PrivacyPolicy

Privacy Policy
----------------

### 1. Introduction

Apex Health Care keeps this Privacy Policy under regular review and places any updates on this web page. This Privacy Policy was last reviewed and updated on 24 July 2024.

Apex Health, an application product developed by Afiya is offered as a free app.

### Our Contact Details
For general inquiries & policy related queries please contact Email: digitalteam@powerholding-intl.com

### 1.1. Summary Statement

Apex Health care respects and is committed to protecting your privacy and personal data. “Personal Data” means any information about an individual from which that person can be identified. We act as a data controller in relation to any Personal Data you provide to us and will only process and share your data in line with the requirements of the applicable data protection laws as set out in this policy. We will take reasonable steps to ensure that those with whom we legitimately share your data are equally robust in their approach to data protection.

### 1.2. What we offer

This policy sets out information about how we process your Personal Data,
which we receive through our mobile applications (the “Platform”) when you
use and access our Platform and our services available on the Platform
which includes but are not limited to:

* a directory of doctors and other healthcare specialists and hospitals, in Qatar.
* a medical appointment booking facility (the “Appointment Booking Facility”).
* general non-specific health tips and blogs for educational and
informational purposes (the “Health Articles” and together with the
Directory, the Appointment Booking Facility and My Records and such
other services we may provide on or from the Platform from time to time
the “Services”).

### 1.3. Parties

References in this Privacy Policy to “user” or “you” (or similar) are
references to you as an individual or legal entity as the case may be.

References in this Privacy Policy to "Afiya", “Apex Health care”, “we,” “our” or “us” (or similar) are references.

### 1.4. Your agreement to this policy

Please read this Privacy Policy carefully, to help you understand our
practices in how we process your Personal Data. By using our Platform and
Services, you agree to the handling of your Personal Data in accordance
with this Privacy Policy and Terms of Use. If you use our Platform and
Services, you consent to the processing of your Personal Data under this
Privacy Policy and agree to the Terms of Use for the Platform.

### 1.5. Updates and revisions

We update this Privacy Policy from time to time. If we make changes, we
will notify you by revising the date at the top of the policy, and in some
cases, we may provide you with additional notice (e.g. by adding a
statement to our homepage or sending you a notification). We encourage you
to review the Privacy Policy whenever you access the Services or otherwise
interact with us to stay informed about our information practices, and the
choices available to you.

### 1.6. Exclusion of Healthcare Services in our platform 

It is important to note, and as set out in our Terms of Use, that we are a
platform provider. We do not provide any actual medical or other health
services on our Platform. Nothing stated or posted on the Platform by us
is intended to be, and must not be taken to be, the practice of medicine,
dentistry, nursing, or other healthcare professional services or the
provision of medical care. Do not use the Platform or the Services for
emergency medical needs. If you experience a medical emergency,
immediately call your local emergency services.

Healthcare Providers who have registered and entered into a subscription
agreement with us in relation to our appointment booking facility on the
Platform will be subject to a service agreement with additional provisions
as to how we will use Personal Data. We recommend that you look at the
Healthcare Providers’ privacy policy to understand how they process your
Personal Data.

### 2. Links to Other Sites

### 2.1. We are not responsible for third-party sites

The Platform may include links to other third-party websites, plug-ins,
and applications which may include those of Healthcare Providers.
These other third-party websites are not owned or controlled by Afiya/Apex Health Care.
We are not responsible for the privacy or security practices of such other third-party websites.
When you leave our Platform, we strongly encourage you to read the Privacy Policy of each website
that collects personally identifiable data,and to know your privacy rights before interacting with such websites.

### 2.2. White Label Solution

We have partnered with certain Healthcare Providers who provide Afiya’s Services
using a White Label Solution. In practice, this means that the Healthcare Providers’ website
will contain a link to pages on our Platform and such pages will utilize the Healthcare Provider’s branding.

### 3. Your Data Protection Rights

### 3.1. Overview

Apex Health uses your Personal Data for several different purposes,
for example to provide our Services to you and others and to meet our legal and regulatory obligations.
By ‘your information/data’ we mean any information about you that you or third parties provide to us.
You have rights under relevant data protection law, and these rights are explained in this section:

### 3.2. Right of access (also known as ‘Subject Access Request’ or ‘SAR’)

The right of access is your right to obtain from us:
* Confirmation that we are only reading your Personal Data from the Hospital EMR; and
* The account owner’s details, documents, and existing relative details along with their
documents are not stored in Apex Health.
    
Please refer to section 4 for the type of data we collect. If following an
appointment, you require access to your medical data or your notes in
respect of the appointment, we do not hold such data, but the information
updated by the health provider via EMR will be accessible under ‘My
Records’ feature and downloadable with specific consent.

### 3.3. Account Deletion - Apple OS

In compliance with Apple’s App Store Guidelines, users who create an Apex Health
account may delete their account in addition to deactivating it.

When you delete the Apex Health application from your device, a deletion request
is sent to our operations team who will carry out certain checks to
ensure, for example, that the user has no upcoming appointments with a
healthcare provider, and the third party (see section 2.2) is informed of
such deletion request.

The account deletion process is manual, and therefore it will take up to 14
working days to action the request from the date the request is received.
An Email and SMS notification will be sent to the email address and phone
number on the registered account as confirmation of receipt of the request
and another confirmation will be sent upon successful deletion of the
account.

Please note that we are required to retain certain data by law and may
retain certain data in accordance with statutory limitation periods.

In the event that you decide to return to use Apex Health services you can reuse
the same phone number.

### 3.4. Our response to your requests

We try to respond to all legitimate requests within one month.
Occasionally it could take us longer than a month if your request is
particularly complex, or you have made several requests. In this case, we
will notify you and keep you updated. If you wish to exercise any of the
data protection rights set out above, please contact us by email at Email: digitalteam@powerholding-intl.com

### 4.Data Acquisition

The different kinds of Personal Data that we collect & do not store in our
platform but transmit to the EMR of Health providers are as follows:

* Identity and Contact data: first name, last name, date of birth, gender, email address,
telephone number, and ID.
* Financial and Transaction Data: details about payments from you, payment card details.
For details about our payment collection options, please refer to our Terms and Conditions.
* Profile Data: your chosen password and bookings made by you.
* Usage Data/Online Identifiers: IP Addresses, information about how you use our Platform,
products, and Services, how you use your devices to access our Platform including the screens
you visit and searches you make
* Marketing and Communications Data: your preferences in receiving marketing from us and our
third parties, and your communication preferences

Where we need to collect Personal Data by law, or under the terms of a
contract we have with you, and you fail to provide that data when
requested, we may not be able to perform the contract we have or are
trying to enter into with you (e.g. to provide you with booking services).
In this case, we may have to cancel an appointment you have booked through
the Platform, but we will notify you if this is the case at the time.

### 5. Minors

By accessing, using and/or submitting information to or through the
Platform and the Services, you represent that you are not a child, being a
person under the age of 18 (“Minor”). If we learn that we have received
any information directly from a Minor without his/her parent’s written
consent, we will use that information only to respond directly to that
Minor (or his/her parent or legal guardian) to inform the Minor that
he/she cannot use the Services, and we will subsequently delete that
information. If you are a parent or legal guardian of a Minor, you may, in
compliance with the Terms of Use, use the Services on behalf of such
Minor. Any information that you provide us while using the Services on
behalf of the Minor will be treated as Personal Data as otherwise provided
herein. If you are a parent or legal guardian, and you allow a Minor to
use the Services, then these terms (Terms of Service) apply to you, and
you are responsible for the Minor’s activity on the Services. Please refer
to our Terms of Service.

### 6. Consent

Consent is one lawful basis for processing. When we ask for your consent,
we do not use pre-ticked boxes. For example, when you register your
account with us, you will need to read and accept our Privacy Policy and
Terms of Use by ticking the ‘I agree’ box provided. This is known as
positive opt in.

* Here is an example:
* Please note that you may withdraw your consent at any time where we are
relying on our consent to process your Personal Data. However, this will
not affect the lawfulness of any process carried out before you withdraw
your consent. If you withdraw your consent, we may not be able to provide
certain products or Services to you. We will advise you if this is the
case at the time you withdraw your consent.

* When you make an appointment using our Platform, the consultant, or the
Healthcare Provider that you are seen in person would be responsible, as a
data controller, for obtaining your consent and manage the consent
process. You must contact the consultant or the clinical practice directly
if you would like to withdraw your consent related to your appointment and
consultation.

### 7. Marketing / Research

### 7.1. General

We would like to send you information about our Services, and we use
SMTP2GO for marketing purposes. If you have agreed to receive marketing,
you may always opt out later by following the opt-out/unsubscribe links on
any marketing message sent to you or by contacting us at any time by
sending an email to digitalteam@powerholding-intl.com

Where you opt out of receiving these marketing messages, this will not
apply to Personal Data provided to us because of a product/service
experience or other transactions.

### 7.2. Promotional offers from us

We may use your identity, contact, technical, usage, and profile data to
form a view of what we think you may want or need, or what may be of
interest to you. This is how we decide which products, services, and
offers may be relevant for you (we call this marketing). You will receive
marketing communications from us if you have requested information from us
or purchased services from us, and you have not opted out of receiving that
marketing.

### 7.3. Third-party marketing

It is the responsibility of the third party, such as our White Label
partners, to obtain your consent and get your express opt-in consent
before they contact you for marketing purposes.

### 7.4. Mobile app push notifications

On downloading the Apex Health Care app, you will receive notifications asking
whether you consent to: (a) Apex Health Care identifying and using your mobile device
location; and (b) to receiving future notifications from Apex Health Care.
Apex Health Care requires access to your device location for location-based push notifications
and user analytics purposes.

### 8. Data Security
### 8.1. General

We process your data in a manner that ensures appropriate security of the
Personal Data, including protection against unauthorized or unlawful
processing and against accidental loss, destruction, or damage, using
appropriate technical or organizational measures. We also have procedures
to deal with any suspected Personal Data breach and will notify you and
any applicable regulator of a breach where required by law.

Unfortunately, no transmission or storage system can be guaranteed to be
completely secure, and transmission of information via the Internet is not
completely secure. If you have reason to believe that your interaction
with us is no longer secure (for example, if you feel that the security of
any account you might have with us has been compromised), please
immediately notify us of the problem using the contact details provided in
section 9.

Apex Health Care does not warrant the accuracy, completeness, currency, or
reliability of any of the content or data found on this platform and Apex Health Care
assumes no responsibility and shall not be liable for any damages to, or
viruses that may infect, your mobile or other equipment or other property
on account of your access to, use of, or browsing on the website. In no
event shall Apex Health Care be liable for any injury, loss, claim, damages, or any
exemplary, punitive, direct, indirect, incidental, or consequential
damages of any kind (including but not limited to lost profits or lost
savings) whether based in contract, tort, strict liability, negligence,
product liability or otherwise. The entire risk as to the quality,
performance and use of this website is with you. Any communications,
messages, and other information obtained while using the Website is
obtained at your risk and you bear the entire responsibility for any
losses that you may experience because of your use of our website.

### 8.2. Passwords and Confidentiality (Including your Mobile Number and email address).

If you are provided with a password or any other piece of information as
part of our security procedures for a registration-only section of our
Platform, you are responsible for all activities that are carried out
under them. We do not have the means to check the identities of people
using the Platform, and we will not be liable if your password or username,
email address or your mobile number is used by someone else. You agree to
contact us immediately of any unauthorized use of your password or
username of which you become aware. We have the right to disable any user
identification code or password, whether chosen by you or allocated by us,
at any time, if you have failed to comply with any of the provisions of
these terms or the Terms of Use.

### 9. Any further questions

If you have any questions about this Policy or about your Personal Data,
General inquiries not related to this Privacy Policy or your Personal Data
can be directed to our team who can help you with your inquiries, please
contact Email: digitalteam@powerholding-intl.com