offices;

· Create an account on our online services;

· Subscribe to our service;

· Request marketing to be sent to you;

· Give us feedback or contact us.

Automated Technologies or Interactions: As you interact with our mobile app & portal, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

Third Parties or Publicly available sources: We will receive personal data about you from various third parties and public sources as set out below:

· Identity, Contact, Profile, Insurance, Business, and Sensitive Personal Data from Healthcare Providers we work with to provide Medical Services details, Claims, referrals, Claim invoices, to process their medical claims through Healthcare Provider Portals.

· Identity, Contact, Profile, Insurance, Business, and Sensitive Personal Data from Insurance/TPAs we work with to provide Medical Services details, Claims, referrals, Claim invoices, and Payments details to process their medical claims through Insurance/TPA providers Portals.

· Identity, Contact, Profile, Insurance, Business, and Sensitive Personal Data from Corporate Payers we work with to provide Insured Employee details, Insurance coverage details, to process Payments of their employees medical services or process their medical claims through Corporate Portals.

· Identity, Contact, Profile, Insurance, Medical Activity, Claims and Referrals, Transactional, and Sensitive Personal Data from subsidiaries of Aaruexx UDHP in order to comply with KYC and regulatory checks.

· Identity and Contact Data received from other Healthcare Providers or other Authorities to follow-up on complaints raised by member users.

4. Purpose of Processing Personal Data:

4.1 Provision and management of personalised healthcare services via the Platform.
4.2 Support User Accounts & Authentication

4.3 Coordinate Clinical and Tele Health services

4.4 Facilitate Insurance and Claims processing

4.5 Communicate with Users, (Notifications, Support)

4.6 Facilitate communications between patients, professionals, providers, insurers/TPAs and corporates.

4.7 Improve system features, analytics, platform functionalities, Security and user experience.
4.8 Compliance with NHRA medical documentation standards.
4.9 Insurance claims management and corporate health program administration.
4.10 Platform functionality, security, and user experience improvement.
4.11 Compliance with legal, regulatory, and audit obligations.

Processing of Sensitive Health Data:

Under the Bahrain PDPL, health data is "Sensitive Personal Data."

We process this data only under the following conditions:
* To provide medical diagnosis and healthcare services.
* With your explicit written/electronic consent.
* For the management of health-insurance claims and services.

Specific Conditions for the Processing of Sensitive Personal Data

(Article 5 of PDPL (30) of 2018-Bahrain)

The processing of sensitive personal data is prohibited without the user’s consent, except where the following applies:

1. Processing is necessary for the purposes of carrying out the obligations and rights of the data controller, as stipulated by law with respect to those working under his authority in the course of employment

2. Processing is necessary to protect any individual, where the user or the user’s custodian, legal guardian, or conservator, is legally incapable of giving his or her consent, subject to obtaining the Authority’s prior approval pursuant to Article (15) of the Bahrain’s PDPL (Law No. 30);

3. Processing relates to data, which is made available to the public, by the data subject

4. Processing is necessary for pursuing any legal claims or defences, including the needed preparations thereof

5. Processing that is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare or treatment, or for the management of healthcare services which is carried out by a licensed member of a medical profession, or by any other person who is bound by a duty of confidentiality as imposed by law.

6. Processing carried out in the course of activities of associations, of all kinds, unions and other non- profit-seeking bodies, provided that: a. the processing is carried out only where necessary for the purpose of what the association, union or body has been established for; b. the processing relates solely to data which belongs to the members of this association, union, body or individuals who have regular contact with such association, union or body with reference to the nature of its activity; and c. the data shall not to be disclosed to any other person, except where the data subject consents to such disclosure.

7. Processing is carried out by a competent public body to the extent necessary to carry out its legitimate duties as laid down by virtue of a law.

8. Processing of data relating to racial, ethnic, or religious origins where the processing is necessary for the purpose of identifying the existence or absence of equality of opportunity or treatment between members of the society of different racial or ethnic or religious origins, provided that such processing is carried out with appropriate safeguards for the rights and freedoms of data subjects as prescribed by law.

How we use your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

· Where we need to perform the contract we are about to enter into or have entered into with you.

· Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

· Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data, although we will get your explicit consent where sensitive personal data is being processed. You have the right to withdraw consent to at any time by contacting us.

See Lawful Bases’ section in this policy to find out more about the types of lawful basis that we will rely on to process your personal data.

PURPOSE and USE: for which we will use your personal data

A description of all the ways we intend to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate as outlined in Table below: -

Purpose and Usage of Collected Personal Data:

Legal Bases

Contractual Obligations

On boarding Service / Account opening service / User Identity and verification service (KYC):

To provide On boarding Service using user
To provide Account opening service
To comply with Regulatory requirements
To seek consent when we require it from you and to manage your consents and preferences, including where you decide to withdraw consent.

Medical Service, Claims and Payments service:

To provide Doctor Consultation services
To provide you with Health Insurance services.
To provide you with Medical records, Prescription and Clinical care Services
To set up your accounts to use our online services.
To provide customer support relating to products and services you hold with us on the Mobile App, at our Health Providers, via website, portals, apps or support channels.
To advise you where we believe that you may be interested in products and services related to those you already hold.
To identify corporates with which Aaruexx UDHP services could work.
To identify Healthcare Providers who provide medical care, create health records; provide referrals and medical claim information, process payments for Insurance/TPAs that we work with as per the contracts in place.
To provide Corporates management of insured medical services to their employees through our network of health providers and TPAs.

To comply with rules and regulations set out by the government and regulators, including the NHRA, etc. such as performing KYC and other needed checks.
To exercise our rights as set out in contracts and agreements.

Other Services:

To carry out standard business functions
To onboard Providers to the Platform where you have registered for medical services.
To manage our technology and IT systems to deliver our business requirements.
To store, archive and destroy documentation in line with retention laws and requirements.

Legitimate Interests

User authentication service:

To authenticate secure access and security features to your Medical Records and Insurance profiles with us
To provide Claim and Referral and Medical Care Services

Customer Support and communication services:

To promote our business
To directly market our products and services to you in relation to products you already hold with us.
To directly market our products and services to you if you have expressed an interest in our products.
To withhold from promoting products and services to you where you have opted-out of direct marketing.
To develop our general advertising campaigns based on our macro customer analysis, both via social media and conventional media methods.
To manage our website and social media accounts to promote our business and engage with you online, including responding to your queries.

Legal Obligations

Verification and KYC:

To comply with national and international law
To comply with applicable regulations and laws
To process due diligence on all clients and future clients.
To comply with regulatory compliance like KYC etc..

Security Services:

To manage security, risk and fraud prevention
To defend our interests via civil and criminal legal action.
To support internal and external audits of our business.
To implement security measures to protect data, and misuse.

5. Lawful Bases for Processing

Personal Data is processed based on one or more of the following lawful grounds, (Under PDPL & GDPR and other relevant Laws applicable in the Kingdom of Bahrain):
5.1 Consent of the User. (Consent)
5.2 Performance of a contract with the User, (Contractual necessity)
5.3 Compliance with legal obligations under Bahrain and international law. (Legal Obligations)
5.4 Legitimate interests pursued by the Controller, balanced against User rights.

5.5 Vital Interests (in emergencies)

Sensitive health data is processed only with explicit consent or as required for treatment, billing, public health protection, or legal compliance.

Our Lawful Bases explained

Personal Data protection laws applicable to Aaruexx UDHP set out a number of requirements for legitimate processing of your personal data, these are often known as lawful bases for processing. These lawful bases are:

· Contractual obligation – processing of personal data in order to implement a contract to which you are a party or, upon your request, to conclude a contract;

· Legal requirement – processing of personal data to implement an obligation prescribed by the Law or implementation of a court order from a competent Court or the Public Prosecution;

· Protection of your vital interests – processing of personal data to save your life;

· Legitimate interests – processing personal data where we have a legitimate interest to do so in order to run our business. We may use this basis where it does not conflict with your rights and freedoms set out in ‘Your legal rights’ below.

· Vital interests – processing personal data in emergencies

6. Data Protection and Security

We implement organisational and technical safeguards including:

6.1 Personal Data shall be stored securely using encryption, in transit and at rest, with audit trails.

6.2 Access controls and Authentication
6.3 Sensitive Personal Data shall be subject to enhanced protection measures. Health data is classified as sensitive personal data under Bahrain PDPL and GDPR.
6.4 Access shall be restricted to authorised personnel only.
6.5 Regular cyber-security audits shall be conducted in compliance with Bahrain IT Crimes Law.

6.6 Secure software development practices

6.7 Breach Notification Timelines

Security Measures taken:
We implement technical and organisational measures to prevent unauthorised access, including:
* Multi-Factor Authentication (MFA) for Users including personal and business users.
* End-to-end encryption for telemedicine and messaging.
* Regular security audits in compliance with the IT Crimes Law.

How we protect your Personal Data

We treat the security of all data held by us with the utmost importance, and that includes your personal data.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Despite best efforts, no system is fully risk-free. Users should take precautions to protect their login credentials.

7. Cross Border Data Transfer

7.1 Data may be transferred between Bahrain, India, and other jurisdictions where service the data controllers are located.
7.2 Such transfers shall comply with GDPR adequacy principles and Bahrain PDPL safeguards.

* Cross-Border Note: Since India is on Bahrain's Adequacy List (Resolution No. 42 of 2022), there is no need for specific prior authorization from the Ministry of Justice for data transfer to India;

International Third Parties Data Transfers and Platform Networks

Where External Third Parties are based outside the EEA and/or Bahrain so their processing of your personal data will involve a transfer of data outside the EEA and/or Bahrain.

Whenever we transfer your personal data out of the EEA and/or Bahrain, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

· We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission GDPR Article 45: Transfer on the basis of an Adequacy Decision for the protection of personal data.

· Where we use certain service providers, we may use specific contracts approved by the relevant authorities that give personal data the same level of protection. For further details, see European Commission GDPR Article 46-47: Binding Corporate Rules subject to appropriate safeguards, for the transfer of personal data to third countries.

· Where we use providers based in the US, we may transfer data to them if they are part of the Privacy container Shield, which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism we use when transferring your personal data out of the EEA and/or Bahrain.

Third-party services of Health Professionals or Healthcare Providers

We engage, retain or might, as per requirement and business needs of the Company, employ, engage, contract with third party service Health Professionals/Healthcare Providers to work on behalf of or with us, under agreements containing confidentiality obligations and in accordance with law, in relation to the services provided by us on the Platform. These third-party service providers may use your personal information in conducting their activity in the Aaruexx UDHP Ecosystem, processing medical service activity, assisting us to communicate with you about our offers, feedback of Services, assisting in payments, providing customer support, assisting in advertising on the Platform etc. We may employ third party companies and/or individuals to help improve or facilitate our service, to provide the Service on our behalf, to perform platform-related services, including but not limited to: Clinical Services, Medical Claims, Doctor Referrals, Sick Leave, Promotions and offers, payments, Insurance Policies, maintenance services, fraud detection services, database management, web analytics, monitoring, delivery/logistics and evaluation services. In this event, your information may be shared with such third-party companies and/or individuals;

Third-party Services that collect and process Personal Data

· Identity verification services that collect images, videos and documents to verify customer identity.

· User validation service provider to make our users eligible for medical services provided under our platforms ecosystem.

· Tele Medicine Services provider for video consultation for our Users.

· Clinical Decision Support provider using our user information to provide their services for prescription safety and drug related error prevention.

· Consent Manager who manage user consent rules and compliances

· Customer behaviour analytics services that collect and analyse behaviour data and device data

· Marketing attribution services that collect and optimise customer data from marketing platforms

· Cyber Security Consultants who monitor and advise on the compliances and data breach and risk assessments.

· Financial Accounting Managers, managing operational finance analytics.

· Insurance Brokers, providing liaison and Corporate Client Network development

8. Disclosure & Sharing of Data

8.1 Personal Data may be shared with:
• Licensed healthcare professionals and healthcare providers.
• Insurance companies and TPAs.
• Corporate clients and Employers for employee health programs.
• Regulators (NHRA, Bahrain authorities) when legally required.

8.2 Personal Data shall not be sold to third parties.

We may share personal data with:

A. Service Providers: Third-party vendors (hosting, analytics, payment processors) under strict security controls.

B. Healthcare Providers & Partners: For clinical care and claim processing, only with user consent.

C. Insurers & TPAs: To facilitate policy verification and claims processing.

D. Legal/Regulatory Authorities: When required by NHRA, or other authorities.

E. Corporate Clients: For corporate plan management, Employee Health Programs and reporting.

Sharing of Personal data:

We may share your personal data with the parties set out below for the purposes set out in the table above:

Internal Third Parties such as other Healthcare Providers, Insurance/TPAs, Professional Users and other subsidiaries of Aaruexx UDHP or External Third Parties such as:

o Insurance and TPA services providers:

§ Insurance and TPA companies, and Insurance related service companies involved in processing Quality Management and Tele Health Providers, Medical Data and Medical Claims and transactions made by you using our services.

§ Card processing and scheme providers who provide the prepaid / debit cards and other payment channel providers, for you to use, including support for these products.

o Government and regulatory bodies:

§ The Central Bank of Bahrain (CBB), Payment channel Providers, National Health Regulatory Authority (NHRA), Supreme Council of Health (SCH), SHIFA fund and other governmental bodies and departments where required by law or an instruction of theirs, including compliance with applicable regulations.

§ The Police or the courts in the event that we wish to take legal action.

o Communications providers:

§ Marketing agencies, social media platforms, and communications firms who operate our website and social media channels on our behalf.

§ Telecommunications firms who we use to contact you about your accounts and products and services you hold with us.

§ Telecommunications firms who may send direct marketing messages to you on our behalf.

o Technology providers:

§ Third-party companies providing us with IT systems, application, or IT support to maintain our systems.

o Ancillary service providers:

§ Storage companies for archiving and destruction of your personal data once we have no need to retain it following the delivery of products and services to you.

§ External legal counsel in the event that we wish to take legal action.

§ Our consultants who support us with our business.

§ Our external auditors for auditing purposes.

§ Recruitment agencies, who support us with identifying and referring potential candidates.

§ Other service providers are required to fulfil our business operations.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Personal Data is anonymised unless the providers are mandated to use Personal Data.

9. Data Retention

9.1 Health records shall be retained in compliance with NHRA Good Documentation Practice Policy (2020).

Retention and Disposal (NHRA Compliance):
In compliance with the NHRA Good Documentation Practice Policy 2020:
* Medical records will be retained for the minimum period required by Bahraini law (typically 15 years for clinical records).
* Non-medical data is retained only as long as necessary for the purposes outlined in this policy.
* Upon expiry of the retention period, data will be securely deleted or anonymised.

9.2 Other Personal Data shall be retained only as long as necessary for the stated purposes or as required by law.

We retain personal data only as long as necessary for:

· The purposes for which it was collected

· Legal, regulatory, or contractual obligations

· Safety, dispute resolution, or fraud prevention

Retention periods vary by data type, service used, and legal requirements.

How long we retain your personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In some circumstances, you can ask us to delete your data: see Your Legal Rights below for further information.

10. User Rights

Users may exercise their rights including:
10.1 Right to request access to your Personal Data.
10.2 Right to correction of inaccurate or incomplete Personal Data.
10.3 Right to request erasure of data (subject to NHRA retention mandates).
10.4 Right to be informed or notified of the processing of your Personal Data.

10.5 Right to object to decisions based on solely automated processing.

10.6 Right to restriction of processing.
10.7 Right to request transfer of your personal data
10.8 Right to object to processing for direct marketing
10.9 Right to withdraw consent at any time.

10.10 Right to Lodge Complaints: with our Data Protection Officer or relevant authority

Under certain circumstances, you have rights under Bahrain’s Personal Data Protection Law No. 30 of 2018, in relation to your personal data. If you would like to exercise any of the rights below, you can do so by filling out this form or by contacting us using the details in the “Our Contact Information” section.

Requests may be submitted to privacy@aaruexx.me. Verification may be required.

No fee is usually required: You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you: We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Response Time: We try to respond to all legitimate requests within 10 calendar days. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints to the Data Protection Authority: Further to the rights that we comply with above, you also have the right to submit a formal written complaint to the relevant Data Protection Authority if you have reason to believe that we have not complied with the data protection laws.

For information on how to submit a complaint to the Data Protection Authority, please contact the Authority directly.

How we ensure your rights

Under the personal data protection laws applicable; you have the right to:

· Be informed if we collect and use of your personal data or if this is done by a third party, on our behalf. We do this by letting you know this within this Privacy Notice.

· Be notified of processing of your personal data, especially as to whether or not we are processing your personal data or if this is done by a third party, on our behalf.

· Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

· Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

· Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.

· Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes, or if the processing causes harm or distress to you or others. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which override your rights and freedoms.

· Object to decisions based on solely automated processing and request that another method be used to evaluate you where a decision has been taken solely based on automated processing of your personal data.

· Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

o If you want us to establish the data's accuracy.

o Where our use of the data is unlawful but you do not want us to erase it.

o Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.

o You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

· Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

· Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

· If you do not provide us your personal data

11. Cookies & Tracking

11.1 The Platform uses cookies for analytics and user experience enhancement.
11.2 Users may manage cookie preferences via browser settings or on the website cookie banner.

11.3 Cookie Wall Prohibited: Under Bahrain PDPL, we do not block access to the website if a user refuses "Marketing" or "Analytical" cookies. Only "Strictly Necessary" cookies can be active by default. You may opt-out from accepting cookies. However, the necessary cookies will be necessary for the effective use of the service.

11.4 Cookies can be deleted by users; If the user has deleted the cookie from the computer since the last time they’ve visited us, then it will be the unique cookie ID assigned to their device the next time they visit us from that particular device.

IP Addresses, Behaviour data and Cookies

We may collect statistical data about our users’ account/portal/app usage actions and patterns, which do not identify the individual. We collect this data by using a “Cookie” file, Cookies are small pieces of information that are stored on and retrieved from your computer by websites/apps/portal for record-keeping purposes. The cookies used by this website/portal/app will not contain any personally identifiable information about you. In the event that we have links to other websites on our site, these third-party websites have their own privacy policies, including cookies; therefore, we urge you to review them, as we have no control over a third-party service provider. It is usually possible to stop your browser from accepting cookies or to stop it from accepting cookies from a particular website. All modern browsers allow you to change your cookie settings. You can usually find these settings in the ‘options’ or ‘preferences’ menu of your browser. To understand these settings, the following links may be helpful, or you can use the ‘Help’ option in your browser for more details.

· Safari on Mac: Manage cookies and website data.

· Clear the history and cookies from Safari on your iPhone, i-Pad, or iPod touch

· Chrome: Clear, enable, and manage cookies.

· Internet Explorer: Delete and manage cookies

· Firefox: Enable and disable cookies that websites use to track your preferences

What are Cookies?

A “cookie” is a small text file that’s stored on your computer, tablet, or phone when you visit a website. Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire, or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor. To learn more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the Internet for other independent information on cookies.

How we use Cookies

If you delete cookies relating to this website we will not remember things about you, including your cookie preferences, and you will be treated as a first-time visitor the next time you visit the site. We use cookies (and other similar technologies) to:

· Provide products and services that you request and enable core website/portal/app functions and to provide a secure online environment.

· Manage our marketing relationships.

· Give you a better online experience and track website/app/portal performance.

· Help us make our website more relevant to you.

· Giving you a better online experience and tracking website performance, and analyse usage.

You’ll still be able to use most of our online services, but some things might not work as you may expect if you do not allow us to store and access these cookies on your device.

These cookies make our online services easier to use and help us to understand how people use our websites.

Helping us to make our website more relevant to you

Enabling us to customise your online experience based upon your individual circumstances, existing product holdings or activities during previous visits to this website. If you do not allow cookies to be stored and accessed on your device, we won’t be able to tailor your experience.

Links To Other Web Sites

Within our website/Portals/Apps, we may have links to third party websites/portals and if you decide to follow those links, Aaruexx UDHP will not be responsible for the privacy practices or the content of those Web sites. They will have their own privacy policies, including cookies, and we urge you to review them.

12. Accountability & Governance

12.1 A Data Protection Officer (DPO) shall oversee compliance with applicable laws.
12.2 Records of processing activities shall be maintained in accordance with Bahrain PDPL and GDPR with compliance audits.
12.3 Data breaches shall be reported to competent authorities within legally mandated timelines.

Contact Information for Privacy Questions:
Should you have questions about this Privacy Policy or Aaruexx UDHP’s information collection, use and disclosure practices, you may contact, the Data Protection Officer appointed by Aaruexx UDHP in accordance with the provisions of the Personal Data Protection Law. We will use reasonable efforts to respond promptly to any requests, questions or concerns, which you may have regarding our use of your Personal Data. If you have any grievance with respect to our use of your information, you may communicate such grievance to the Data Protection Officer.
For any data-related inquiries or to exercise your rights, privacy related concerns or complaints, please contact:
Data Protection Officer (DPO)
Eshana Business Solutions W.L.L.
Bahrain Office: 231, Building 66, Road 383, Block 316,

Manama, Kingdom of Bahrain

Email: privacy@aaruexx.me

Tasks of the data Protection Officer

I. The data protection officer shall have at least the following tasks:

1. To inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;

2. To monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

3. To provide advice where requested as regards the data protection impact assessment and monitor its performance.

4. To cooperate with the supervisory authority;

5. To act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation and to consult, where appropriate, with regard to any other matter.

II. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

13. Contact Information

Contact Details:

If you have any questions or want more details about how we use your personal data, please let us know. You can contact us:

· Email: privacy@aaruexx.me

· Office Telephone: +973 17612745

· Mobile/Chat: +973 39251121

· Address: 231, Building 66, Road 383, Block 316, Manama, Kingdom of Bahrain.

For requests relating to enquiries, support, guidance of technical matters, please contact the following channels:

· Email: support@aaruexx.me

· Office Telephone: +973 17612745

· Mobile/Chat: +973 39251121

· Address: 231, Building 66, Road 383, Block 316, Manama, Kingdom of Bahrain.

14. Amendments

Policy Updates

14.1 This Privacy Policy may be updated periodically to reflect changes in law, technology, or business practices.
14.2 Updates shall be published on www.aaruexx.me with the effective date clearly indicated.

15. Children’s Data

Aaruexx UDHP does not knowingly collect data from children under age 18. If identified, such data will be deleted upon verification.

Children’s and Minor’s Privacy:
Aaruexx UDHP strongly encourages parents and guardians to supervise the online activities of their minor children and consider using parental control tools available from online services and software manufacturers to help provide a child-friendly online environment. These tools also can prevent minors from disclosing their name, address, and other personally identifiable information online without parental permission. Although, the Aaruexx UDHP Platform, Website and Services; are not intended for use by minors; Aaruexx UDHP respects the privacy of minors who may inadvertently use the Internet or the mobile application.

16. Consent

By using Aaruexx UDHP services, users acknowledge and consent to:

· Collection and processing of their personal data as described

· Relevant data sharing under lawful conditions

· Storage and transfer of data as outlined in this policy

Consent To This Policy
You acknowledge that this Privacy Policy is a part of the Terms of Use of the Website/Portal/Apps and the other Services, and you unconditionally agree that becoming a User of the Website/Portal/Apps and its Services signifies your (i) assent to this Privacy Policy, and (ii) consent to Aaruexx UDHP using, collecting, processing and/or disclosing your Personal Data in the manner and for the purposes set out in this Privacy Policy. Your visit to the Website/Portal/Apps and use of the Services is subject to this Privacy Policy and the Terms of Use.

By giving your Consent – you agree that you have given us written, explicit, and clear consent to processing personal data, professional, business data and users’ medical data where processing for services on the Website/Portal/Apps of Aaruexx UDHP is issued based on your free will or based on the free will of your guardian, executor or custodian.
Consent and Authorization:

By clicking "I Accept" or utilising the Platform, you provide explicit, informed, and unambiguous consent for the collection, processing, and storage of your personal and sensitive data.
For Patients/Personal Users: You consent to the sharing of your personal data and health records with authorised Healthcare Providers, Corporate Employers and Insurance/TPAs for the purpose of corporate Health Programs, treatment and claims.
For Health Professionals/Healthcare Providers: You consent to the verification of your credentials and the processing of Professional profile and Healthcare Provider’s profile, services, usage data, and its patients’ medical data.

For Insurance/TPA and Corporate Clients: You consent to the verification of your credentials and processing of your business profile, and service related data, including details of employees, insurance coverage, claims and related medical and patients’ data.
Withdrawal: You may withdraw consent at any time; however, this may limit your ability to use certain features of the Platform.

17. Changes to this Policy

We may update this policy due to:

· Legal/regulatory changes

· New features/services

· Security enhancements

Users will be notified via email, portal, website or app notifications where appropriate.
Aaruexx UDHP may update this Privacy Policy at any time, with or without advance notice. We will not reduce your rights under this Privacy Policy without your explicit consent. We always indicate the date the last changes were published and we offer access to archived versions for your review. If changes are significant, we’ll provide a more prominent notice (including, for certain services, email/website/app/portal notification of Privacy Policy changes), so that you may review the changed terms prior to continuing to use the Services. As always, if you object to any of the changes to our terms, and you no longer wish to use the Services, you may contact support@aaruexx.me to deactivate your account. Unless stated otherwise, Aaruexx UDHP’s current Privacy Policy applies to all information that Aaruexx UDHP has about you and your account.

You may check for changes to Privacy Policy notices from time to time. You may wish to check it each time you submit personal information on our website. The date of the most recent revisions will appear on this page.
If a User uses the Services or accesses the Website/Portal/Apps after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.

18. Privacy Statements

1. All Users Note:

This section applies to all users.

1.1. Accordingly, a condition of each User’s use of and access to the Services is their acceptance of the Terms of Use, which also involves acceptance of the terms of this Privacy Policy. Any User that does not agree with any provisions of the same has the option to discontinue the Services provided by Aaruexx UDHP immediately.

1.2. An indicative list of information that Aaruexx UDHP may require you to provide to enable your use of the Services is provided in the ‘Personal Data Collected’ sections of this Privacy Policy.

1.3 All the information provided to Aaruexx UDHP by a User, including Personal Data or any Sensitive Personal Data, is voluntary. You understand that Aaruexx UDHP may use certain information of yours, which has been designated as Personal Data or ‘Sensitive Personal Data ’ under the Bahrain Personal Data Protection Law No.30 of 2018, (a) for the purpose of providing you the Services, (b) for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, (c) for communication purpose so as to provide you a better way of availing medical services on the Platform/Mobile App and for obtaining feedback in relation to the Health Professionals/ Healthcare Providers and their practice, (d) debugging customer support related issues, (e) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction.

Aaruexx UDHP also reserves the right to use information provided by or about the End-User for the following purposes:

a. Identifying You.

b. Publishing such information on the Website/Platform/Portals, in relation to content posted by you on the Aaruexx UDHP Website/Platform/Mobile App.

c. Contacting End-Users for offering products or services.

d. Contacting End-Users for taking product and Service feedback.

e. For providing of medical care services, Insurance and related services for by End-Users on the Aaruexx UDHP platforms.

f. Analysing software usage patterns for improving product design and utility.

g. Analysing anonymised practice information for commercial use.

h. Affiliated group companies who provide IT and system administration, data processing, product and business development and back-office services.

i. Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities.

j. If you have voluntarily provided your Personal Data to Aaruexx UDHP for any of the purposes stated above, you hereby consent to such collection and use of such information by Aaruexx UDHP. However, Aaruexx UDHP shall not contact you on your telephone number(s) for any purpose including those mentioned in this sub-section 4.1(iii), if such telephone number is registered with the Do Not Call Register (“DNCR”) without your express, clear and un-ambiguous written consent.

1.4 Collection, use and disclosure of information which has been designated as Personal Data or Sensitive Personal Data’ under the Bahrain Personal Data Protection Law No. 30 of 2018, requires your express consent. By affirming your assent to this Privacy Policy, you provide your consent to such use, collection and disclosure as required under applicable law.

1.5 Aaruexx UDHP does not control or endorse the content, messages or information found in any Services and, therefore, Aaruexx UDHP specifically disclaims any liability with regard to the Services and any actions resulting from your participation in any Services, and you agree that you waive any claims against Aaruexx UDHP relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against Aaruexx UDHP relating to the same.

1.6 You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your Personal Data changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through privacy@aaruexx.me. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Aaruexx UDHP has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Aaruexx UDHP may, at its sole discretion, discontinue the provision of the Services to you. There may be limited circumstances where Aaruexx UDHP will not correct, delete or update your Personal Data, including (a) where required by applicable laws and regulations; and (b) if the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.

1.7 Under the Personal Data Protection Law, you have various rights, including the right to: (a) access your Personal Data or Sensitive Personal Data; (b) ask us to correct incomplete or inaccurate data we hold about you; (c) ask us to erase your Personal Data or Sensitive Personal Data; (d) ask us to restrict or stop our processing of your Personal Data or Sensitive Personal Data; (e) object to how we are using your Personal Data or Sensitive Personal Data; and (f) withdraw your consent to us handling your Personal Data or Sensitive Personal Data.

If you wish to cancel your account or request that we no longer use your information to provide you Services, please contact us through support@aaruexx.me. We will retain your information for as long as your account with the Services is active and as needed to provide you the Services or as required under applicable laws and regulations. We shall not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. After a period of time, your data may be anonymised and aggregated, and then may be held by us as long as necessary for us to provide our Services effectively, but our use of the anonymised data will be solely for analytic purposes. Please note that your withdrawal of consent, or cancellation of account may result in Aaruexx UDHP being unable to provide you with its Services or terminating any existing relationship Aaruexx UDHP may have with you.

1.8 If you wish to opt-out of receiving non-essential communications such as promotional and marketing-related information regarding the Services, please send us an email at support@aaruexx.me.

1.9 Aaruexx UDHP may require the User to pay by Cheque, Bank Transfer, Debit Card/Credit Card, BenefitPay, Credimax, or any other approved payment method for Services which are payable. Aaruexx UDHP will collect such User’s credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User; through the authentication process. User’s credit-card/debit card details are transacted upon secure sites of approved payment gateways, which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, Aaruexx UDHP provides you an option not to save your payment details. User is advised, however, that Internet technology is not full proof safe and User should exercise discretion on using the same.

1.10 Due to the communications standards on the Internet, when a User or the End-User or anyone visits the Website, Aaruexx UDHP automatically receives the URL of the site from which anyone visits. Aaruexx UDHP also receives the Internet Protocol (IP) address of each User’s computer (or the proxy server a User used to access the World Wide Web), or Device Id, User’s computer operating system and type of web browser the User is using, email patterns, as well as the name of User’s ISP. This information is used to analyse overall trends to help Aaruexx UDHP improve its Service. The linkage between User’s IP address and User’s personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, Aaruexx UDHP may share and/or disclose some of the aggregate findings (not the specific data) in anonymised form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.

1.11 The Website and Platform uses temporary cookies to store certain information (that is not Sensitive Personal Data) that is used by Aaruexx UDHP and its service providers for the technical administration of the Website, research and development, and for User administration. In the course of serving advertisements or optimising services to its Users, Aaruexx UDHP may allow authorised third parties to place or recognise a unique cookie on the User’s browser. The cookies however, do not store any Personal Data of the User. You may adjust your Internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.

1.12 A User may have limited access to the Website/Mobile Apps without creating an account on the Website. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website/Mobile App. To create an account, a User is required to provide the following information, which such User recognises and expressly acknowledges is Personal Data allowing others, including Aaruexx UDHP, to identify the User: name and contact number and follow further steps of full registration. Other information requested on the registration page, including the ability to receive promotional offers from Aaruexx UDHP, is optional. Aaruexx UDHP may, in future, include other optional requests for information from the User to help Aaruexx UDHP to customise the Website/Platform/App to deliver personalised information to the User.

1.13 Aaruexx UDHP does not exercise control over the sites displayed as search results or links from within its Services. These other sites may place their own cookies or other files on the Users’ computer, collect data or solicit personal information from the Users, for which Aaruexx UDHP is not responsible or liable. Accordingly, Aaruexx UDHP does not make any representations concerning the privacy practices or policies of such third parties or terms of use of such websites, nor does Aaruexx UDHP guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion does not imply any endorsement by Aaruexx UDHP of the website, the website’s provider, or the information on the website. If you decide to visit a third party website linked to the Website, you do this entirely at your own risk. Aaruexx UDHP encourages the User to read the privacy policies of that website.

1.14 The Website may enable User to communicate with other Users or to post information to be accessed by others, whereupon other Users may collect such data. Such Users, including any moderators or administrators, are not authorised Aaruexx UDHP representatives or agents, and their opinions or statements do not necessarily reflect those of Aaruexx UDHP, and they are not authorised to bind Aaruexx UDHP to any contract. Aaruexx UDHP hereby expressly disclaims any liability for any reliance or misuse of such information that is made available by Users or visitors in such a manner.

1.15 Aaruexx UDHP maintains a strict “No-Spam” policy, which means that Aaruexx UDHP does not intend to sell, rent or otherwise give your Personal Data to a third party without your consent.

1.16 Aaruexx UDHP has implemented best international market practices and security policies, rules and technical measures to protect the Personal Data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorised access to the User’s electronic devices through which the User avails the Services, Aaruexx UDHP shall not be held liable for any loss whatsoever incurred by the User.

1.17 By using Aaruexx UDHP, you acknowledge and provide your explicit consent to the processing, transfer and storage of your Personal Data and medical data inside and outside the Kingdom of Bahrain by and to our affiliated group companies. Aaruexx UDHP implements reasonable security practices and procedures and has a comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Aaruexx UDHP’s business. Where we transfer your Personal Data as stated above to third parties, we aim to ensure a similar degree of protection is afforded to the Personal Data by such third parties through the use of strict contractual obligations.

1.18 Aaruexx UDHP takes your right to privacy very seriously and other than as specifically stated in this Privacy Policy, will only disclose your Personal Data in the event it is required to do so by law, rule, regulation, law enforcement agency, governmental official, legal authority or similar requirements or when Aaruexx UDHP, in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply the Terms of Use.

2. Business Users Note:

(Healthcare Providers/Insurance & TPAs/Corporate Employers)

This section applies to all Business Users.

2.1 As part of the registration as well as the application creation and submission process that is available to Business Users on Aaruexx UDHP, certain information, including Personal Data or Sensitive Personal Data, or their customers’ data is collected from the Business Users.

2.2 All the statements in this Privacy Policy apply to all Business Users, and all Business Users are therefore required to read and understand the privacy statements set out herein prior to submitting any Personal Data or Sensitive Personal Data to Aaruexx UDHP, failing which they are required to leave the Services on the Aaruexx UDHP, including the Website immediately.

2.3 Business users’ personally identifiable information, which they choose to provide to Aaruexx UDHP, is used to help the Business Users describe and identify themselves: this information is exclusively owned by Aaruexx UDHP. You will be the owner of your information and you consent to Aaruexx UDHP collecting, using, processing and/or disclosing this information for the purposes hereinafter stated for the purposes of performance of the processing requirements on the Aaruexx UDHP. Aaruexx UDHP may use such information for commercial purposes and in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes. Aaruexx UDHP also reserves the right to use information provided by or about the Business Users for the following purposes:

a. Publishing such information on the Website or Platform UDHP ecosystem.

b. Contacting Business Users for offering new products or services subject to the telephone number registered with the Do-Not-Call Register (DNCR).

c. Contacting Business Users for taking product feedback.

d. Analysing software usage patterns for improving product design and utility.

e. Analysing anonymised practice information including financial, and inventory information for commercial use.

2.4 Aaruexx UDHP automatically enables the listing of Business Users’ information on its Platform for every ‘Doctor’ or ‘Clinic’ or ‘Hospital’ or other Healthcare Providers or Insurance/TPA or Corporate Employer added to a Business User/Personal User using its software. Likewise, Employees’/Insured Members’ information is automatically added as Personal users on the Platform under the respective Corporate Employer Clients, Insurance Companies and TPAs using its software. The Business Users information listed on Website/Platform is displayed when End-Users search for doctors, and the Healthcare Providers’ information listed on Website/Platform is used by End-Users to request for doctor appointments and avail services on the Platform/Portal/Mobile Apps. Any personally identifiable information of the Business Users listed on the Website/Platform is not generated by Aaruexx UDHP and is provided to Aaruexx UDHP by Business Users who wish to enlist themselves on the Website/Platform, or is collected by Aaruexx UDHP from the public domain. Aaruexx UDHP displays such information on its Website/Platform on an as-is basis making no representation or warranty on the accuracy or completeness of the information. As such, we strongly encourage Business Users to check the accuracy and completeness of their information from time to time, and inform us immediately of any discrepancies, changes or updates to such information. Aaruexx UDHP will, however, take reasonable steps to ensure the accuracy and completeness of this information.

2.5 Aaruexx UDHP may also display information for Business Users who have not signed up or registered for the Services, provided that the information is obtained from official sources in the public domain: Such Business Users are verified by Aaruexx UDHP or its associates, and Aaruexx UDHP makes every effort to capture accurate information for such Business Users. However, Aaruexx UDHP does not undertake any liability for any incorrect or incomplete information appearing on the Website/Platform for such Business Users. Business Users’s rights in relation to their Personal Data are set out in the sections for all users of the Privacy Policy.

3 End-Users Note:
This section applies to all End-Users.

3.1 As part of the registration/application creation and submission process that is available to End-Users on this Website/Platform/Mobile Apps, certain information, including Personal Data or Sensitive Personal Data is collected from the End-Users.

3.2 All the statements in this Privacy Policy apply to all End-Users, and all End-Users are therefore required to read and understand the privacy statements set out herein prior to submitting any Personal Data or Sensitive Personal Data to Aaruexx UDHP, failing which they are required to leave the Aaruexx UDHP Platform immediately. Your rights in relation to your Personal Data are set out in section for all users of the Privacy Policy.

3.3 If you have inadvertently submitted any such information to Aaruexx UDHP prior to reading the privacy statements set out herein, and /or you do not agree with the manner in which such information is collected, processed, stored, used or disclosed; then, you may access, modify and delete such information by using options provided on the Website/Platform. In addition, you can, by sending an email to privacy@aaruexx.me, inquire whether Aaruexx UDHP is in possession of your Personal Data, and you may also request Aaruexx UDHP to delete and destroy all such information.

3.4 End-Users’ personally identifiable information, which they choose to provide on the Website/Platform/Mobile Apps is used to help the End-Users describe/identify by themselves. Other information that does not personally identify the End-Users as an individual; is collected by Aaruexx UDHP from End-Users (such as, patterns of utilisation described above) and is exclusively owned by Aaruexx UDHP. Aaruexx UDHP may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes. In particular, Aaruexx UDHP reserves the right to use anonymised End-User demographics, medical and related information for the following purposes:

1. Analysing software usage patterns for improving product design and utility.

2. Analysing such information for research and development of new technologies.

3. Using analysis of such information in other commercial product offerings of Aaruexx UDHP.

4. Sharing analysis of such information with third parties for commercial use.

3.5 Aaruexx UDHP will communicate with the End-Users through email, phone and notices posted on the Website/Platform or through other means available through the service, including text and other forms of messaging. The End-Users can change their e-mail and contact preferences at any time by logging into their “Account” at www.aaruexx.me or the Platform/Portals/Mobile Apps and changing the account settings.

3.6 At times, Aaruexx UDHP conducts a User survey to collect information about End-Users’ preferences. These surveys are optional and if End-Users choose to respond, their responses will be kept anonymous. Similarly, Aaruexx UDHP may offer contests to qualifying End-Users in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that Aaruexx UDHP collects in the registration process and through surveys is used to help Aaruexx UDHP improve its Services to meet the needs and preferences of End-Users.

3.7 Aaruexx UDHP may keep records of electronic communications and telephone calls received and made for making appointments or other purposes for the purpose of administration of Services, customer support, research and development and for better listing of Business Users.

3.8 All Aaruexx UDHP employees and data processors, who have access to, and are associated with the processing of Sensitive Personal Data, are obliged to respect the confidentiality of every End-Users’ Personal Data or Sensitive Personal Data and Information. Aaruexx UDHP has put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all Personal Data from the point of collection to the point of destruction. Any third-party data processor to which Aaruexx UDHP transfers Personal Data shall have to agree to comply with those procedures and policies, or put in place adequate measures on their own.

3.9 Aaruexx UDHP may provide End-Users’ Personal Data including Sensitive Personal Data to be shared with third Parties. Aaruexx UDHP requires all third parties to respect the security of End-Users’ Personal Data and to treat it in accordance with the applicable laws and regulations. Third parties are prohibited from using your Personal Data for their own purposes and only permit them to process your Personal Data in accordance with our specific instructions.

To the extent necessary to provide End-Users with the Services, Aaruexx UDHP may provide their Personal Data to third parties as follows:

3.9.1. Affiliated group companies who provide IT and system administration, data processing, product and business development and back-office services.

3.9.2. Healthcare Professionals with whom End-Users have booked appointments through our Website/Platform.

3.9.3. Healthcare Providers/clinics/hospitals/other providers, with whom End-Users availing medical services through our Website/Platform.

3.9.4. Insurance Companies/TPAs with whom End-Users have insurance coverage and claims payment terms.

3.9.5. Corporate Employers, with whom the End-Users are employed

3.9.6. Service providers who provide IT, system administration and payment processing services.

3.9.7. Professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.

3.9.8. Regulatory authorities in the Kingdom of Bahrain who require reporting of processing activities in certain circumstances.

3.9.9. Third parties as part of a re-organisation or a sale of the assets of a Aaruexx UDHP corporation division or company.

4 Casual Visitors Note:

4.1 No Sensitive Personal Data is automatically collected by Aaruexx UDHP from any casual visitors of this website, who are merely perusing the Website.

4.2 Nevertheless, certain provisions of this Privacy Policy are applicable to even such casual visitors, and such casual visitors are also required to read and understand the privacy statements set out herein, failing which they are required to leave this Website/Platform immediately.

4.3 If you, as a casual visitor, have inadvertently browsed any other page of this Website/Platform prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is obtained, collected, processed, stored, used, disclosed or retained, merely quitting this browser application should ordinarily clear all temporary cookies installed by Aaruexx UDHP. All visitors, however, are encouraged to use the “clear cookies” functionality of their browsers to ensure such clearing / deletion, as Aaruexx UDHP cannot guarantee, predict or provide for the behaviour of the equipment of all the visitors of the Website/Platform.

4.4 You are not a casual visitor if you have willingly submitted any Personal Data to Aaruexx UDHP through any means, including email, post or through the registration process on the Website/Platform/Portals/Mobile Apps. All such visitors will be deemed to be, and will be treated as, Users for the purposes of this Privacy Policy, and in which case, all the statements in this Privacy Policy apply to such persons.

5. Confidentiality and Security

5.1 Your Personal Data is maintained by Aaruexx UDHP; in electronic form on its equipment, and on the equipment of its employees/IT Administrators. Such information may also be converted to physical form from time to time. Aaruexx UDHP takes all necessary precautions to protect your Personal Data both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected, the applicable laws and regulations and the nature of Aaruexx UDHP’s business.

5.2 No administrator at Aaruexx UDHP will have knowledge of your password. It is important for you to protect against unauthorised access to your password, your computer and your mobile phone. Be sure to log off from the Website/Platform/Mobile Apps when finished. Aaruexx UDHP does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorised use of your account, you must immediately notify Aaruexx UDHP by sending an email to support@aaruexx.me. You shall be liable to indemnify Aaruexx UDHP due to any loss suffered by it due to such unauthorised use of your account and password.

5.3 Aaruexx UDHP makes User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, in accordance with this Privacy Policy and Terms of Use, and binds only its employees to strict confidentiality obligations, though Third Parties are under contractual obligation to protect Users Personal data.

5.4 Notwithstanding the above, Aaruexx UDHP is not responsible for the confidentiality, security or distribution of your Personal Data by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, Aaruexx UDHP shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Aaruexx UDHP including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.

6. Information by Nature of Service

6.1. End-Users using the Website/Platform/Portals/Mobile apps by registering for an account on the Website or ‘Aaruexx UDHP’ mobile application:

You can create an account by giving us information regarding your [name, mobile number, email address], and such other information as requested on the Registration page. This is to enable us to provide you with the facility to use the account to book your appointments, avail or conduct medical services and store other health related information.

Your personal data is anonymised for other Business Users on the Aaruexx UDHP, until you choose to avail services through any of them on the Website/Platform/Portal/Apps. Providers/Professionals or Business Users, listed in Aaruexx UDHP, may be contacted through the Call/Chat Room feature on the Portal/Mobile Apps, once you have booked or availed services from them at least once, and the records of such calls/chats are recorded and stored in Aaruexx UDHP’s servers. Such calls/chats, and the recordings are dealt with as per the Privacy Policy and your consent to such recordings; is explicit under the consent provided by you under this Privacy Policy. If you choose not to consent to recordings of chats or calls, Aaruexx UDHP hereby reserves the right to not provide you the Services for which such Personal Information is sought. Such records are dealt with only in accordance with this Privacy Policy.

6.2. End-Users using the Website without registering for an account on the Website or ‘Aaruexx 4ME’ mobile application (i.e., ‘Guest’ End-User):

You can use the Website/Apps without registering for an account, but to avail and manage any services on the Platform/Portals/Mobile Apps, you may be asked certain information (including your [mobile number], and such other information as requested when you choose to use the Services without registration) to proceed to use our services. However, the full functionalities and features of the Aaruexx UDHP may not be available until after completing the required registration process.

Providers/Professionals or Business Users, listed in Aaruexx UDHP, may be contacted through the Call/Chat Room feature on the Portal/Mobile Apps, once you have booked or availed services from them at least once, and the records of such calls/chats are recorded and stored in Aaruexx UDHP’s servers. Such calls/chats, and the recordings are dealt with as per the Privacy Policy and your consent to such recordings; is explicit under the consent provided by you under this Privacy Policy. If you choose not to consent to recordings of chats or calls, Aaruexx UDHP hereby reserves the right to not provide you the Services for which such Personal Information is sought. Such records are dealt with only in accordance with this Privacy Policy.

6.3. Health Professionals availing of the free listing service on the Website or ‘Aaruexx DocPro App’ by registering for an account:

As a Health Professional, you may be required to provide us with information regarding your [name, mobile number, email address], and such other information as requested on the Professional Registration Page to create an account. Aaruexx UDHP may send email and/or SMS confirmations, App notifications or other communications to End-Users in connection with their bookings, appointments or other interactions with you, if such, interactions have been facilitated by Aaruexx UDHP.

6.4. Health Professionals availing of the free listing service on the Website or ‘Aaruexx DocPro App’ mobile application without registering for an account:

As a Health Professional, you may avail of the listing service without registering for an account by providing information regarding your [name, mobile number, email address], and such other information as requested by any of Aaruexx UDHP’s employees or agents who contact you in person or by telephone. In such event, Aaruexx UDHP will maintain this information if and until you choose to register for an account, for which Aaruexx UDHP may contact you from time to time. Aaruexx UDHP will, after such information is collected from you, send you a confirmation email confirming the information provided and the fact that you will be listed on the Website/Platform/Portals/Mobile Apps. In the event you do not wish to be so listed, please inform Aaruexx UDHP immediately at support@aaruexx.me.

6.5. Healthcare Providers using the ‘Provider Portal’ and/or ‘DocPro App’ products:

You will be required to create an account and may be required to provide Aaruexx UDHP with information regarding your [name, mobile number, email address, digital signature], and such other information as requested by Aaruexx UDHP on the Provider Portal and/or DocPro App Providers/Professionals registration page, in order to complete your registration. Providers/Professionals agrees to the use of the digital signature in the prescription and clinical notes as the regulatory requirements. Aaruexx UDHP will not access the said digital signature for any other purpose under any circumstance. Upon registration, Aaruexx UDHP will access non-personally identifiable information of your patients from your patient records. You agree to make your patients fully aware of such access.

Aaruexx UDHP reserves the right to extend and ‘priority’ or ‘favoured status’ functionality to you at its sole discretion, based on the number of End-User appointments being honoured by you. Aaruexx UDHP shall intimate you of the extension or withdrawal of such facility.

You have an option to receive ‘End-User Feedback’. Feedback from End-Users is available to you for further action and responses on the Aaruexx UDHP Platform/Portals/Mobile Apps. Aaruexx UDHP will have access to such feedback, to provide analytics and monitor quality of its services. End-Users may choose to send feedback anonymously too, in which case you agree that you have no objection to such anonymous feedback. Aaruexx UDHP’s feedback system also sends an SMS and email to the patient(s) asking for feedback, which may then be published as ratings on the Platform. You agree to make your patients fully aware of the possibility of their receiving such feedback queries.

6.6. Healthcare Providers/Health Professionals using the ‘Aaruexx UDHP Premium’ product:

You will be required to create an account and may be required to provide Aaruexx UDHP with information regarding your [name, mobile number, email address], and such other information as requested by Aaruexx UDHP on the ‘Aaruexx UDHP PremiumProviders/Professionals registration page, in order to complete your registration.

6.7. Insurance/TPA and Corporate Employers using the Aaruexx UDHP platforms:

You will be required to create an account and register as a Business User and provide such information as mentioned on the Business Registration page, and such information as requested by Aaruexx UDHP, in order to complete your registration.

6.8. End-Users availing the Services from Healthcare Providers/Health Professionals who have been provided the “Affiliate” badge by Aaruexx UDHP

You consent to data pertaining to the treatment taken by you including medical records to be shared with Aaruexx UDHP for the limited purpose of effectively providing the Services to the End-Users.

Table of Contents | جدول المحتويات

This Privacy Policy is issued in compliance with the relevant Laws of the Kingdom of Bahrain:

Help

Follow us