Health and Wellbeing Privacy Notice for Patients
We are committed to protecting the personal information of every patient who interacts and engages with NEOM Health and Wellbeing services.
This Notice, governed by the Personal Data Protection Law of Saudi Arabia, explains how we responsibly and lawfully collect and use your information, and how we protect your privacy.
This Notice should be read together with NEOM’s Privacy Policy.
We have four documents that set out our key terms:
- This Health and Wellbeing Privacy Notice for Patients;
- NEOM’s Privacy Policy, which sets out the general terms on which NEOM processes any personal information; and
- NEOM’s Cookie Policy, which explains when and how NEOM collects your cookies when you visit our Platforms.
- NEOM’s Terms of Use, which governs access and use of NEOM’s websites and domains.
ABOUT NEOM
We are NEOM Company, and this is Health and Wellbeing.
NEOM Health and WellBeing will pioneer healthcare by implementing groundbreaking systems, regulations and infrastructure. NEOM's experts are at the forefront of the shift toward human-first medical treatment.
Dr. Mahmoud Alyamani
Sector Head
NEOM is a company incorporated in the Kingdom of Saudi Arabia with commercial registration number 1010504644 and having its registered address at:
The Information Technology and Communications Complex (ITCC)
2nd Floor Building IN-01
Al Nakheel District 12382
Riyadh, P.O. Box 10, 11411,
Kingdom of Saudi Arabia
If you have any concerns or questions about how we look after your Personal Data, contact our Data Privacy Office at the following email address:
Email: data.privacy@neom.com
What Personal Data Do We Collect
Personal data is any data, regardless of its source or form, that identifies a person, or may make the identification of a person possible, such as a patient of Health and Wellbeing. Health and Wellbeing processes the following personal information:
- Personal identifiers: such as a person’s name, age and contact details.
- Health data: such as any personal data related to a person’s health condition, whether their physical, mental or psychological conditions, or related to health services received by that person. This includes things like X-Rays, scans and laboratory tests.
- Genetic data: such as personal data related to the hereditary or acquired characteristics of a person that uniquely identifies their physiological or health characteristics, derived from biological sample analysis, such as from DNA or other testing.
- Audio-visual media: such as images and other media observed during a video consultation service with us.
- Employer details: such as when providing occupational health services or providing an employer with a medical report.
- Browser data: such as your IP address and browsing behavior from our website and any supporting apps you may use - please see more in our cookie section.
- Health insurer details: such as insurance provider, and policy number.
- Feedback: such as information from returned patient questionnaires and surveys, compliments, complaints, and incidents.
- Communication and correspondence records: such as when we contact you with only relevant updates including appointment details or information about your treatment.
- CCTV: such as recordings and images captured in and around our clinics and facilities.
The Purposes for Processing your Personal Data
We process personal data, including Health Data, to provide Health Services to patients.
Health Services are services related to the health of individuals, such as a patient, including preventive, curative, rehabilitative and hospitalizing services, and providing patients with medicine.
We rely on a legal basis for processing Health Data, and other personal data required, for Health Service purposes: this is to protect public health and public safety, and to protect the life and health of our patients.
In other less routine circumstances, we may process personal data to protect the vital interests of a person or protect someone from any harm. In exceptional circumstances we may process personal data if required by Saudi Law, or for security purposes, or to fulfil judicial requirements, or to achieve a public interest.
From time to time we may rely on consent for services which are not related to Health Services. In such circumstances we will record your consent and a separate notice will be provided to you which will include details on how to withdraw consent.
Lastly, we rely on legitimate interests to process personal data when it’s necessary to provide a safe and secure physical environment.
We will only process personal data relying on the legal bases set out above.
Providing Personal Data to NEOM
We need to process your personal data for reasons we have set out above.
The collection of your personal data is mandatory for the provision of Health and Wellbeing services and performing all associated tasks; it follows that without collecting and processing personal data, Health and Wellbeing cannot provide a patient with Health Services, or perform any number of the other tasks outlined in this Notice.
Health and Wellbeing only collects that personal data required to achieve the purposes and tasks outlined in this Notice.
Personal data is collected by Health and Wellbeing in a number of ways including:
- When you register as a patient and provide information.
- When you engage with Health and Wellbeing personnel.
- When you engage in a consultation with a clinician.
- Through tests, results, clinical observation, and clinical analysis.
- When you complete forms or electronic forms on our website.
- When you submit feedback or submit a complaint.
Storage and Destruction
Personal data is only stored for as long as it is necessary to fulfil the purposes for which it was collected. Personal data is retained for defined retention periods in line with regulatory, legal, and professional body standards and guides.
Who We Share your Personal Data with
We may rely on third parties who provide elements of services on behalf of Health and Wellbeing; this includes data processors who will provide Health Services on behalf of NEOM Health and Wellbeing. We have contracts in place with our data processors. This means that they cannot do anything with your personal information without instruction from us. We share personal information in compliance with applicable laws and regulations. If we share your information with other organizations, we make sure any recipient organization has appropriate data protection safeguards and measures in place.
In some circumstances we are legally obliged to share information. For example, under a court order or where we cooperate with regulators or supervisory authorities in handling complaints or investigations. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.
Your personal data will not ordinarily be transferred, disclosed, or processed outside the Kingdom. Personal information, such as Health Data, may, however, be shared with NEOM-contracted healthcare providers for the provision of Health Services to ensure, for example, continuity of care and patient safety.
Your Data Privacy Rights
Patients can exercise privacy rights, under certain circumstances, pursuant to the Kingdom’s Privacy Laws and Regulations. These rights are not absolute and are subject to qualifications.
Right to be Informed: You have the right to be provided about how we use your personal data, and about your rights.
Right of Access: You have the right to access your Personal Data.
Right of Request: You have the right to request a copy of your Personal Data in a readable and clear format.
Right to Correction: You have the right to request the correction of your personal data.
Right to Destruction: You have the right to request the destruction of your personal data.
You can exercise any of these rights, ask questions about how we use your personal data, or complain by contacting us at:
Email: data.privacy@neom.com
