1. Scope and Purpose

    This Privacy Policy explains how Hekma Smart Solutions LLC (“Hekma,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you:

    • visit net or any sub-domain;
    • use our mobile apps or cloud-based AI health platforms;
    • take part in research projects or pilot programs we host;
    • communicate with us by e-mail, phone, or social media.

    It applies to all users worldwide, with additional notices for residents of the European Economic Area (EEA), the UK, California, and the Sultanate of Oman.

    2. Who We Are & Contact Details

    Hekma Smart Solutions LLC
    Oman Tech Hub, P.O. Box [●], Muscat, Sultanate of Oman
    E-mail (general): info@hekmasolutions.net
    E-mail (privacy / DPO): privacy@hekmasolutions.net
    If you believe we have not handled your data properly, you have the right to lodge a complaint with your local supervisory authority (e.g., Oman’s MTCIT, the EEA data-protection authority, or the UK ICO).

    3. Definitions (plain-language)

    • Personal Information / Personal Data – any information that identifies or can reasonably identify an individual.
    • Health Data – data relating to a person’s physical or mental health.
    • Processing – any operation performed on personal data (collection, storage, analysis, deletion, etc.).
    • Services – the websites, apps, APIs, AI tools, research portals, and related activities provided by Hekma.

    4. What We Collect

    Category

    Typical examples

    Source

    Identity & Contact

    name, organisation, job title, postal address, e-mail, phone

    account sign-up, contact forms, event registration

    Technical / Usage

    IP address, browser type, device model, referring page, pages visited, session timestamps, error logs

    automatic via cookies, SDKs, server logs

    Health & Research (only where relevant)

    symptom entries, wellness questionnaires, biometric readings, voice or image samples, survey answers

    voluntary entry by user or clinician; sensors; research studies

    Transaction & Billing

    purchase history, invoicing contact, VAT/GST data (if we ever run paid services)

    user or corporate client

    Marketing Preferences

    newsletter opt-in, communication channel preferences

    direct from user

    We do not intentionally collect government ID numbers, precise GPS data, genetic data, or information about children under 16 without verified parental consent.

    5. How We Use Data & Lawful Basis

    Purpose

    Examples

    Legal basis (GDPR art. 6)

    Service delivery

    account creation, authentication, remembering settings

    Contract performance

    Analytics & product improvement

    error-tracking, measuring feature adoption, A/B tests

    Legitimate interests (to run efficient, secure services)

    Health research

    training AI models, population analytics, peer-reviewed publications

    Consent and Ethics approval; public interest in health

    Marketing & newsletters

    sending product updates, webinar invites

    Consent (opt-in) or Legitimate interests (B2B soft opt-in)

    Legal & compliance

    sanctions screening, responding to law-enforcement requests

    Legal obligation

    We will ask for explicit consent before processing any special-category data (health data) or using data for new purposes incompatible with those above.

    6. Cookies, SDKs & Tracking

    We use first-party cookies and similar technologies (local storage, mobile SDKs, pixel tags) to:

    1. remember user language and accessibility settings;
    2. detect fraudulent activity and secure log-ins;
    3. compile aggregated traffic analytics (via Google Analytics 4 or Matomo);
    4. support single sign-on to our research portals.

    You can change cookie settings at any time in your browser or device; turning cookies off may limit functionality. We do not use third-party marketing pixels (e.g., Facebook Pixel) on pages that handle health data.

    7. Sharing & Disclosure

    We never sell personal data. We may share it only with:

    • Cloud & technical vendors (e.g., Microsoft Azure, AWS, Twilio) that host or deliver our services under confidentiality and data-processing agreements;
    • Academic or clinical research partners when you have consented to participate in a specific study (data are pseudonymised or anonymised whenever feasible);
    • Professional advisers (lawyers, auditors, insurers) bound by duties of confidentiality;
    • Regulators or public authorities when we believe disclosure is required by applicable law, court order, or to protect rights, privacy, safety, or property;
    • Successors in interest – if Hekma is involved in a merger or acquisition, data will transfer subject to the same privacy commitments.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

    8. International Transfers

    Our primary servers are in the GCC region and the European Union. Whenever we transfer personal data outside the country of origin, we rely on:

    • Adequacy regulations (for EEA→­UK, UK →­EEA, etc.);
    • Standard Contractual Clauses (SCCs) incorporated in vendor DPAs;
    • Additional encryption and access-control measures.

    9. Retention Periods

    Data type

    Typical retention

    Rationale

    Account profile

    life of account + 12 months

    facilitate re-activation, resolve disputes

    Server logs

    12 months

    security forensics

    Health/Research raw data

    as specified in study protocol (often 5–10 yrs)

    scientific integrity & audit

    Marketing opt-out list

    indefinitely

    proof of consent withdrawal

    When retention ends, data are securely deleted or irreversibly anonymised.

    		    

    10. Security Measures

    • ISO-27001-aligned policies
    • TLS 1.3 encryption in transit, AES-256 at rest
    • Zero-trust network segmentation
    • Multi-factor authentication for staff and admin consoles
    • Quarterly vulnerability scans & annual penetration tests
    • Privacy-by-design risk assessments for new features

    11. Children’s Privacy

    We do not knowingly collect data from children under 16 without verifiable parental consent. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

    12. Links to Other Sites

    Our Services may contain links to third-party websites or plug-ins. We are not responsible for the privacy or security of information you share on those sites; please review their privacy notices.

    13. Changes to This Policy

    We may amend this Privacy Policy to reflect legal, technical, or business changes. When we do, we will:

    ·         post the new version on our website and update the “Last Updated” date;

    ·         notify registered users by e-mail or in-app message if the changes are material;

    ·         obtain fresh consent where required by law.

    14. How to Reach Us

    General privacy inquiries — info@hekmasolutions.net
    Data Protection Officer — privacy@hekmasolutions.net
    Postal address — Hekma Smart Solutions LLC, Oman Tech Hub, Muscat, Sultanate of Oman

    If you have unresolved concerns, you may also contact your local data-protection authority.1