Privacy Policy

This Privacy Policy describes how Sitana Global (“we”, “us”, “our”) collects, uses, stores, and shares personal data and health-related information when you use our telehealth platform, website, and related services.

This Policy works together with our Terms of Use and with the informed consent flow you complete when creating a case on the platform. The consent screens summarise key points; this Policy provides fuller detail. If you do not agree with this Policy, you should not use our services.

Sitana Global provides remote telehealth facilitation. It is not an emergency service and does not replace emergency medical services.

If you believe you are experiencing a medical emergency, call your local emergency number or seek immediate in-person care. Information you submit through the platform is not monitored for real-time emergencies.

We collect information you provide when registering, completing your profile, creating or managing cases, messaging, booking appointments, participating in video or audio consultations, and contacting support. This may include name, national or government identifier where required, date of birth, contact details (email, phone), account credentials (stored using appropriate security practices), medical history, symptoms, documents you upload, case descriptions, and communications with practitioners or the platform.

We also collect technical and usage data such as device type, browser, approximate location derived from IP address, log data, and cookies or similar technologies where applicable, to operate and secure the service.

Health information you provide is treated as sensitive personal data and is processed only for the purposes described in this Policy and as permitted by applicable law, including the Personal Data Protection Law (PDPL) and related regulations in the Kingdom of Bahrain.

We process personal and health data to: provide and improve telehealth services; match you with practitioners; enable chat, video, and voice consultations; manage appointments; generate clinical documentation where applicable; comply with medico-legal or second-opinion workflows you select; verify identity where required; send transactional notifications; detect fraud and abuse; comply with legal and regulatory obligations; and operate analytics in aggregated or de-identified form where permitted.

Processing for primary online consultation, second medical opinion, and medico-legal case review may differ in scope. We process only what is necessary for the service type you choose.

We implement technical and organisational measures designed to protect personal and health data against unauthorised access, loss, or alteration. Access is limited to personnel and systems that need it to provide the service.

We retain data for as long as necessary to fulfil the purposes in this Policy, including providing care, meeting legal, regulatory, and professional record-keeping requirements (including NHRA, PDPL, National Cybersecurity Centre / NDMO guidance, NHIFP-related obligations where applicable, and Ministry of Health telehealth guidelines), and resolving disputes. Retention periods may vary by data category and jurisdiction.

We do not sell your personal or health data to third parties.

Your case information and health data are shared with the practitioner assigned to your case so they can provide care. In peer consultation or colleague discussion scenarios, relevant information may be shared with other medical professionals involved in your case to the extent necessary for coordination and treatment or review.

We may share data with service providers who process data on our behalf under strict contracts (for example hosting, communications, or security vendors), and with authorities when required by law or to protect rights and safety.

We do not share your data for unrelated third-party marketing without your consent where consent is required by law.

Video and audio sessions may be recorded only when we obtain your explicit per-session consent before the session begins. You will be informed when recording is active.

Recordings are stored securely and may be used for medico-legal documentation, quality assurance, training where permitted and anonymised, and dispute resolution, consistent with applicable law and professional obligations.

For medico-legal case reviews, outputs may include expert medical opinions intended for use in legal or dispute proceedings. Such documents are not a substitute for independent legal advice and may be processed and retained as required for those proceedings and professional standards.

A second opinion is based on information you and others submit to the platform. It does not replace the judgment of your treating physician and may be limited by incomplete records or remote assessment constraints.

Your data may be processed in Bahrain and, where we use subprocessors or infrastructure in other countries, in accordance with applicable law and appropriate safeguards (such as contractual clauses or adequacy decisions) where required.

We may send you SMS, email, or push notifications about your cases, appointments, security alerts, and important service updates. You can adjust certain communication preferences in your account settings where available. Essential service and legal notices may still be sent even if you opt out of marketing, where permitted.

Subject to applicable law, you may have the right to access, rectify, or delete your personal data; restrict or object to certain processing; and lodge a complaint with a supervisory authority. Deletion may be limited where we must retain data for legal, regulatory, or professional reasons.

Withdrawing from a case or deleting your account does not erase data that was lawfully processed before your request, or data we must retain.

Our services are intended for users who are at least 18 years old, or for minors where a parent or legal guardian provides consent and information on their behalf. We may require verification of guardian status for minors.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, notify you through the platform or email.

For privacy-related questions or requests, contact us using the contact details provided on the Sitana Global website or in your account area.