SOHHTAK - Privacy Policy

DATA WE COLLECT (SUMMARY)

• Patients: full name, phone number, email address • Healthcare professionals: identity and credential verification documents • Sohhtak does NOT store medical records, medical prescriptions, or patient medical histories within the platform • Sohhtak does NOT store or monitor phone calls or WhatsApp messages

1. Commitment and Scope

SOHHTAK ("we" or "the Platform") is committed to protecting the personal data of patients, family representatives, and independent healthcare professionals. This policy covers all data collected through our mobile application and verification processes. By using SOHHTAK, your personal data is processed in accordance with this policy and Lebanese Law No. 81/2018.

2. Data Controller

SOHHTAK acts as the Data Controller for personal data processed through the Platform, within the jurisdiction of the Republic of Lebanon. We act strictly as a technology intermediary to facilitate access to independent, verified healthcare professionals.

3. Categories of Personal Data Collected

SOHHTAK collects only the minimum data necessary to provide its services:

Patient Data: Full name, phone number, and email address. SOHHTAK does not collect patient addresses, GPS location, medical records, prescriptions, diagnostic reports, medical images, or payment information.
Healthcare Professional Data: Healthcare professionals must provide verification documents including identification, professional license, diplomas, and curriculum vitae (CV). These documents are collected solely for credential verification and platform safety. They are not publicly displayed to patients and are stored securely.
Booking Data: Service type, scheduled date and time, and booking status. No medical or clinical details are collected through the booking process.

Important: SOHHTAK does not collect or store medical records, prescriptions, health files, payment information, or any form of clinical data. SOHHTAK does not use personal data for medical diagnosis or decision-making.

4. Purpose and Use of Data

Data is used solely to facilitate the following:

Verification: Identity and professional license checks for healthcare professionals.
Operations: Account creation, booking, and scheduling.
Governance: Dispute handling, platform safety, and legal compliance.

5. Communications

SOHHTAK does not provide in-app messaging between patients and healthcare professionals.

After booking confirmation, patients and healthcare professionals may communicate using external tools such as phone calls or WhatsApp. These communications occur outside the SOHHTAK platform and are not monitored, recorded, or stored by SOHHTAK.

Users share their contact details voluntarily for the purpose of coordinating healthcare services.

SOHHTAK does not monitor, store, or record phone calls, WhatsApp messages, or any other communications occurring outside the platform.

6. Data Sharing

No Sale of Data: We do not sell or rent personal data to any third party.
Limited Sharing: Data is shared only with verified parties directly involved in a booking (e.g., the assigned healthcare professional receives the patient name and phone number), or with legal authorities if required by law.

Data may be shared with secure infrastructure providers required to operate the platform (such as cloud hosting or authentication services). These providers only process data necessary for platform functionality and security.

7. Data Security and Retention

Security Measures: We use technical and organizational measures, including encryption for sensitive documents and secure servers with controlled access, to protect your data.
Retention: Personal data is retained for up to 2 years after your last activity on the platform, or as required by Lebanese law for legal and accounting purposes. After this period, your data is securely deleted or anonymized.

Verification documents are stored securely and are not accessible through publicly accessible locations or URLs.

8. User Rights

Under Law No. 81/2018, all users have the right to:

Access and Correction: View and request updates to inaccurate data.
Deletion: Request data removal by contacting privacy@sohhtak.com or through in-app support. Upon receiving a valid request, SOHHTAK will delete your personal data within 30 days, subject to legal retention obligations.
Withdraw Consent: Where processing is based on user consent.

SOHHTAK will respond to valid data requests within 30 days, in accordance with applicable law.

9. Contact and Governing Law

Requests: For privacy inquiries, users may contact privacy@sohhtak.com or use official in-app support channels designated for privacy matters.
Law: This policy is governed by the laws of the Republic of Lebanon.