Healthcare Icon
Number 1 Wellbeing & Healthcare Platform
Extra Twenty Icon
Get 40% off on 1st online pharmacy purchase Use Code: NEW40
IC Cart
Privacy Notice

Privacy Notice

myAster (hereinafter referred to as “The Company”, “we”, “us”, “our”) is the “Data Controller” in respect of your Personal Data. The Company is myAster’s exclusive website/application that allows patients to avail myAster’s healthcare services at the click of a button. The Company provides personalized care to patients leading to an improved digital healthcare experience.

We understand the importance of protecting the Personal Information of our customers (hereinafter referred to as “customer”, “you”, “user”, “Data Subject”). This Privacy Notice outlines how we Process any Personal Data collected from you by accessing, browsing and/or using the website/application. This Privacy Notice applies only to activities that a customer engages in on this website/application and does not apply to The Company’s activities that are “offline" or unrelated to the website.

Any Capitalized terms used in this Privacy Notice shall have the meanings ascribed to them under applicable Data Protection laws and regulations of Kingdom of Saudi Arabia.

  • What Personal Data we collect
  • We collect the following categories of Personal Data:
  • Personal Identifiers: Full name, contact number, date of birth, gender, email address, physical address, address type, landmark area, city, state, visa status, country, passport, emirates id and nationality, location, family member’s personal data (name, gender, dob, relationship to the member, and the mobile number), insurance details, appointment details(date and time), audio and video interaction, output data from medical devices and sound and video files. Please note: In some situations, the mobile number and/or email address of the patient and a family member may be the same. This may occur when family members share contact details for convenience or accessibility, particularly in the case of dependents.
  • Sensitive Personal Identifiers: Debit/credit card details (card number, expiration date, security code and name on card), mode of payment.
  • Patient Health Data: Prescriptions, lab reports, radiology reports, family member including children’s medical prescriptions, medical reports etc.
  • Account Login and Device Information: IP address, internet domain, browser type, device details, encrypted password etc.
  • Queries : Any Personal Information received via queries.
  • How and when we collect your Personal Data
  • The methods by which we collect your Personal Data include but are not limited to the following:
  • When you visit our website and engage in activities such as registering or login-in purposes,
  • When you make bookings or purchases (Medicines, Nutrition, Personal Care etc.),
  • When you make payments through the website including our online pharmacy, home delivery of medications,
  • When you opt for instant video consultations and home care services,
  • When you sign up for our rewards program,
  • When you communicate with us through Social Networking websites, Third-Party applications, or similar technologies.
  • Use of Your Personal Data
  • Your Personal Data may be used or Processed for various purposes including but not limited to the following:
  • https://www.myaster.sa/ collects certain anonymous data regarding the usage of the website. This information does not personally identify users, by itself or in combination with other information, and is gathered to improve the performance of the website.
  • To allow new users to register on our website and/or allowing both new as well as existing users to make purchases,
  • To ensure smooth video consultation and maintain internal records,
  • To share the information with the central HIS systems.
  • To fulfill any bookings or orders made by you through our website,
  • To advertise the products and services of myAster and send you updates about new products, special offers, and other information that may interest you at the email address you provided,
  • To perform studies, research, and analysis for improving our information, services, and technologies and ensure that the content displayed is customized to your interests and preferences based on your feedback,
  • To administer or otherwise carry out our obligations in relation to any agreement you have with us,
  • To comply with legal and regulatory requirements, including responding to court orders, or legal processes, establishing or exercising our legal rights, defending against legal claims, and investigating, preventing, or taking action regarding illegal activities, suspected fraud, violations of our terms of use, breaches of our agreement with you, or as otherwise required by law.
  • Legal Basis for Processing of Your Personal Data
  • We will only Process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your Personal Data. In almost every case, the legal basis will be one of the following:
  • Consent: For example, where you have provided your consent to receive certain marketing/promotional messages from us or where you have provided your explicit consent for us to Process your data during live telemedicine consultation services under tele-MyAster.
  • Our Legitimate Interest: Where it is necessary for us to understand our customers, promote our services, and effectively provide services, provided in each case that this is done in a legitimate way that does not duly affect your privacy and other rights.
  • Compliance with law/agreement: Where we are subject to a legal obligation and need to use your Personal Information in order to comply with that obligation. For example, when you may purchase products/services from us, or book appointments we need to use your contact details and payment information in order to Process your order.
  • Vital Interests: In some limited cases, we may need to Process your Personal Information where it is necessary to protect your vital interests or the vital interests of another person.
  • We will always take steps to ensure that the Processing of your Personal Information is fair and lawful and that it does not unduly affect your privacy.
  • AI Usage
  • We may use Artificial Intelligence (AI) technologies to enhance healthcare services, including but not limited to supporting diagnostic processes, personalizing treatment recommendations, and automating certain administrative and clinical workflows. These tools are used in accordance with applicable legal and regulatory guidelines, and are subject to internal assessments to ensure accuracy, fairness, and patient safety.
  • Wherever applicable, separate and explicit consent will be obtained from individuals prior to the use of AI tools in Processing their health data or delivering AI-assisted healthcare services.
  • Children’s Privacy
  • We understand the importance of taking extra precautions to protect the privacy and safety of children using our website or services. Minors are not permitted to use the website or services, and we request that minors under the age of 13 do not submit any Personal Information to the website without the consent from their parents or legal guardians. By accessing this website, you affirm and guarantee that you are 13 years of age or older. We hold no liability for any unsolicited information provided by you without the consent from their parents or legal guardians. If we become aware that a person submitting Personal Data is under 13, we will delete all the information as soon as possible unless it is with the consent and involvement of a parent or guardian. Please contact us via email at [email protected] for any queries or concerns.
  • Term of storage of Personal Data
  • We take diligent measures to ensure that the Personal Information you provide us is retained only for as long as necessary for the purpose for which it was collected, and for satisfying any legal, accounting or reporting requirements or as required by any applicable law.
  • If you withdraw your consent from marketing, we will remove your credentials from the marketing database.
  • Sharing and transferring of Personal Data
  • Basis your consent, you authorize us to exchange, transfer, share, your Personal Data within the Company affiliates/agents/third party service providers/partners/authorities, Health Information Systems (HIS) and from your country to any other countries across the world for legal documentation, marketing purposes, or for providing our services for the purposes specified under this Notice or as may be required by applicable laws and regulations. This will be subject to applicable data localization measures, security measures and applicable regulatory measures.
  • Please note that, in line with regulatory requirements and basis your consent, all health-related data is securely shared with government-mandated Health Information Exchanges (HIEs) such as National Electronic Health Record (NEHR) and the NPHIES platform (National Platform for Health Information Exchange Services managed by Ministry of Health (MOH) and the National Health Information Center (NHIC) or government of Kingdom of Saudi Arabia and other applicable platforms to support better care coordination and public health outcomes.
  • You acknowledge that some countries where we may transfer your Personal Information may not have adequate data protection regime or laws that are as stringent as the laws of your own country. You acknowledge that it is adequate that when myAster transfers your Personal Information to any other entity within or outside your country of residence, myAster will place contractual obligations along with technical and organizational measures on the transferee which will oblige the transferee to adhere to the provisions of this Notice. Additionally, the principle of data localization is followed, where applicable, in accordance with Saudi Personal Data Protection Law (PDPL) and its implementing regulations. Thus, Personal Information is stored within the same jurisdiction as its collection to ensure the accuracy and integrity of the Personal Information.
    • Exceptions:
    • We will only transfer PHI internationally under approved conditions, ensuring the destination country provides an adequate level of data protection as determined by KSA authorities. Transfers may occur without explicit user consent only when necessary for specific, legally defined exceptions, including but not limited to:
    • Protecting Vital Interests: When necessary to protect the life or vital interests of the data subject, particularly if they are physically or legally incapable of providing consent.
    • Public Interest and Legal Obligations: When required for reasons of public interest, national security, compliance with KSA legal obligations, or the establishment, exercise, or defense of legal claims.
    • Healthcare and Treatment:When the processing is essential for medical diagnosis, the provision of healthcare, social care, treatment, or health insurance services.
    • Contractual Necessity: When necessary to fulfill a contract with the data subject or to take action at their request before entering into a contract.
  • Your Rights and Control over your Personal Data
  • We will respect your Legal Rights in relation to your Personal Data. myAster is committed to protecting them and ensuring compliance if you wish to exercise any of the rights under the Saudi Personal Data Protection Law (PDPL) and its implementing regulations. You can exercise these rights at any time by contacting our Data Protection Officer using the contact details provided in this policy.
    • Right to Know (Be Informed):You have the right to know why we collect your personal data, how we use it, and who we share it with. We commit to providing you with clear information at the time of data collection about the legal basis for processing your information and your associated rights.
    • Right to Access Your Data:You have the right to request access to and obtain a copy of the personal data we hold about you. We will provide this information in a clear and readable format upon request.
    • Right to Correct Inaccurate Data:If you believe that any personal data we hold about you is incorrect, incomplete, or outdated, you have the right to ask us to correct or update it immediately. We will also take reasonable steps to notify any third parties we have shared your data with about these corrections.
    • Right to Delete Your Data (Erasure):You can request that we delete or destroy your personal data when it is no longer necessary for the original purpose for which it was collected, or if you withdraw your consent (where consent is the sole legal basis for processing). Note that this right is subject to certain legal exemptions (e.g., if we are required by law to retain the data for legal claims or compliance).
    • Right to Withdraw Consent:If you have provided us with consent to use your data, you have the right to withdraw that consent at any time. Withdrawing consent means we will stop further processing of your data based on that specific permission, provided there is no other legal basis for continuing the processing.
    • Right to Object to Processing:You have the right to request that we restrict or stop the processing of your personal data under specific circumstances, such as if you are challenging the accuracy of the data we hold while we verify the information.
    • Right Not to Be Subject to Automated Decisions:You have the right not to be subject to decisions that are based solely on automated processing (including profiling) that produces legal effects concerning you or otherwise significantly affects you. We will always seek your explicit consent for such high-risk activities.
    • Right to File a Complaint (Grievance Redressal): If you believe that we have violated your data protection rights, you have the right to first lodge a complaint with us directly on [email protected] If you are not satisfied with our resolution, you have the right to escalate your complaint to the relevant supervisory authority in KSA, the Saudi Data and Artificial Intelligence Authority (SDAIA).
  • We are committed to facilitating your data privacy rights in compliance with the Saudi Personal Data Protection Law (PDPL). Upon receiving a valid rights request (such as a request for access, correction, or deletion), we will verify your identity and respond to your request without undue delay. Our standard procedure is to fulfill or respond to requests within a maximum period of 30 calendar days from the date of receipt. In cases where requests are complex, numerous, or require disproportionate effort, we may extend this period by an additional 30 days, during which we will inform you of the delay and provide a clear justification.
  • Please note that we may refuse or partially deny a request in specific circumstances where an exception applies under KSA law. Exceptions include situations where fulfilling the request would:
    • Interfere with ongoing legal investigations, claims, or legal proceedings.
    • Conflict with other specific legislation to which our organization is subject (e.g., financial record-keeping laws).
    • Negatively impact national security or the Kingdom's supreme interests.
    • Harm the rights and freedoms of others, such as intellectual property rights or trade secrets.
  • You can exercise any of your privacy rights or withdraw your consent at any point by submitting a formal request in writing through an email addressed to [email protected]
  • Please be aware that if you choose to exercise certain rights, such as withdrawing consent for essential processing or requesting the deletion of core data, we may be unable to continue fulfilling the purposes for which that data was sought, and we may have to restrict your access to or use of our services or website, or parts thereof, as the case may be.
  • Security
  • The security of your Personal Information is important to us. We have adopted and maintained reasonable technical and organizational security measures and procedures including access governance and information sharing on a need-to-know basis, password protection, encryption etc. to ensure that the Personal Information collected is secure. We restrict access to your Personal Information to our and our affiliates’ employees, agents, third-party service providers, partners, and agencies on a need-to-know basis and are absolutely limited to the purposes specified above in this Notice.
  • Use of Cookies
  • Cookies are small bits of data cached in a user’s browser. myAster utilises cookies to determine whether or not you have visited the home page in the past. However, no other user information is gathered. We may use non-personal "aggregated data" to enhance the operation of our website or analyse interest in the areas of our website.
  • If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.
  • International Users and Personal Data
  • We welcome international users and respect their privacy. We encourage them to visit Aster Medical Travel (https://astermedicaltravel.ae) for details on how we handle the Personal Data.
  • Modifications to this Privacy Notice
  • The website Privacy Notice and terms & conditions would be changed or updated occasionally to meet the requirements and standards. Therefore, customers are encouraged to frequently visit these sections in order to be updated about the changes on the website. Modifications will be effective on the day they are posted and the date of this Privacy Notice of when it was last updated will appear at the top of this document.
  • Contact Us
  • If you have any questions regarding this Privacy Notice, you may contact our Group Data Protection Officer:
  • DPO Details: [email protected]
  • Contact No - +971565037221
  • Or you can write to us at:
  • Official Address: 33rd Floor - Aspect Tower, Business Bay, P.O. Box: 8703 - Dubai - U.A.E