Privacy Policy

Health Lounge is a corporate wellness screening platform developed by Baynatec (www.baynatec.com) for Medex Healthcare Services. This Privacy Policy explains how we collect, use, store, and protect your personal and medical information when you use our platform. We are committed to safeguarding your privacy and ensuring that your data is handled responsibly and in compliance with applicable laws.

We collect the following categories of information: - Personal Information: Full name, email address, phone number, national ID number, date of birth, and gender. - Medical Data: Health screening findings, diagnoses, medical notes, and examination results as recorded by healthcare professionals during wellness screenings. - Usage Data: Login timestamps, actions performed within the platform, IP addresses, and browser information for security and operational purposes.

Your data is used for the following purposes: - Providing corporate wellness screening services and managing patient records. - Generating medical reports (PDF summaries) and delivering them to authorized recipients via email. - Producing aggregated, anonymized analytics for insurance partners (such as Bupa) to support population health insights. - Improving platform functionality, security, and user experience. - Complying with legal and regulatory obligations.

All data is hosted on servers located within the Kingdom of Saudi Arabia to ensure compliance with local data residency requirements. Data is encrypted both at rest and in transit using industry-standard encryption protocols. Access to data is strictly controlled through role-based permissions, ensuring that users can only access information relevant to their authorized role. We implement regular security audits and monitoring to protect against unauthorized access.

We do not sell or share your personal data with third parties for marketing purposes. Insurance partners (such as Bupa) receive only aggregated, anonymized data that cannot be used to identify individual patients. Individual patient data is never shared with insurance partners or any third party without explicit consent from the patient or as required by law. Healthcare professionals accessing the platform can only view data within their authorized specialty and role.

Medical records are retained in accordance with the healthcare data retention requirements set forth by Saudi Arabian health regulations. User accounts can be deactivated by system administrators upon request or when no longer needed. Deactivated accounts are retained in a dormant state for the legally required retention period before being permanently deleted. Audit logs are maintained for compliance and accountability purposes.

You have the following rights regarding your personal data: - Right to Access: You may request a copy of the personal data we hold about you. - Right to Correction: You may request that inaccurate or incomplete data be corrected. - Right to Deletion: You may request deletion of your personal data, subject to legal and regulatory retention requirements. - Right to Restrict Processing: You may request that we limit how your data is used in certain circumstances. To exercise any of these rights, please contact your system administrator or reach out to us through the contact information provided below.

Health Lounge is designed to be compliant with Saudi Arabia data protection regulations, including the Personal Data Protection Law (PDPL), as well as applicable healthcare data standards. We continuously review and update our practices to ensure ongoing compliance with evolving regulatory requirements.

For privacy-related inquiries, requests, or concerns, please contact Baynatec at www.baynatec.com. We are committed to addressing your privacy questions promptly and transparently.