شركة صناع الغد المحدودة
شركة صناع الغد المحدودة

Privacy Policy

Sounaa Al Ghad Company Limited

Introduction and Commitment

Sounaa Al Ghad Company Limited is deeply committed to protecting the privacy and security of personal data for all individuals who interact with our services. This Privacy Policy explains our practices regarding the collection, use, storage, and sharing of personal information in compliance with Saudi Arabia’s Personal Data Protection Law (PDPL) and other applicable regulations.

This policy applies to all personal data collected through our three business divisions: Khatwat AlGhad Medical Center (KGMC), Khatwat AlGhad for Primary Care and Autism Center, and Manahil Al Ghad International Schools.

  1. Information Collection

We collect various types of personal information necessary to provide high-quality medical, educational, and administrative services:

General Personal Information:

  • Identification details: names, dates of birth, gender, nationality
  • National identification numbers, passport information
  • Contact information: addresses, email addresses, phone numbers
  • Photographs for identification, medical records, or school documentation
  • Family and emergency contact information

Sensitive Personal Data:

  • Medical Information:Complete health histories, diagnoses, treatments, prescriptions, laboratory results, imaging reports, insurance details, and other health-related data necessary for providing medical care
  • Educational Information:Academic records, performance assessments, attendance records, disciplinary records, learning difficulties, special educational needs, and related educational data
  • Biometric Data:When collected for security or attendance purposes, always with explicit consent

Financial Information: Payment details, billing information, insurance policy data, and tuition payment records.

Technical Data: IP addresses, browser information, website usage patterns collected through cookies and similar technologies.

  1. Information Collection Methods

Personal data is collected through multiple channels:

Direct Collection: Through forms, registrations, appointments, enrollments, and direct communications via phone, email, or in-person interactions.

Third-Party Sources: From healthcare providers, educational institutions, insurance companies, government authorities, and publicly available sources, always in accordance with applicable laws.

Automated Technologies: Through websites and applications using cookies and tracking technologies to collect technical usage data.

  1. Information Use and Legal Basis

We process personal data based on specific legal grounds under the PDPL:

Consent: Where explicit consent is provided for specific processing purposes, particularly for marketing activities or processing sensitive data beyond core service delivery.

Contract Performance: For fulfilling contractual obligations, such as providing medical treatment or educational services.

Legal Obligations: For compliance with healthcare regulations, educational requirements, and other legal mandates.

Legitimate Interests: For administrative purposes, security, service improvement, and other legitimate business interests that do not override individual rights.

Vital Interests: For protecting health and safety in emergency situations.

Service-Specific Uses:

Medical Services: Providing diagnoses and treatments, managing appointments, maintaining medical records, processing insurance claims, ensuring patient safety, and complying with Ministry of Health regulations.

Educational Services: Processing admissions, delivering instruction, monitoring academic progress, managing attendance and discipline, communicating with parents, organizing school activities, ensuring student safety, and complying with Ministry of Education requirements.

  1. Information Sharing and Disclosure

Personal data may be shared with specific categories of recipients under appropriate safeguards:

Internal Sharing: Between business units when necessary for administrative purposes or integrated service delivery, consistent with original collection purposes.

Healthcare Professionals: With other providers involved in patient care, including specialists, laboratories, pharmacies, and hospitals, with appropriate consent.

Educational Authorities: With Ministry of Education, accreditation bodies, or other schools for transfers, verification, or regulatory compliance.

Service Providers: Third-party vendors providing IT support, data storage, payment processing, and other services under strict contractual obligations.

Government Authorities: When required by law, court orders, or regulatory requirements, including PDPL compliance and ministry directives.

Insurance Companies: For billing and claims processing with appropriate consent.

Legal and Professional Advisors: Our attorneys, auditors, and other professional consultants.

We do not sell, rent, or trade personal data to third parties for independent marketing purposes without explicit consent.

  1. Data Security Measures

We implement comprehensive technical and organizational security measures:

Technical Safeguards: Encryption for data in transit and at rest, access controls restricting data access to authorized personnel, network security including firewalls and intrusion detection, and regular security assessments.

Administrative Safeguards: Employee training on privacy and security, background checks for personnel with sensitive data access, confidentiality agreements, and incident response protocols.

Physical Security: Protection of premises and data storage facilities with appropriate access controls and monitoring systems.

  1. Data Retention

Personal data is retained only as long as necessary for the purposes collected, including legal and regulatory requirements. Retention periods vary by data type and regulatory obligations:

Medical Records: Retained according to Ministry of Health requirements, typically for extended periods to ensure continuity of care and regulatory compliance.

Educational Records: Maintained according to Ministry of Education regulations, with core academic records retained for extended periods and some information disposed of according to established schedules.

  1. Individual Rights Under PDPL

As data subjects in Saudi Arabia, individuals have specific rights regarding their personal data:

Right to Know: Understanding what data we collect, processing purposes, and processing details.

Right to Access: Requesting copies of personal data we hold, subject to certain legal exceptions.

Right to Correction: Requesting correction of inaccurate, incomplete, or outdated information.

Right to Erasure: Requesting deletion of personal data when no longer necessary or when consent is withdrawn and no other legal basis exists.

Right to Withdraw Consent: Withdrawing consent for processing based on consent, without affecting previous lawful processing.

Right to Object: Objecting to processing in certain situations, particularly for direct marketing.

Right to Data Portability: Requesting personal data in structured, machine-readable format for transmission to other controllers.

Right to Complain: Lodging complaints with the Saudi Data & AI Authority (SDAIA) for PDPL violations.

To exercise these rights, contact us using the information provided below. Identity verification may be required before fulfilling requests.

  1. Children’s Privacy

Given our educational and pediatric medical services, we are particularly committed to protecting children’s privacy:

Consent Requirements: For children under 15, we obtain explicit parental or guardian consent for data collection and processing, unless legally permitted otherwise (such as medical emergencies).

Adolescent Consent: For children 15 and above, consent may be obtained directly when they can understand the implications, in addition to parental consent where required by specific regulations.

Data Minimization: Children’s data collection is limited to what is necessary for service provision and handled with enhanced security measures.

  1. International Data Transfers

Personal data may be stored or processed outside Saudi Arabia only when adequate safeguards are in place as required by law, including appropriate contractual protections and regulatory approvals.

  1. Policy Updates

This Privacy Policy may be updated to reflect changes in practices or legal requirements. Material changes will be communicated through appropriate channels, and continued service use constitutes acceptance of revised policies. Regular review is encouraged to stay informed about our privacy practices.

  1. Contact Information

For questions, concerns, or requests regarding these Terms and Conditions or Privacy Policy, please contact:

Sounaa Al Ghad Company Limited Riyadh, Kingdom of Saudi Arabia

General Inquiries: info@s-alghad.com, +966552240494 Privacy Matters: info@s-alghad.com