This policy is also applicable for any information collected from guests and employees using offline/paper based forms.
We take the protection of your personal and sensitive data seriously, and treats your data in accordance to applicable data protection regulations.
This policy should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing Personal Data.
Data we collect
Information requested and collected by us :
As part of our legitimate business use, and for the purpose of providing our services, we must and do collect and process the following categories of personal data about our patients.
Personally Identifiable Information
CPR, Passport copies
Mobile number, Email ID
Bank details, card payment slips, insurance card copy
Sensitive personal information
Health information, vital information, previous medical history, treatment consent forms, diagnosis information, laboratory reports, medical prescriptions, consultation details, treatment/surgery details.
CCTV in Medical Facility premises
When you visit our premises, we may also collect information about you on CCTV as part of our security and crime prevention measures.
Customer care call, chat & email records are maintained for quality assurance.
Personal data collected and processed by us is restricted to the minimum information that we require in order to provide services to our customers, or to comply with any regulatory provisions or directions as may apply. Not having this information could result in our inability to provide the services requested by our customers or could affect the quality of those services.
Information that you provide voluntarily:
We collect personal data that you provide voluntarily through our website: for example, when completing online forms to contact us or subscribing to a newsletter.
Personal data we collect may include:
Job title, level, job function or role
Company or organization
Contact information, including email address and telephone numbers
Demographic information, such as industry, country, appointment requirements
Information pertinent to fulfilling our services to you
Any other personal data that you voluntarily provide to us.
We do not intentionally collect sensitive personal data.
Information provided by you on behalf of a wholly or partially incompetent data owner shall be considered within the limits of the law if you are the legal guardian, executor or custodian.
Information that we collect automatically
When you visit our website, we collect certain personal data automatically through cookies from your device such as:
Your IP addresses
Browser type, broad geographic location (on a country or city level)
Other technical information.
We also collect information about how your device has interacted with our site, including web pages accessed and links clicked. Collecting this information enables us to better understand visitors who come to our website, such as where they come from and what content on our website is of interest to them. We use this information for internal analytics and to improve the quality and relevance of our website for our visitors.
Our use of your Personal Data :
We may process your personal data for any or all of the following purposes :
To provide services to you (including patient care, pharmacy, lab etc.) .
To administer our relationship and maintain contractual relations .
For billing, accounting and tax purposes .
For marketing and business development .
To comply with our legal and regulatory obligations .
To establish, exercise or defend legal rights .
To enhance our Medical Facility network services .
For historical and statistical purposes .
For credit check and fraud prevention purposes .
For research, analytics and enhancement of network services .
Legitimate bases for processing personal data of a customer of KIMSHEALTH:
We rely upon the following legitimate bases to process your personal data:
Explicit consent from you.
Compliance with a legal or regulatory obligation.
To perform our obligations under a contractual arrangement with you.
Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights). .
We only provide mobile numbers to marketing agencies for product and service updates. Kindly note mobile numbers are not shared along with other personally identifiable information (including name or email ID).
You can ask us to stop sending you marketing messages at any time by contacting our customer services team at by emailing dpo.bh@KIMSHEALTH.org.
Data disclosure :
We will only disclose your personal data to third-parties outside of KIMSHEALTH in the following circumstances :
When explicitly requested by you
To perform our obligations under a contractual arrangement with you, or
As compelled by a court order or by any other legal or regulatory requirement.
Third-party recipients of personal data may include:
Professional advisors such as law firms, tax advisors or auditors
Insurers and Third Party Administrators
National Health and Regulatory Authority
Tax and customs and excise authorities
National Bureau of Taxation
Providers of identity verification services
Credit reference agencies
The courts, police and law enforcement agencies
Government departments and agencies
External Lab Service providers
Data retention :
Once registered, your personal data will be stored with us in both physical and digital formats.
Our policy is to retain personal data only for as long as it is needed. Retention periods are set in accordance with local regulatory and professional retention requirements to meet our professional and legal requirements, to establish, exercise or defend our legal rights, and for archival purposes.
For historical statistical analysis, we may need to retain information for significant periods of time after suitably anonymizing the information.
Transfer of data outside Bahrain :
Bahrain’s Personal Data Protection Law 2018 sets out the circumstances under which personal data may be transferred outside of Bahrain. We may store/process personal data outside Bahrain, only in countries and territories that provide adequate legislative and regulatory protection for personal data and countries approved by PDPA. Except in the circumstances described in Section 5 above (“Data Disclosure”), where you have explicitly consented to your personal data being disclosed to any third party or parties, we will only disclose your personal data to such third party or parties where they have undertaken, in advance and in writing, to maintain the confidentiality, integrity and security of the personal data concerned, in accordance with applicable laws.
Our data security measures :
Our Data Managers are responsible for ensuring the application of technical and organizational measures capable of protecting personal data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access, or any other form of processing.
We have instituted security measures for providing an appropriate level of security aligned to the nature of the data being processed, and the risks that may arise from this processing. Our various security measures include encryption, firewalls and access controls. Data is shared within KIMSHEALTH (including Doctors, Nurses, Administration departments, Insurance departments, customer support agents, etc.) on a need to know basis and under strict confidentiality arrangements.
Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of data against all threats. We have implemented suitable measures to identify, monitor and report any breaches to personal data in line with the requirements of the law.
Your legal rights :
Under the provisions of the law, you are provided with the following rights in relation to the processing of your personal data. To exercise your rights under the law, you may be required to authenticate yourself with adequate proof of identity.
Right to enquire - You have the right to request and obtain information on your personal data that we hold and the purpose for which it is maintained by us
Right to object- You have the right to object for collection, storage or retention of your personal data that we process.
Right to Demand rectification- You have the right to request to rectify, block or erase your personal data, as the case may be, if the processing thereof is done in contravention of the provisions of the law, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.
Right to withdraw consent- At any time, subsequent to providing consent, you have the right to withdraw the consent provided. Withdrawal of consent will be applicable to future use of the personal data and will not in any way impact legitimate use of the personal information prior to the withdrawal of the consent. Withdrawal of consent to process certain mandatory personal data related to services provided by KIMSHEALTH may result in our inability to continue the provision of those services.
Right to Complain- You may submit a complaint to the Authority, if you have reason to believe that any violation of the provisions of this privacy law has occurred or that we are processing personal data in contravention of its provisions.
Your Responsibilities :
We are required by law to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights) prior to processing any requests from you, to ensure that your personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
It is important that the Personal Data we hold about you is accurate and up-to-date. It is your obligation to keep us informed if your Personal Data changes during your relationship with us, by visiting our Medical Facility or by contacting our customer care services.
Complaints and Objections :
We take your privacy seriously.If you believe that there has been an alleged breach of privacy of your personal data,
please reach out to us on any of the undermentioned channels:
Through our Customer Services team at our Medical Facility; or
Email : dpo.bh@KIMSHEALTH.org
We appreciate the chance to deal with your concerns and are committed to resolving them in an efficient and timely manner.