This Privacy Policy provides you with information on how Waseel ASP (“Waseel”, “we”, “us”, “our”) collects and processes Personal data that we may obtain from you. Waseel values your trust and is committed to the responsible management, use and protection of your personal data. 

About us

Waseel was established in 2003 in Saudi Arabia, and is a leading HealthTech company revolutionizing healthcare through innovative digital solutions. By enhancing interoperability, streamlining operations, and fostering a patient-centric approach, Waseel bridges gaps in the healthcare system to better serve providers, payers, and patients.

If you have any questions or concerns regarding our use of your personal data, or if you wish to exercise any of your rights described in this Privacy Policy, please contact our Data Protection Officer at myprivacy@waseel.com.

Not covered by this Policy

This Privacy Policy does not apply to job applicants, students, interns,  our employees and non-employee workers whose personal data is subject to different privacy notices and are provided in the context of employment or upon submitting an application. Employees and non- employee workers should speak to HR or refer to the Waseel Employee Privacy Notice and job applicants (including paid interns) should refer to the Waseel Candidate Privacy Notice.

Definitions

“Applicable Laws” means the applicable privacy and data protection legislation in your jurisdiction.

“Data subject” means the individual to whom the personal data relates, i.e., you.

“External stakeholders” means former, current, and prospective customers, suppliers of goods or services, government or public officials, or other stakeholders that Waseel interacts with, as part of its business activities.

“Personal data” means any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, such as; name, personal identification number, addresses, contact numbers, license number bank and credit card numbers, photos and videos of an individual, and any other data of personal nature, including any sensitive data as defined under Applicable Laws.

“PDPL” means the Personal data Protection Law.

“Sensitive data” means any racial or ethnic origin, or religious, intellectual or political belief, data relating to security criminal convictions and offenses, biometric or genetic data for the purpose of identifying the person, health data, and data that indicates that one or both individual’s parents are unknown.

What personal data do we collect?

We may collect, store and use personal data or categories of personal data described in the table below, that is mandatory for our business purposes. There is some information, such as sensitive data that may be collected indirectly, such as through CCTV. This information will generally be received either from you personally or from the company with whom you are working.

Type of personal data	Description of the personal data
Contact and communications information	your contact details (including email address, telephone number, and postal address); the company with whom you work for; records of communications and interactions we have with you.   This information is mandatory.
Government identifiers	national ID number to verify identity, this information is mandatory, if required; Iqama to verify identity, this information is mandatory, if required.
Usage data	internet or other electronic network activity Information including, but not limited to, your interaction with our website or email communication. Some information is mandatory, as it comes via our use of strictly necessary cookies.   For more information on cookies, see below.
Geolocation data	precise geographic location information about a particular individual or device. This information is optional, and we will ask for your consent to collect such data through cookies.
Audio and or video	audio, electronic, visual, or similar such as, CCTV footage, or photographs, if you physically visit any of our locations or participate in any live or virtual events that may be  recorded.   This information is mandatory as the use of CCTV is required for prevention and detection of crime, and health and safety reasons, at Waseel premises.
Cookies	See below for more information and visit our Cookies Policy on our website Strictly necessary cookies are mandatory collection required to function our website.
Sensitive data, such as (much of this may be collected indirectly, such as via CCTV, as mentioned):	ethnicity, or race; religion; health information; §  information required for investigation of an incident or allegation (which may include sensitive data).   This information will be mandatory, as there is indirect collection, (for example religious clothing worn and captured on CCTV can confirm someone’s religion, or where required for the individuals’ vital interests, and or legal or regulatory reasons.
Voluntary information	This information is optional and freely provided by you, and not necessarily requested or required by us.

 

Children’s personal data

Our website or business is not designed for children, and we do not knowingly collect personal data from children under the age of 18 years.

How do we collect your personal data?

Some of the personal data that we process is obtained directly from you, either when you visit our website, use our Contact Us form, or when you correspond with us through post, email or phone. For reasons why we collect and process your personal data, please see “How do we use your personal data, and the legal basis for collecting and processing your personal data” below.

We also obtain some personal data indirectly from your use of cookies.

How do we use your personal data, and the legal basis for collecting and processing your personal data?

We process personal data covered by this Privacy Policy for the following purposes:

• For performance of a contract to which you are a party or signatory on behalf of your company

• • This is so we can manage our business relationship and execute our business arrangements with you (and or your company).

• With your explicit consent

• • This is where you ask for us to correspond with you where you have contacted us through our Contact Us page, sent us an email, or wish to partake in any events either in person or online.
  • Only if legally required or where no other lawful basis will apply. In those cases where processing is based on consent, and subject to the PDPL which provides otherwise, you have the right to withdraw your consent at any time by emailing myprivacy@waseel.com. This will not affect the validity of the processing prior to the withdrawal of consent.
  • To send you any marketing communications where you have previously provided us consent. This would be to promoting contact with existing and prospective customers, partners, stakeholders or suppliers. We may also notify you about updates to our websites, business or services.

• Processing pursuant to another law
  • For health and safety and security – such as for visitors to our sites, we process your personal data to adhere to health and safety laws, or for security reasons to keep you, and us safe.
  • There may be qualifying legal or regulatory reasons to process your personal data.
• For vital interests – to protect your life.
• For the purposes of our legitimate interests – pursued by Waseel, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual/s. Our legitimate interests include:
  • To measure and improve our business, services and performance, or to perform analyses on data we have collected, such as market analyses, trends and other research.
  • To contact you in the first instance to ask whether you would like to hear from us, and if so, we shall request consent. 

How do we share your personal data, and to whom?

We may share/disclose your personal data with the following:

Recipient (and country)	Purpose	Personal data
Microsoft office 365 (USA)	Communication and collaboration; Emails;	Any or all of the personal data described above, more likely to be contact information.
Internal (Waseel) KSA Such as; sales, marketing, procurement, facilities, etc)	Business reasons on a need to know, and as and when required basis (role based). Access control.	Any or all of the personal data described above, more likely to be contact information, audio/CCTV, indirect sensitive data as described above.
NetSuite (USA)	Enterprise Resource Planning (ERP); Financial management; Vendor relationship management (VRM);	Contact information as described above.
WordPress (UK)	Drag and drop webpage tool	Contact information as described above.
CRM HubSpot (USA)	Customer relationship management (CRM); Marketing automation; Sales tracking.	Contact information as described above.
Maqsam (KSA)	It provides VoIP (Voice over IP) solutions, virtual phone numbers, call- center services, and SMS communication tools for businesses.	Contact information as described above.
Admin portal (KSA)	A system designed to handle healthcare provider organizations, their branches, contracts, contract types, users, and user privileges. It manages the complete lifecycle of healthcare provider relationships.	Contact and communications information
Fresh desk ticketing system (USA)	Fresh desk helps businesses manage and resolve customer queries efficiently through a centralized ticketing system with automation, multi-channel support, and analytics.	Contact and communications information
Waseel website, hosted by WP Engine (UK)	When you contact us through our Contact Us page; When you visit our Website.	Contact information, usage, geolocation and cookies data as described above.
Law enforcement, or government entities (KSA).	Where required by law.	Any of the personal data as described in table above, as required.
Health care professionals	For example, if a health related incident occurred where you visit any of our premises.	Contact information, and any other information (including sensitive data) that may be applicable for your vital interests.

We may process or transfer your personal data to any country where we engage third-party agents or service providers as described above, and so you understand that your information will be transferred to countries outside of your country of residence. Where the transfer is subject to appropriate safeguards for international transfers as prescribed by Applicable Law, for example if we are sharing your personal data with a third party, as required, the contract with them will have appropriate contractual clauses (and any standard contractual clauses, if the transfer is to a non-adequate country) or other obligations in the contract requiring appropriate technical, organizational and security measures to protect your personal data.  To find out more, please email myprivacy@waseel.com.

How do we store your personal data and for how long?

We will only retain personal data for as long as necessary to fulfil the purpose for which it is processed or as required by Applicable Laws or any litigation hold, to which we are subject, including to meet any legal requirements. Data is retained within the appropriate service providers described above, in accordance with our retention schedule.

Please note that if you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing communications in the future.  We shall retain your personal data for 5 years after termination of our relationship with you.

Your personal data rights:

As a data subject, you have a number of rights under the PDPL, which primarily depend on the purpose of personal data collection and processing, these include:

• Right to be informed: you are entitled to be informed how we collect your personal data, legal basis for collection and processing, how such data is processed, stored, destroyed, and to whom it will be disclosed.
• Right of access to your personal data: you are entitled to request access to your personal data by contacting us using the below mentioned information.
• Right to request access to your personal data: you are entitled to request access to your personal data held by us in a readable and clear format if technically feasible through electronically encrypted means.
• Right to request correction of your personal data: you are entitled to request correction of your personal data that you believe is inaccurate, incorrect or incomplete, by contacting us using the below mentioned information. Such data will be reviewed and updated within 10 working days. In addition, you will be notified that your data has been corrected by email.
• Right to request destruction of your personal data: you are entitled to request destruction of your personal data in certain circumstances, for example, we will not destroy your personal data if there is a legal or business requirement for us to retain your personal data, in accordance with Applicable Laws.
• Right to withdraw your consent for processing your personal data: you are entitled to withdraw your consent for processing your personal data at any time unless there are legal bases that require otherwise. You may exercise your right to withdraw, by contacting us using the below mentioned information.

Please note, however, these rights are not absolute, and we will explain to you if we rely on any exemptions when responding to you. If you would like to exercise any of these rights, please contact us using the below mentioned information.

Security of your personal data

We maintain technical, physical and organisational measures intended, as required under Applicable Laws, to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. We confirm we are ISO 27001 certified and ensure to apply best practice security standards when processing your personal data.

The use of cookies and similar technologies

We may use cookies and similar technologies that aim to collect and store information when you visit our website. You can control and manage your cookie preferences by clicking on the cookies icon underneath the WhatsApp icon on the Waseel homepageTo read more, please refer to our Cookies Policy.

Contact information and complaints

If you have any questions or concerns regarding our use of your personal data, or if you wish to exercise any of your rights described in this Privacy Policy, please contact our Data Protection Officer: myprivacy@waseel.com.

Should you wish to raise a complaint about how Waseel processes your personal data, we ask in the first instance you allow us the opportunity to rectify your concerns by emailing myprivacy@waseel.com.  If you are not satisfied with how we deal with your concerns, or we fail to respond within 10 working days, you may lodge a complaint with the Competent Authority, namely SDAIA here.

Changes to this Privacy Policy and other information

This Privacy Policy may be changed over time. You are advised to regularly review this Privacy Policy for possible changes. This Privacy Policy was last updated in February 2025.

For ease of reference, the Personal data Protection Law can be accessed here.