Privacy and Terms of Use
The Saudi Commission for Health Specialties (SCFHS) prioritizes personal data protection and complies with the Personal Data Protection Law issued by Royal Decree No. M/19 (dated 09/02/1443 H), as amended by Royal Decree No. M/148 (dated 05/09/1444 H), along with its implementing regulations.
It is important for the beneficiary to be informed about the types of data collected by the Saudi Commission for Health Specialties (SCFHS), the purpose of its collection and processing, and how it is used in accordance with the Personal Data Protection Law and its regulations in force in the Kingdom. Based on this principle, the Privacy Notice has been drafted.
SCFHS encourages its service beneficiaries to regularly review the Privacy Notice to stay informed of any updates.
Your visit to the SCFHS website and use of its platforms indicate your acknowledgment and acceptance of the contents of this Privacy Notice and any updates to it, except in cases where the Personal Data Protection Law specifies that processing personal data does not require consent.
1. Types of Collected Personal Data
SCFHS collects minimal necessary personal data in accordance with the Personal Data Protection Law. Data categories include:
- Basic Information: Full name, gender, marital status.
- Contact Information: Phone numbers, email, and home address.
- Account Information: Usernames and passwords for SCFHS platforms.
- Educational and Training Information: Education and professional qualifications.
- Financial Information: Account details for payment purposes.
- Professional Experience: Career history.
- Inquiries: Questions or feedback provided by users.
- Geolocation: Occasionally, with consent, for specific services.
- Internet Information: IP address used for platform access.
2. Purpose and Collection of Personal Data
The Saudi Commission for Health Specialties (SCFHS) is committed to collecting and processing your personal data in accordance with the provisions and regulations of the Personal Data Protection Law. The collection and processing of your personal data are essential to provide the highest level of service. Your personal data is collected directly or indirectly depending on the service provided to you. The methods of personal data collection include:
Direct Methods:
- Personal data collected for service registration, or to follow up on inquiries, suggestions, or complaints submitted by the user.
- Communication: When engaging with SCFHS through communication channels.
- Suggestions or complaints
- Paper registration forms
- Electronic services
Indirect Methods:
- Data provided to us by other entities, such as governmental or private entities that support or provide services to SCFHS beneficiaries.
Data automatically recorded when you visit the SCFHS website or related electronic platforms
3. Use of Personal Data
Personal data is utilized for:
- Service delivery and improvement
- Health sector studies
- User inquiries response
- User experience enhancement
- User identity authentication
4. Sharing of Personal Data
In accordance with the SCFHS Data Sharing Policy, we may share your necessary personal data with authorized governmental or non-governmental entities that perform government services for specific purposes based on legal grounds or justified operational needs intended to serve the public interest, without compromising national interests or individual privacy. When sharing your personal data, we ensure it is done within a secure and reliable environment, following the Personal Data Protection Law and its regulations. SCFHS also takes additional steps to protect your personal data by entering into data-sharing agreements with other entities under specific terms and conditions that align with data sharing and exchange principles.
5. Legal Basis for Data Collection and Processing
We collect and process your personal data based on the following legal grounds:
Regulatory Compliance: Adherence to the Personal Data Protection Law issued by Royal Decree No. M/19 dated 09/02/1443 H, as amended by Royal Decree No. M/148 dated 05/09/1444 H.
6. Cross-Border Data Transfer
According to the general rules for cross-border transfer of personal data issued by the National Data Management Office, your personal data will be stored and processed securely within the geographic boundaries of the Kingdom of Saudi Arabia to ensure the protection of national digital sovereignty. Exceptions apply only in cases specified under Article 29 of the Personal Data Protection Law and its regulations when it is necessary to transfer or process data outside the Kingdom’s borders.
User Rights
Users have the right to:
- Right to Be Informed: This includes being informed of the legal basis for collecting personal data and the purpose of its collection.
- Right to Request Access: The right to request a readable and clear copy of personal data held by the Saudi Commission for Health Specialties, in accordance with the Personal Data Protection Law and its regulations.
- Right to Request Correction: The right to request correction, completion, or updating of personal data held by the Saudi Commission for Health Specialties.
- Right to Object: The right to object to and withdraw consent for the processing of personal data at any time, unless there are legitimate reasons that necessitate otherwise.
- Right of Access: The right to access personal data held by the Saudi Commission for Health Specialties, in accordance with the Personal Data Protection Law and its regulations, without prejudice to the provisions in Article 9 of the Personal Data Protection Law.
Do you have any questions regarding the Privacy Notice?
If you have any inquiries or requests regarding your rights related to the processing of your personal data, or about the content of the Privacy Notice in general, you may contact the Data Management Office at the Saudi Commission for Health Specialties.
Contact for Privacy Inquiries
For questions about this Privacy Notification or personal data rights, contact the SCFHS Data Management Office:
- Email: data.office@scfhs.org.sa
Relevant Legislation and Policies
For more information on the policies mentioned here, please refer to resources from the National Data Management Office and the Cybersecurity Authority.