We take the protection of your personal and sensitive data seriously, and treats your data in accordance to applicable data protection regulations.
This policy should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing Personal Data.
As part of our legitimate business use, and for the purpose of providing our services, we must and do collect and process the following categories of personal data about our patients.
|Data Class||Personal Data|
|Personally Identifiable Information||CPR, Passport copies|
|Contact information||Mobile number, Email ID|
|Financial information||Bank details, card payment slips, insurance card copy|
|Sensitive personal information||Health information, vital information, previous medical history, treatment consent forms, diagnosis information, laboratory reports, medical prescriptions, consultation details, treatment/surgery details.|
|CCTV in Medical Facility premises||When you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.|
|Customer support||Customer care call, chat & email records are maintained for quality assurance.|
Personal data collected and processed by us is restricted to the minimum information that we require in order to provide services to our customers, or to comply with any regulatory provisions or directions as may apply. Not having this information could result in our inability to provide the services requested by our customers or could affect the quality of those services.
We collect personal data that you provide voluntarily through our website: for example, when completing online forms to contact us or subscribing to a newsletter.
Personal data we collect may include:
We do not intentionally collect sensitive personal data.
Information provided by you on behalf of a wholly or partially incompetent data owner shall be considered within the limits of the law if you are the legal guardian, executor or custodian.
When you visit our website, we collect certain personal data automatically through cookies from your device such as:
We may process your personal data for any or all of the following purposes :
We rely upon the following legitimate bases to process your personal data:
We only provide mobile numbers to marketing agencies for product and service updates. Kindly note mobile numbers are not shared along with other personally identifiable information (including name or email ID).
You can ask us to stop sending you marketing messages at any time by contacting our customer services team at by emailing dpo.bh@KIMSHEALTH.org.
We will only disclose your personal data to third-parties outside of KIMSHEALTH in the following circumstances :
Third-party recipients of personal data may include:
Once registered, your personal data will be stored with us in both physical and digital formats.
Our policy is to retain personal data only for as long as it is needed. Retention periods are set in accordance with local regulatory and professional retention requirements to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archival purposes.
For historical statistical analysis, we may need to retain information for significant periods of time after suitably anonymizing the information.
Bahrain’s Personal Data Protection Law 2018 sets out the circumstances under which personal data may be transferred outside of Bahrain. We may store/process personal data outside Bahrain, only in countries and territories that provide adequate legislative and regulatory protection for personal data and countries approved by PDPA. Except in the circumstances described in Section 5 above (“Data Disclosure”), where you have explicitly consented to your personal data being disclosed to any third party or parties, we will only disclose your personal data to such third party or parties where they have undertaken, in advance and in writing, to maintain the confidentiality, integrity and security of the personal data concerned, in accordance with applicable laws.
Our Data Managers are responsible for ensuring the application of technical and organizational measures capable of protecting personal data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access, or any other form of processing.
We have instituted security measures for providing an appropriate level of security aligned to the nature of the data being processed, and the risks that may arise from this processing. Our various security measures include encryption, firewalls and access controls. Data is shared within KIMSHEALTH (including Doctors, Nurses, Administration departments, Insurance departments, customer support agents, etc.) on a need to know basis and under strict confidentiality arrangements.
Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats. We have implemented suitable measures to identify, monitor and report any breaches to personal data in line with the requirements of the law.
Under the provisions of the law, you are provided with the following rights in relation to the processing of your personal data. To exercise your rights under the law, you may be required to authenticate yourself with adequate proof of identity.
We are required by law to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) prior to processing any requests from you, to ensure that your personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
It is important that the Personal Data we hold about you is accurate and up-to-date. It is your obligation to keep us informed if your Personal Data changes during your relationship with us, by visiting our Medical Facility or by contacting our customer care services.
We take your privacy seriously.If you believe that there has been an alleged breach of privacy of your personal data,
please reach out to us on any of the undermentioned channels:
We appreciate the chance to deal with your concerns and are committed to resolving them in an efficient and timely manner.