Privacy Policy

1. Introduction

This policy covers the processing of personal data whether through our website or during the provision of services at TAM Dental Clinics branches (“we,” “the Clinics”). The Clinics are committed to implementing the provisions of the Saudi Personal Data Protection Law (PDPL), issued by Royal Decree No. M/19 dated 9 Safar 1443H, and its amended Implementing Regulations effective from 1 September 2024.

 

2. Definitions
  • Personal Data: Any information that identifies or makes an individual identifiable.
  • Processing: Any operation performed on data, such as collection, storage, transfer, or destruction.
  • Data Subject: The individual to whom the personal data relates.
  • Controller: TAM Dental Clinics, responsible for determining the purposes and means of processing.

 

3. Scope of Application

This policy applies to all personal data we collect from:

  • Website and mobile app visitors
  • Patients and their legal guardians
  • Representatives of affiliated companies (e.g., insurance providers, laboratories)

 

4. Types of Data We Collect

Category

Examples

Purpose

Identity Data

Name, National ID number, Date of birth

Opening patient file and verifying eligibility

Contact Data

Phone number, email address, postal address

Appointment confirmations, notifications

Health Data

Medical history, X-rays, treatment plans

Providing care, complying with Ministry of Health regulations

Financial Data

Insurance details, payments

Processing invoices

Technical Data

IP address, browser type, cookies

Website optimization, cybersecurity

 
5. Sources of Data Collection
  • Directly from the data subject through forms or communication
  • From caregivers or legal guardians
  • From third parties such as insurance companies
  • Automatically through cookies and similar technologies

 

6. Legal Bases for Processing

We process your data based on one of the following legal grounds under PDPL:

  • Contractual necessity: To provide dental services
  • Legal obligation: To comply with Ministry of Health and other regulatory requirements
  • Legitimate interest: To improve our services and prevent fraud
  • Consent: For optional activities like direct marketing, which can be withdrawn at any time

 

7. How We Use Your Data
  • Managing appointments and treatment plans
  • Communicating test results or medication instructions
  • Processing insurance claims
  • Enhancing website content and performance analytics
  • Sending awareness or marketing messages (optional)

 

8. Data Sharing

We only share your data in the following cases:

  • With affiliated doctors or laboratories to complete treatment
  • With insurance companies to settle claims
  • With government authorities as legally required
  • With cloud service providers located inside the Kingdom or in countries with adequate protection levels, while ensuring appropriate safeguards are in place

 

9. Cross-Border Data Transfers

We will not transfer your data outside the Kingdom except in accordance with the Data Transfer Regulation issued by the Saudi Data and AI Authority (SDAIA), which requires either an equivalent level of protection or contractual safeguards and approved security measures.

 

10. Data Retention
  • Medical records are retained for at least 10 years from the date of the last visit, in accordance with Ministry of Health policy
  • Marketing data is deleted after 24 months if no interaction occurs
  • Retention periods are reviewed regularly to ensure compliance with minimum necessary duration

 

11. Your Rights Under the PDPL

You have the right to:

  • Access your data and obtain a copy
  • Correct or update inaccurate data
  • Request deletion when no longer legally necessary
  • Object to processing or withdraw consent
  • Request data portability to another service provider when technically feasible

You may exercise these rights by contacting us as outlined in Section 15

 

12. Cookies

Our website uses cookies to enhance user experience, including:

  • Session cookies: deleted after browser is closed
  • Preference cookies: retained for 12 months

You can disable cookies in your browser settings, although this may affect some site features

 

13. Children’s Data

We do not intentionally collect data from children under 13 without guardian consent and only to the extent required to provide the service

 

14. Data Breach Notification

If a data breach likely to harm your data occurs, we will notify the relevant authorities and the Ministry of Health within 72 hours of discovery, and we will inform you using appropriate methods

 

15. Data Protection Officer & Contact

If you have any questions or wish to exercise your rights, please contact us:

 

16. Policy Updates

We may update this policy from time to time. An updated version will be published in the website footer with the effective date. Updates take effect 30 days after publication unless stated otherwise.