The right to receive services

Your use of Labayh services has never been suspended or prevented you from using them at any time. 

Any misuse by the beneficiary outside the framework of the described relationship will lead to the suspension of his account directly

You are 18 years old or older to be able to receive the services in the Labayh App

Medications are not dispensed through the application for individuals under 18 years old without parental consent.

Representations and warranties

You will review and comply with any notices sent by Labayh in connection with your use of the service provided by Labayh App. 

You will not use the information, content or any data you access or obtain through Labayh services for any purpose other than for personal use and you will use App and the service exclusively for your own purposes and will not sell it to any third party. 

You will not use the Service or Application to cause harm, annoyance, or inconvenience to anyone

You will not hinder the proper operation of Application

You will not attempt to harm the Service or the Application in any way

You will keep your account password or any other identifier we provide to you and allow access to your account in a secure and confidential manner.

We have made every effort to keep the website in a good and easy way, however Labayh assumes no responsibility and we will not be subject to any claims for the temporary unavailability of the website due to technical problems beyond our control.

Labayh undertakes to work as much as possible to provide qualified consultants in order to meet the beneficiary's needs and provide him with a distinguished service, but does not guarantee the extent to which the customer will benefit from the service; Because it is not measurable

Intellectual property rights

All intellectual property rights of these services and all materials related to them or that appear within the Application are the property of Labayh, whether registered or not in the Application. All content information and designs contained on the Application are our property, including, but not limited to: texts, graphics, programs, images, video, music and audio, and their selection and coordination, as well as all software compilations, source codes and main programs. 

You shall not allow anyone, for any reason, to use your account in order to obtain a session or to benefit from any of the services of Labayh Company.

Prices

Academic degree 

Payment

Labayh reserves the right to impose new fees for using the Application, the service, or both.

You shall pay the value of the “session” service to Labayh when booking the appointment with the specialist 

Payment methods available from within the platform (Mada - Apple Pay - Visa - Payment via installments)

Appointment cancellation policy

The customerhas the right to request a refund of the full amount paid 6 hours before the date of the session

The customerhas the right to request a refund of the full amount paid in the event that the specialist fails to attend the session without any prior excuse

In the event that the customer wishes to cancel the session within less than 3 hours of its date, only 50% of the amount paid in the customer’s wallet will be recovered

In the event that the client is late for the session, and it is canceled, only 50% of the amount paid in the client’s wallet will be refunded

In the event that the appointment is suspended for a period of 30 days from the date of reservation, it will be automatically canceled and only 50% of the amount paid will be refunded to the customer’s wallet.

The specialist or client has the right to cancel after 15 minutes from the start of the appointment if the other party does not attend (policy applies).

Refund policy

In the event that the customer does not comply and the appointment is suspended by the specialist for a period exceeding a month, 50% of the amount will be deducted and the remaining amount will be automatically returned to the customer’s wallet.

The client can request a refund of the full amount paid 24 hours before the date of the session

The customerhas the right to request a refund of the full amount paid in the event that the specialist fails to attend the session without any prior excuse

The customerhas the right to request a refund of the full amount paid in the event of a technical defect from the Application

The customeris not entitled to refund the session amount or part of it in the event of a request to terminate the session during the validity of the appointment

The customercannot refund the amount after completing the session

The cost of the session is fully refunded in the event that the appointment is canceled by the specialist and the customerdoes not wish to transfer the session reservation to another consultant, or to keep the amount in the client’s wallet within the Application

If the client requests to cancel appointments within a reserved package after attending one or more sessions without completing the remaining sessions, the completed session(s) will be charged at the original price without any discount. The remaining amount will then be refunded to the wallet.

legal responsibility

The information, recommendations, services or any of them provided to you through the website or application are for the purposes of completing the service based on the request.

Labayh will maintain, as much as possible, the correctness and updating of the website, the Application and its contents, and this does not contradict the presence of the developmental side.

Labayh shall not be liable for any damages resulting from the use of (or inability to use) the Website or Application, including damages caused by malware or viruses, nor shall it be liable for incorrect or incomplete information or the Website or Application, unless such damage may not have resulted from willful misconduct or gross negligence on the part of Labayh

Labayh is not responsible for any damages resulting from the beneficiary sharing his contact information with the specialist.

Referral System Policy

The client cannot withdraw the amount in cash or transfer it to another account within the application.

The balance will be forfeited if the client deletes their account in Labayh.

The balance usage period is limited to 12 months from the date the reward is received.

The referral code can be used a maximum of once during registration and once when booking an appointment.

Labayh reserves the right to set a maximum limit on the referral balance that can be used when booking an appointment.

Medical Reports Policy

The client has the right to request a medical report, as guaranteed by the healthcare system regulations in Saudi Arabia.

The report is issued by a doctor only.

 The last visit with the doctor must be within the past 30 days.

If it is a single session, the completed session duration must be more than 45 minutes and not less.

Labayh Plus Subscription Policy

Subscription Duration: The subscription period is set for a full calendar year, starting from the date of subscription activation and payment of fees.

Payment and Subscription: :

Users must pay the required fees in advance to subscribe to the service, using the available payment methods in the application.

Subscription fees may vary from one client to another and from time to time.

Labayh reserves the right to offer certain clients different trial offers or other promotional memberships.

Labyah Plus Subscription Cancellation Policy: :

The client has the right to request a subscription cancellation within the first 7 days from the subscription date, provided that they have not used or benefited from the subscription features.

If a cancellation request is made after 7 days or during the subscription period, the previously paid amounts for the remaining subscription period will not be refunded, and the service will remain active until the end of the current period.

The client must submit the subscription cancellation request through customer service.

Cancellation requests must include the necessary information to verify the client's details and subscription.

Unsubscribe fees (Labayh Plus):

If there are cancellation fees, the client will be notified of the applicable amount, which will be deducted from the paid subscription fee.

In some cases, cancellation fees may apply.

Client Rights After Subscription Cancellation (Labayh Plus):

Once the subscription is cancelled, the client loses the right to benefit from all subscription features and access to content.

We reserve the right to change or modify the cancellation terms at any time. We would like to reaffirm our commitment to providing high-quality service and treating all our clients fairly.

Limitation of liability

Labayh does not make any warranties, express or implied, regarding the services, as they are all provided as it.

Labayh undertakes to work as much as possible to provide qualified consultants in order to meet the beneficiary's needs and provide him with a distinguished service, but does not guarantee the extent to which the customer will benefit from the service; Because it is not measurable

Security

You acknowledge that you are solely responsible for the privacy of the services provided to you, and you are solely responsible for their use by any other person using your account and/or username, password or access credentials.

You agree to notify Labayh if you become aware of loss, theft, or unauthorized use of any password, user name, or other methods of accessing the Services, IP address “Internet Protocol address”.

Modify the service and user conditions

Labayh reserves the right, at its sole discretion, to modify or replace any of these User Terms, or to change, suspend or discontinue the Service or Application (including without limitation the availability of any feature, database or content) at any time, by posting a notice on the Site or by sending you a notice through the Service or Application or via e-mail.

We may impose limits on certain features and services or restrict your access to parts or all of the Service without notice or liability.

Notification

Labayh may send notifications by providing a general service or application notice, or by sending an email to your registered email address in your account information with Labayh.

Applicable law and dispute resolution

In the event of any disputes, disagreements arising from the interpretation and implementation of these terms and conditions, they are subject to all applicable user conditions and laws and regulations in the Kingdom of Saudi Arabia and shall be interpreted in accordance with them.

Applicable law and dispute resolution

Team members of Labyah must be treated with respect Any abuse directed towards the team may lead to administrative and legal actions in accordance with the laws of the Kingdom, including the Healthcare Practitioner Assault Law (any verbal or physical assault on a healthcare practitioner is a crime punishable by imprisonment for up to 10 years and a fine of up to one million riyals), and the Anti-Harassment Law.

The specialist has the right to ban the client if he encounters any kind of abuse by the client.

Article 1: Definitions

This document: The data Protection, Retention, and data usage legislation policy document.

Labayh Platform: Labayh Healthcare Company, including all applications and platforms affiliated with it.

Research and Development Unit: The unit responsible for research and development at Labayh Healthcare Company.

Scientific Research: Any systematic experimental inquiry related to mental health aimed at enriching or developing general knowledge using the health data of beneficiaries of the Labayh platform in accordance with the provisions regulated by this document.

Law: The Personal Data Protection Law (PDPL) and its regulations.

Competent Authority: The authority to be determined by a resolution of the Council of Ministers.

Personal Data: Any information—regardless of its source or form—that can lead to the identification of an individual directly or indirectly, including: name, personal identification number, addresses, contact numbers, license numbers, records, personal property, bank account numbers, credit card numbers, fixed or moving images of the individual, and other personal data. 

Data Processing: Any operation performed on personal data, by automated or manual means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Collection: The collection of Personal Data by Controller in accordance with the provisions of this Law, either from the Data Subject directly, a representative of the Data Subject, any legal guardian over the Data Subject or any other party.

Deletion: Any action performed on personal data which renders the data unintelligible or irrecoverable or makes it impossible to identify the data subject.

Disclosure: Enabling any person - other than the Controller or the Processor, as the case may be - to access, collect or use personal data by any means and for any purpose.

Transfer: The transfer of Personal Data from one place to another for Processing.

Publishing: Transmitting or making available any Personal Data using any written, audio or visual means.

Sensitive Data: Any personal data related to an individual's racial or ethnic origin, religious, philosophical, or political beliefs, as well as security and criminal data, biometric data that uniquely identifies an individual, genetic data, health data, and data indicating that an individual is of unknown parentage. 

Genetic Data: Any Personal Data related to the hereditary or acquired characteristics of a natural person that uniquely identifies the physiological or health characteristics of that person, and derived from biological sample analysis of that person, such as DNA or any other testing that leads to generating Genetic Data.

Health Data: Any personal information related to an individual’s health status, whether physical, mental, or psychological, or related to their health services. 

Health Services: Services related to the health of an individual, including preventive, curative, rehabilitative and hospitalizing services, as well as the provision of medications.

Credit Data: Any personal information related to an individual’s application for or receipt of financing, whether for personal or family purposes, from a financing entity, including any information related to their creditworthiness or credit history.

Data Subject: The individual to whom the personal data relates.

Public Entity: any ministry, department, public institution, public body, or any independent public entity in the Kingdom, or any of its affiliated entities.

Data Controller: Any public authority, and any natural or legal person; which determines the purposes and means of the processing of personal data; whether it carries out the processing itself or has it carried out on its behalf by a processor.

Data Processor: Any public authority, and any natural or legal person; which processes personal data on behalf of the controller.  

Coding: The conversion of primary identifiers that reveal the identity of the data subject into a code in such a way that the identity of the data subject can no longer be determined without the use of additional information, provided that such additional information is kept separately and under conditions ensuring the security and confidentiality of the personal data to which it relates.

Anonymization: The removal of direct and indirect identifiers that refer to the identity of the data subject in such a way that it becomes permanently impossible to identify the data subject.

Pseudonymization: The process of converting primary identifiers that refer to the identity of the data subject into codes that make it difficult to identify them directly without the use of additional data or information. The anonymized data or additional information must be stored separately, and appropriate technical and administrative controls must be applied to ensure that it is not specifically linked to the identity of the data subject.

Article 2: Purpose of This Document

Article 3: Objectives of the Document

Compliance with local laws: The document aims to ensure the company's compliance with personal data protection requirements in accordance with the Personal Data Protection Law in the Kingdom of Saudi Arabia (PDPL).

Protection of data subject rights: The document aims to confirm the rights of individuals to protect their personal data, including the right to access, correct and delete.

Application of security standards: The document seeks to protect data from unauthorized access, loss or destruction, by applying appropriate technical and organizational measures.

Mitigation of data breaches: The document sets out the necessary procedures to deal with data protection breaches and report them in a timely manner in accordance with the requirements of the law.

 Regulation of Data Collection and Use: Regulating the collection and use of personal data in the Research and Development Department in accordance with applicable legislation, while ensuring its safe and responsible use for research and development purposes in a way that enhances innovation and respects the rights of individuals.

Advancement in Healthcare Research: Working on research and development initiatives in the field of healthcare and finding health solutions for them.

Article 4: Scope of Application

Article 5: Privacy Policy, Data Confidentiality, and Scope of Legitimate Data Use

Labayh platform will have a privacy and data confidentiality policy that is prepared in accordance with relevant regulations and considering the provisions of this document.

When using the Labayh platform, the data subject is required to review and agree to the privacy policy, data confidentiality policy, and data usage policy document.  

This document sets out the scope of the legitimacy of using personal data for the purpose and objectives specified for it, while ensuring that only authorized persons have access to this data.

Records of data processing activities are kept, where we document the categories of data, processing purposes, and retention periods to ensure legal compliance and effective data management.

The data retention period is in line with the periods specified by the competent ministries and government agencies, in accordance with the approved policies for retaining personal data in each relevant field.

In the event of a data breach, we will notify the competent authorities within 72 hours, and we will notify those affected as soon as possible, in accordance with the regulations of the Personal Data Protection Law (PDPL).

Impact assessments are conducted in accordance with the Saudi Personal Data Protection Law (PDPL) when dealing with sensitive data or when implementing new technologies. We assess risks, review existing controls, and implement the necessary measures to ensure compliance and protect the privacy of the individuals concerned.

Customers may submit complaints about how their personal data has been handled within 90 days of the incident or from the moment they become aware of it. This includes investigating, communicating with the data subject, and taking the necessary corrective measures.

Payment method data is considered highly sensitive and is protected under the Saudi Personal Data Protection Law (PDPL). We comply with the regulations of the Saudi Central Bank and obtain explicit consent from individuals before processing or sharing their credit data, unless otherwise required by law. We retain credit data only as long as necessary to provide financial services, destroying it when it is no longer needed.

This document is included and displayed in the Labayh platform policies and the beneficiary must approve it within a maximum period of (60) days, and in the event of no response, the approval is considered valid unless the data subject requests to withdraw his consent in a manner that does not conflict with the provisions of Article (12) of this document. 

Article 6: Purposes of Data Use and Processing

Article 7: Rights of the Data Subject

In accordance with the provisions of the law, the data subject shall have the following rights:

Right to be Informed: This includes being informed of the legal basis for collecting their personal data and the purpose of collection.

Right of Access: The right to access their personal data held by the data controller, in accordance with the controls and procedures specified in the regulations, without prejudice to the provisions of Article 9 of the system.

Right to Data Portability: The right to request to receive their personal data held by the data controller in a readable and clear format, in accordance with the controls and procedures specified in the regulations.

Right to Rectification: The right to request the rectification, completion, or updating of their personal data held by the data controller.

Right to Erasure: The right to request the erasure of their personal data held by the data controller where the data is no longer necessary, without prejudice to the provisions of Article 18 of the system.

Right to Restriction of Processing: The right to request restriction of the use of personal data in some cases. While we may continue to store his personal data, we will not use it during the restriction period.

Right Against Automated Decision-Making: The right not to be subject to decisions based solely on automated processing.

Data Transfer Restrictions: Data is managed, stored and transferred based on the type of such data and the project it relates to within the company, in accordance with our policies while ensuring that it does not conflict with the laws and regulations issued by other relevant legislative bodies to ensure data protection.

Article 8: Collecting and Processing Data Without the Data Subject's Consent

Labayh platform may collect or process personal data for scientific, research, statistical purposes, or to deliver a specific health service without the data subject's consent in the following circumstances:

If the personal data does not specifically identify the data subject.

If the information that specifically identifies the data subject is to be deleted during the processing and before disclosure to any third party, and if the data is not sensitive data. 

If the collection or processing of personal data for these purposes is required by another law or in accordance with a previous agreement to which the data subject is a party. 

When collecting or processing personal data for scientific, research, statistical purposes, or to deliver a specific health service without the data subject's consent, Labayh must:

Clearly and accurately define the scientific, research, or statistical purposes in the records of personal data processing activities.

Take the necessary measures to ensure that personal data is collected to the minimum extent necessary to achieve the specified purposes.

Code the personal data being processed, where this does not affect the achievement of the purpose of the processing.

Take the necessary measures to ensure that the processing does not have any negative effects on the rights and interests of the data subject.

Article (9): Collecting personal data directly from its owner

If personal data is collected directly from the data subject, the data controller must, before or at the time of collection, take the necessary measures to inform the data subject of the following:

The formal name of the data controller, its contact details, and any other details relating to the channels established by the data controller for communication related to the protection of personal data.

The contact details of the data protection officer, if any, appointed by the data controller.

The legal basis and purpose of collecting and processing personal data in a specific, clear, and explicit manner.

The retention period for personal data or the criteria for calculating the period if it cannot be determined in advance.

An explanation of the data subject's rights as stipulated in Article 4 of the system and the procedure for exercising any of those rights.

An explanation of how to withdraw consent given for the processing of any personal data. 

A statement of whether the collection or processing of any personal data is mandatory or optional.

The provisions of this article shall not apply if the information specified in subparagraphs (1) to (7) is already available to the data subject, or if the provision of such information conflicts with any applicable regulations in the Kingdom. 

Article (10): Collecting personal data from people other than its owner directly

Article 11: Consent to the Processing of Personal Data

For a data controller to obtain the consent of a data subject to the processing of their data, it may do so in any appropriate form or manner, including written, oral, or electronic consent. The consent must meet the following conditions: 

Freely Given: Consent must be freely given, without coercion or deception, and in accordance with the provisions of Article 7 of the system. 

Specific Purposes: The purposes of the processing must be clearly and specifically defined and explained to the data subject at or before requesting consent.

Capacity: The data subject must have the legal capacity to give consent.

Evidence: Consent must be documented in a way that allows it to be verified in the future, such as by maintaining records that include the data subject's consent to the processing operations, along with the time and method of consent.

Specific Consent: There must be separate consent for each purpose of processing.

Consent from the data subject must be explicit in the following cases:

When the processing involves sensitive data.

When the processing involves credit data.

When decisions are to be made based entirely on the automated processing of personal data.

Pursuant to the provisions of this document and Article 5(2) of this document, electronic consent given by a data subject when using the Labayh platform shall be considered explicit consent for the processing of their sensitive data.  

Article 12: Withdrawal of Consent

The data subject may withdraw their consent to the processing of their personal data before it is coded, and may notify the data controller thereof by any means available in accordance with Article 8 of this document.

Before requesting consent from the data subject, the data controller shall establish procedures for withdrawing such consent and take the necessary measures to ensure their implementation. The procedures for withdrawing consent shall be as easy or easier than those for obtaining it.

In the event of withdrawal of consent before the data is coded, the data controller shall cease processing without undue delay, and the withdrawal of consent shall not affect the lawfulness of any processing carried out pursuant to the consent and prior to its withdrawal. 

Upon the withdrawal of consent by the data subject to the processing of their data before it is coded, the data controller shall take appropriate measures to notify those to whom the personal data has been disclosed, by any means, and request that it be deleted.

The withdrawal of consent shall not affect the processing of personal data that is carried out on the basis of other legal grounds.

Article 13: Processing Data for Marketing Purposes

Article (14): Direct Marketing

Without prejudice to the Information and Communication Technology System and other relevant systems, the data controller shall, before processing personal data for direct marketing purposes, comply with the following:

Obtain the consent of the data subject in accordance with the provisions of Article 11 of the Personal Data Protection System Bylaw.

Provide a mechanism enabling the data subject to stop receiving marketing materials whenever they wish, and the procedures for stopping the receipt of marketing materials shall be easy and simple and as easy or easier than the procedures for obtaining consent to receive them.

When sending direct marketing materials to the data subject, the name of the sending party must be clearly stated without concealing its identity.

If the data subject withdraws their consent to direct marketing, the data controller shall cease directing marketing materials to them without undue delay.

Article 15: Intellectual Property Rights

Article 16: Personal Data Protection Law

Article (17): Supervision of compliance at Labay Medical Care Company