Effective date: April 9, 2025
Our Privacy Commitment
Because people and health are our business at AiZtech, privacy matters. AiZtech respects the privacy of its users and other individuals with whom AiZtech has business interactions. This Global Privacy Policy applies to all jurisdictions in which AiZtech operates, including compliance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (KSA), and outlines our practices related to the collection, use, disclosure, and protection of your personal information.
We respect your privacy when:
-
We offer privacy notices that explain how and why we handle personal information.
-
Where appropriate, we respect your choices about our collection, use, and sharing of information.
-
We collect, use, and retain only personal information that is relevant and useful to our provision of our services.
-
We use reasonable efforts to keep personal information accurate and up-to-date.
-
We use information security safeguards to protect personal information.
-
We limit access to and disclosure of personal information.
-
We retain personal information as needed to fulfill our legal obligations or business purposes. For example, under the Saudi PDPL, we ensure data retention does not exceed the duration necessary for its purpose unless legally required or consented otherwise.
-
We provide individuals the ability to view, correct, delete, or object to the processing of their information where required by applicable law.
-
We provide a mechanism for you to ask questions or register complaints about privacy.
Information We Collect and How We Use It
We collect personal information in the following ways:
-
Automatically via Website: Information about your device, IP address, visit duration, pages accessed, and referral site.
-
Cookies: When you visit a website it may generate a small piece of text known as a cookie that is stored in your browser. This allows the organization to keep track of what pages you are on, and other specific information about your visit and how you used the site, to ensure the best experience and that things don’t break while visiting the website. There are two types of cookies that we use – essential single session cookies like the ones described above to ensure the website is functional, they are temporary and disappear when you leave the website. Multi-session (persistent) cookies, these are stored in your browser for longer periods. These are used to recognize you if you visit our site in the future, and for us to derive information about how people use the website, and to collect statistical information about site usage so we can improve it. We obtain this information through the Google Analytics service. We do not enable the Google Analytics Advertising Features. You can use your browser to prevent acceptance of these type of (third party) cookies, the website will still function without them. A limited number of AiZtech employees will have access to the information generated. Many other websites frequently include cookies from third parties that may be used for advertising or profiling purposes – AiZtech does not use any of these types of third-party cookies (and so we don’t use a Cookie Consent function).
Google Analytics: Google Analytics uses cookies to help us analyze how visitors to AiZtech use our website. Google Analytics does not receive information from AiZtech related to your username, and your IP address is truncated by Google Analytics. Data in Google Analytics can only be viewed in aggregated fashion, and cannot be tied to individual users. Learn more Google Analytics and privacy from https://policies.google.com/technologies/partner-sites.
You can opt out of Google Analytics tracking via https://tools.google.com/dlpage/gaoptout. -
Voluntarily Provided Information: This includes identity information, test data, photographs, health-related inputs, and contact details.
-
Saudi PDPL Note: Under Saudi law, we obtain explicit and documented consent before collecting any personal or health data and provide clear notice of its purpose, use, and rights to access, correct, or delete such data.
Purpose of Data Collection
We use your data for:
-
Providing and improving our health technology services.
-
User support and communication.
-
Performance analytics.
-
Medical research (with additional voluntary consent).
-
Legal and regulatory compliance.
In Saudi Arabia, these purposes are aligned with Article 5 of the PDPL, requiring proportionality, purpose limitation, and lawful use based on consent or statutory necessity.
Secondary Uses
We will ask for your consent before using your data for any secondary purposes, such as improving AI algorithms using biometric (facial or eye) data. Consent is optional and will not affect your access to services.
Cross-Border Data Transfers
Your personal data may be transferred and stored on servers in jurisdictions outside your country of residence, including the United States. For users in the Kingdom of Saudi Arabia:
-
Under the PDPL, we ensure that such transfers are conducted with explicit consent, or in compliance with approval from the Saudi Data & Artificial Intelligence Authority (SDAIA), as required.
-
Data is encrypted during transfer and storage using industry standards.
-
Hosting locations are disclosed upon request.
Data Retention
We retain your personal data:
-
For as long as your account is active or as needed to provide services.
-
As required by law or contractual obligation.
-
Deleted upon user request or after 24 months of inactivity, unless extended with your consent.
Saudi PDPL compliance: Retention is based on necessity and not retained longer than required. You have the right to know the duration of data storage.
Children's Privacy
We do not maintain any information specifically for children in our systems. Testing may not provide an accurate result for children under a specific age anyway. Also, some countries have specific laws concerning collection of information about children (e.g. in the USA the Children’s Online Privacy Protection Act (COPPA) governs information gathered online from, or about, children under the age of 13). We do not solicit information of any kind from children under the age of 13. Please DO NOT SUBMIT ANY INFORMATION REGARDING CHILDREN. We cannot be held liable should you ignore this.
Data Subject Rights
All users, including those in Saudi Arabia, have the right to:
-
Request access to personal data.
-
Request correction or deletion of inaccurate or outdated information.
-
Object to processing under certain conditions.
-
Withdraw consent at any time.
-
File complaints with the appropriate Data Protection Authority if unsatisfied with our response.
Requests can be made by emailing: privacy@aiztechlabs.com
Data Security
We use:
-
Encryption (in transit and at rest).
-
Access control policies.
-
Periodic audits and assessments.
-
Training for personnel with access to sensitive data.
These measures support PDPL Article 18 requirements for maintaining confidentiality, integrity, and availability of data.
Legal Basis for Processing
Depending on your jurisdiction, our processing may rely on:
-
Your consent.
-
Contractual necessity.
-
Compliance with legal obligations.
-
Legitimate interests.
In Saudi Arabia, explicit consent is our primary legal basis for processing health-related data unless an exception under Article 6 of the PDPL applies.
Breach Notification
In accordance with applicable laws, including Saudi PDPL Article 20, we will notify affected individuals and regulatory authorities of any data breach that may result in harm, without undue delay.
Policy Changes
We may update this Policy to reflect changes in our practices, technologies, or legal obligations. We will notify users by email and publish updates on our website.
Contact Us
Questions, access requests, corrections, deletion, or complaints can be directed to: privacy@aiztechlabs.com