Privacy Policy
Privacy Policy
Effective Date: 01/01/2025
Mulhim Continuing Medical Education (“Mulhim”, “we”, “our”, or “the Platform”) is committed to protecting your personal information in accordance with the Saudi Personal Data Protection Law (PDPL) and applicable Continuing Medical Education (CME/CPD) regulations.
Scope of This Privacy Policy
This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have. By using
Mulhim.sa, you agree to the practices described in this policy.
This policy applies to all users of our digital CME/CPD services, including individual healthcare practitioners and institutional clients.
Information We Collect
We may collect the following categories of information:
- Identification information: full name, email address, mobile number, national ID or Iqama (when required), SCFHS registration and classification number.
- Professional and learning information: purchased courses and bundles, course progress, quiz attempts, completion dates, issued certificates.
- Payment information: transaction reference numbers and billing details. Mulhim does not store credit card or bank card numbers; payments are processed via secure third-party gateways.
- Technical information: IP address, browser type, device details, access dates, and usage patterns for security and performance monitoring.
How We Use Your Information
We use your personal data to:
- Provide access to purchased CME/CPD courses and bundles.
- Record course progress, assessments, and completion status.
- Issue digital certificates that are suitable for CME/CPD documentation.
- Register CME hours with the Saudi Commission for Health Specialties (SCFHS) for users with active, valid licenses where applicable.
- Respond to support requests and communicate about your account, courses, and platform updates.
- Improve platform performance, security, and user experience through analytics.
- Comply with applicable legal, regulatory, and accreditation requirements.
Legal Basis for Processing
We process your personal data based on one or more of the following:
- Performance of a contract to provide digital CME/CPD services.
- Compliance with Saudi regulations, including PDPL and SCFHS requirements.
- Your explicit consent, for example when opting in to receive email or WhatsApp notifications.
- Legitimate interest in maintaining platform security, service quality, and fraud prevention.
Data Sharing and Disclosure
We do not sell or rent your personal information. We may share it only in limited and lawful cases:
- Saudi Commission for Health Specialties (SCFHS): to register CME hours for users with active licenses where the activity is accredited and registration is permitted.
- Payment gateways and financial partners: to process and verify payments securely.
- Governmental and regulatory authorities: when required by PDPL or other applicable laws.
- Technical service providers: for hosting, analytics, and security, under confidentiality and data protection obligations.
Data Protection and Security
We implement technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. Access to personal data is restricted to authorized personnel who need it to perform their duties.
Data is stored in environments designed to comply with PDPL requirements and industry security practices. However, no system can be guaranteed fully secure, and you are encouraged to keep your login credentials confidential.
Data Retention
We retain your personal data for as long as necessary to:
- Deliver the services you purchased.
- Maintain legally required records of CME/CPD activities and certificates.
- Comply with regulatory and accreditation obligations.
When data is no longer required, it is deleted or anonymized in line with our retention policies and PDPL requirements.
Your Rights Under PDPL
Subject to PDPL and applicable regulations, you may have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of data where no longer necessary or where allowed by law.
- Request a copy of your data in a portable format where feasible.
You can exercise these rights by contacting our support team at
[email protected].
Cookies and Tracking Technologies
Our website may use cookies and similar technologies to maintain sessions, remember preferences, and understand how visitors use the platform. You can control or delete cookies through your browser settings, but some features of the site may not function correctly without them.
Third-Party Links and External Services
The Platform may contain links to external websites, such as payment gateways, regulatory bodies, or educational resources. We are not responsible for the privacy practices or content of these third parties, and we encourage you to review their privacy policies separately.
For more information about our terms and services, you can visit:
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, or our services. The “Effective Date” at the top of this page indicates the latest version. Continued use of the Platform after changes are published will be considered acceptance of the updated policy.
