The Saudi Ministry of Health (MOH) portal deems the confidentiality of the information of users and visitors a top priority. The portal’s administration spares no effort to provide high-quality services to all beneficiaries. The privacy and confidentiality of information described below are part of the terms and conditions of using the ministry's e-portal.

The portal visitors and beneficiaries must constantly review the terms and principles of privacy and confidentiality of information when updates are made to them. MOH is not responsible, under any circumstances, for any direct, indirect, incidental or consequential damages, whether special or exceptional, arising from the use or inability to use this portal.

Collecting personal information and data:

If you click a link to a service provided by MOH, this entity will be able to:

  • Control the data;
  • Process the information you share; 
  • Post and administer its own privacy notice, with details on how to contact the entity.

Collected data:
  • Questions, inquiries or notes that you leave, including your email address when you make an inquiry or request information about a specific service, or any additional information you provide while using any of the means of communication with MOH, whether electronic or non-electronic. For example, if you make an inquiry on our website, we will use your email address to respond to that inquiry. Your email address, message, and our answer to your inquiry may be saved for quality control purposes.
  • Your email address and subscription preferences when your register for our email alerts.
  • Your Internet Protocol (IP) address and details of the web browser version you used.
  • Information on how you use the website, using cookies.
  • MOH uses Dynatrace software to collect information about how you use the Ministry's website. This includes IP addresses. Anonymous data before they are used to process analyzes.
  • MOH does not store your personal information through Dynatrace (e.g. your name or address). We will not identify you through analytics information, and we will not combine the analytics information with other data sets in a way that identifies you. Data are collected for oversight and quality purposes only. We continuously monitor our data protection controls to ensure their effectiveness and discover any weaknesses.
  • Dynatrace processes anonymous data about:
    • Pages you visit on the ministry's website;
    • The time you spend on each page of the website;
    • How you reach the website;
    • What you click on while you’re during your visit to the website.

Purpose of data collection:
We collect data in order to:
  • Allow you to access government services and conduct transactions;
  • Understand how you use the website and its services to ensure that it meets the needs of beneficiaries;
  • ​Make improvements (e.g. improve website search) using Dynatrace;
  • Collect feedback to improve our services (e.g. email alerts, content rating, and service rating features);
  • Respond to any comments you send us, if you request a response;
  • Send email alerts to users who subscribe to them;
  • Provide you with information about local services;
  • Monitor website use to identify security threats.

User Rights:
Users have the right to access and amend their personal data. MOH is committed to preserving the privacy of the data of its system users. To safeguard user rights and preserve the confidentiality of user and visitor information on its various systems, MOH exerts tremendous efforts to provide high-quality service to all users according to the following:
  1. Beneficiaries of the ministry’s services and visitors to the portal shall be constantly updated with the terms and principles of privacy and confidentiality of information when any updates are made.
  2. MOH is obliged to notify website beneficiaries and visitors of any updates to the privacy and information confidentiality policy.
  3. MOH is also obliged not to disclose any personal information about you unless you voluntarily choose to disclose this information. It is only used for specific purposes. 
  4. Owners of these personal data have the right to revoke their consent to share data at any given time. 
  5. If you use a direct application or send us an email via the MOH portal providing us with your data, you fully agree to the storage, processing, and use of that data by the Saudi authorities. We reserve the right, at all times, to disclose any information to the concerned authorities, whenever necessary.
  6. You are solely responsible for the completeness, correctness, and authenticity of the data that you send through this portal.
  7. ​In order for us to be able to help you protect your personal information, we recommend the following:
  • Do not give your confidential information on MOH, over the phone or the Internet, to any person or entity that is not officially affiliated with MOH.
  • Use a safe browser when you conduct transactions over the Internet. Additionally, make sure you close unused applications on your network, and ensure that your anti-virus software is always updated.
  • If you have any inquiries or opinions about privacy principles, contact the Data Privacy Office.
  • To preserve your personal data, electronic storage and personal data are secured using proper security technologies.
  • This portal may contain electronic links to websites or portals that may use means of protecting data and privacy that are different from the means we use. We are not responsible for the contents, methods, or peculiarities of these other websites, and we advise you to refer to their privacy notices.
  • If you wish to request any of these rights, you can contact the Data Privacy Office.

Personal data protection principles and rights:
  • Responsibility:  Defining and documenting privacy policies and procedures.
  • Transparency:  Beneficiaries are notified of MOH's privacy policy and procedures.  
  • Selection and approval: Possible options for owners of personal data are determined, and users’ consent (implicit or explicit) is obtained regarding the collection, use, or disclosure of their data.
  • Limiting data collection: Collection of personal data is limited to a minimum that would serve specific purposes.
  • Data use limiting, retention, and disposal: Personal data processing and retention is limited only to the purposes specified in the Privacy Notice for which the user provided their (implicit or explicit) consent.
  • Data access:  Means that help users access and review their personal data are specified and provided. Users can also request to update or correct their data. 
  • Limiting data disclosure: Disclosure of personal data to external parties is limited to the purposes specified in the privacy notice for which the user provided their (implicit or explicit) consent.
  • Data security:  Personal data are protected from leakage, damage, loss, misappropriation, misuse, modification, or unauthorized access.
  • Data quality: Personal data are kept accurate, complete, and directly related to the purposes specified in the privacy notice.
  • Monitoring and compliance: Compliance with the Ministry's privacy policy and procedures is monitored.

Main principles and general rules for data sharing:
  1. Sharing key data produced by MOH is reinforced. This aims to create integration between various parties inside or outside the Kingdom, as well as adopt the "one-time" principle to obtain data from their correct sources, and reduce duplication, inconsistency, and multiplicity of sources. If data were requested from a source other than the primary one, then that the party required to share the data must obtain the approval of the main entity (the data source) before sharing it with the requesting party.
  2. Data are shared for legitimate purposes based on a justified legal or business need that targets the public's best interest. This happens without causing any harm to the national interests, activities of authorities, the privacy of individuals, or the safety of the environment, unless a royal order made an exception.  
  3. All parties involved in the data sharing process have the authority to view, obtain, and use this data.
  4. All parties involved in the data sharing process must make all necessary information for data exchange available, including: required data, the purpose of their collection, the means of their conveyance, the methods of their preservation, the controls used to protect them, and the mechanism for their disposal.
  5. All parties involved in the data sharing process shall be jointly responsible for decisions to share and process data in accordance with the specified purposes. They must ensure the application of the security controls stipulated in the data sharing agreement and the relevant regulations, legislations and policies.
  6. All parties involved in data sharing shall apply proper security controls to protect and share data in a safe and reliable environment. This should happen in accordance with relevant regulations and legislations as stipulated by the National Cybersecurity Authority.
  7. Ethical practices during the data-sharing process are applied to ensure the data are utilized within a framework of fairness, integrity, honesty, and respect, alongside adherence to information security policies and relevant regulatory and legislative requirements.

To contact the Data Privacy Office:
At the Data Privacy Office: we welcome your communication with us via e-mail in cases of:
  • Having questions about privacy policies and information confidentiality.
  • Believing that your personal data have been misused or mishandled.  

Relevant legislations: