Privacy Policy – 5dmaty.ai and 5dmaty (Operated by Mofawada E-Commerce W.L.L)

1. Introduction

This Privacy Policy (“Policy”) governs the collection, use, processing, storage, and disclosure of personal information (“Personal Data”) by 5dmaty.ai or 5dmaty, digital platforms operated by Mofawada E-Commerce W.L.L, a company registered in the Kingdom of Bahrain under CR No. 177421-1, with its registered office at Al Nuwaidrat, Block 646, Road 4629, Building G 1390, Shop 12.

This Policy applies to all users of the 5dmaty mobile applications (iOS and Android) and websites (www.5dmaty.ai and www.mofawada.com), including Clients, Vendors, Insurance Company Representatives, and Visitors, as well as any services accessed or transactions facilitated through these applications.

Scope of Governance

This Privacy Policy is drafted and implemented in full compliance with:

  • Bahrain’s Personal Data Protection Law (Law No. 30 of 2018)

  • Electronic Transactions Law (Law No. 54 of 2018)

  • Combating Money Laundering and Terrorism Financing Law (Law No. 4 of 2001)

Key Disclaimer

👉 5dmaty and 5dmaty.ai function exclusively as e-commerce mediation platforms. Operated by Mofawada E-Commerce W.L.L, these platforms do not directly provide or deliver any services, medical opinions, consultations, healthcare products, or wellness treatments.

All services listed or transacted through 5dmaty or 5dmaty.ai, whether in-person or virtual, medical or wellness-related, are fully the legal and operational responsibility of independent Vendors.

As such, Mofawada E-Commerce W.L.L assumes no liability whatsoever in connection with the outcome, accuracy, timeliness, ethics, safety, or legality of any service or product offered by a Vendor. This limitation of liability extends to disputes, claims, misdiagnoses, malpractice, misrepresentation, delivery issues, or any breach by a Vendor.

👉 All disputes, service issues, or refund requests must be handled directly with the relevant Vendor. 5dmaty and 5dmaty.ai may facilitate communication but are not responsible for enforcement.

This principle is prominently communicated throughout the platforms: during registration, login, provider search, checkout, review submissions, and all transactional flows.

2. Definitions

Personal Data

For the purpose of this Policy, "Personal Data" shall include any data which can directly or indirectly identify a natural person. This includes, but is not limited to:

  • Full name, contact details (email, phone number)

  • CPR card data including full name, photo, date of birth, CPR number, nationality, and address

  • Insurance Company details provided by users for quote matching, reimbursement verification, or eligibility screening

  • Medical service interest or preferences

  • Device identifiers and usage logs

Users

"Users" includes but is not limited to:

  • Clients using the platform to search, compare, or book medical and wellness services

  • Vendors offering services via the platform

  • Visitors accessing the app or site without registration

Vendors

Entities or individuals listing services on 5dmaty or 5dmaty.ai. These may include licensed healthcare providers, wellness professionals, clinics, labs, imaging centers, or medical retail suppliers.

Insurance Data

Collected for the purpose of assisting Users in:

  • Uploading or entering their insurer name, insurance class/plan, member number, and co-pay details

  • Getting matched with eligible services that offer partial/full insurance reimbursements

  • Comparing cash price versus insurance-supported price This data is treated with the same level of protection as Personal Data under Law No. 30 of 2018.

3. Data Collection and Processing Practices

3.1 Overview of Data Collection Streams

The platforms 5dmaty and 5dmaty.ai collect data through the following streams:

  • User Registration Forms (client, vendor, insurance rep)

  • Transactional Flows (booking, negotiations, reviews, cancellations)

  • Quote Requests for Insured Services

  • User Profile Management

  • Chat/Support Interactions

  • Search Engine or Pricing Engine Interactions

  • Location and Device-Based Data Capture

3.2 Types of Personal Data Collected

The following types of data may be collected and processed:

  • Identification Information: Name, gender, nationality, date of birth

  • Contact Information: Email, phone number, physical address

  • CPR ID Scan Data: Validated Bahraini ID details where applicable

  • Insurance Information: Insurer name, member ID, plan class, claims details if provided

  • Search & Booking History: Services viewed, filters used, bookings made, cancellations

  • Health-Interest Categories: Chosen by user for targeted service display (e.g., dental, skin, wellness, pediatrics)

  • Device & Technical Data: IP address, app version, OS, device model, screen resolution

  • Vendor-Uploaded Service Descriptions: Including medical or therapeutic details

3.3 Processing Purpose and Legal Basis

  • To facilitate bookings or quotes (Contractual Necessity under Bahraini Law)

  • To validate user identity, age, or insurance eligibility (Legal Obligation)

  • To personalize recommendations and listings (Legitimate Interest / Consent)

  • To detect fraud or abuse (Legal Obligation and Public Interest)

  • To improve platform performance (Legitimate Interest)

  • To enable regulatory reporting if required by MOH or PDPA (Legal Obligation)

4. Consent, Data Sharing, and Vendor Accountability

4.1 Explicit User Consent

By using the platform, Users explicitly consent to:

  • Collection and processing of their Personal Data

  • Sharing of booking-related data with selected Vendors

  • Internal analysis and improvement of services

  • Storage of insurance details for quote matching

Consent is obtained during account creation, quote submissions, and when explicitly required for new features (e.g., location access).

4.2 Vendor Access and Responsibilities

Vendors only receive access to data necessary for fulfilling their services. For example:

  • Client name, phone, insurance info (if provided), service interest, booking time

  • They may not retain data beyond the service window

Vendors are contractually obligated to:

  • Treat all data as confidential

  • Not reuse it for unrelated marketing

  • Implement Bahrain Law No. 30 of 2018 data protection safeguards

Violations may lead to Vendor delisting, financial penalties, and/or referral to authorities.

4.3 5dmaty.ai as an Intermediary

As an e-commerce intermediary, Mofawada E-Commerce W.L.L does not:

  • Determine medical appropriateness of services

  • Interfere with Vendor-client diagnosis or counseling

  • Assume risk or liability for Vendor malpractice

Users acknowledge this by digital acceptance at multiple transaction points.

5. Data Retention and Deletion

Retention Periods: All personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with:

  • Bahrain’s Personal Data Protection Law (Law No. 30 of 2018)

  • Anti-Money Laundering Law No. 4 of 2001 for KYC data

  • Legal obligations such as accounting, dispute resolution, or regulatory reporting

Retention Examples:

  • User account data: Retained until user deactivates account, with 6-month grace for reactivation

  • CPR identity scans: Retained for 5 years as required for AML verification

  • Purchase history: Retained for 10 years for legal auditability

Deletion Requests: Users have the right to request full or partial deletion of their data. Such requests can be initiated via email to info@5dmaty.ai.

Deletion Limitations: Data cannot be deleted if:

  • Required for ongoing transaction records

  • Needed to resolve legal claims

  • Retention is legally mandated (e.g., AML records)

Secure Deletion Protocols: When deleted, data is removed using secure cryptographic erasure or physical destruction of storage, in line with Article 14 of Law No. 30 of 2018.

6. User Rights

In accordance with Bahrain’s Personal Data Protection Law (Law No. 30 of 2018), all users of the 5dmaty app and 5dmaty.ai are entitled to the following rights:

6.1 Right of Access Users may request a copy of all personal data held by the platform. This includes:

  • Registration data

  • CPR identification details

  • Usage and behavioral analytics Requests must be sent to info@5dmaty.ai with proof of identity.

6.2 Right to Rectification If any stored personal data is inaccurate, users have the right to request corrections. This includes outdated CPR info, address changes, or typo corrections.

6.3 Right to Object Users may object to:

  • Direct marketing communications

  • Automated profiling based on usage behavior

  • Processing of data without explicit consent unless legally necessary

6.4 Right to Erasure ("Right to Be Forgotten") Subject to retention limitations in Section 5, users may request full erasure of their account and associated personal data.

6.5 Right to Restriction of Processing Users can request that their data be locked from further processing while accuracy or legal objections are being investigated.

6.6 Right to Data Portability Where applicable, users may request their personal data in a machine-readable format for transfer to another controller (e.g., another app or service).

6.7 Right to Lodge a Complaint Users may file complaints with the Personal Data Protection Authority of Bahrain (PDPA) if they believe their rights are being violated.

Exercising These Rights: To exercise any right listed above, users should contact:

7. Marketing & Analytics Consent

Marketing Communications: Users may opt-in to receive newsletters, promotional campaigns, or new service alerts via email, push notifications, or SMS. Explicit opt-in is required for each communication channel in accordance with Law No. 30 of 2018.

Analytics Consent: Usage data collected through analytics tools (e.g., screens visited, time spent, conversion paths) is anonymized where possible. Users may opt out of non-essential analytics via app settings or browser preferences. This data is used to improve the app, not to profile individual behavior without consent.

8. Third-Party Service Providers

Scope: We may share Personal Data with third parties for:

  • Payment processing (PCI-DSS compliant)

  • Cloud hosting and app infrastructure (with data centers in compliance with Bahrain’s cross-border data protection rules)

  • Customer support tools

  • Marketing or usage analytics (e.g., Firebase, Mixpanel)

Obligations: All third-party providers must sign data processing agreements (DPAs) ensuring:

  • Compliance with Law No. 30 of 2018

  • Confidentiality of data

  • Use of data only for specified platform-related purposes

Users can request a list of third-party processors upon reasonable notice.

9. Vendor and Insurance Liability

Vendor Accountability: Vendors are fully responsible for:

  • Accuracy of service descriptions

  • Licensure and regulatory compliance

  • Delivery of services booked through the platform

  • Any claims, refunds, or liabilities arising from failed services

Disclaimer of Liability: Mofawada W.L.L is not a party to any medical or insurance transaction. It serves only as a conduit between the user and listed providers.

10. Legal Obligations

We process data in compliance with the following Bahraini laws:

  • Personal Data Protection Law No. 30 of 2018 (data handling, access, correction, and deletion)

  • Electronic Transactions Law No. 54 of 2018 (validity of digital records)

  • Anti-Money Laundering and Terrorism Financing Law No. 4 of 2001 (identity verification, suspicious activity flagging)

In some cases, 5dmaty may be required to:

  • Retain user identity data for government audits

  • Share data with regulators upon lawful request

  • Comply with court orders or subpoenas

11. Cookie Policy

Cookies and Tracking Tools: 5dmaty and 5dmaty.ai use cookies to remember user preferences, enhance session security, and support behavioral analytics. Types include:

  • Session Cookies (deleted on logout)

  • Persistent Cookies (used for login or language preferences)

  • Third-party Tracking Tools (like Google Analytics or Hotjar)

User Control:

  • Users are notified upon first use

  • Consent is obtained for non-essential cookies

  • Settings can be modified via browser or in-app

12. Changes and Updates

Mofawada W.L.L reserves the right to amend this Privacy Policy at any time. Updates will be posted with revision dates. For significant changes, users may be notified via email or in-app notification.

Continued use of the platform after updates constitutes acceptance. Users are encouraged to revisit this policy regularly.

13. Contact Information

Data Controller: Mofawada E-Commerce W.L.L CR No. 177421-1 Building G 1390, Shop 12, Road 4629, Block 646, Al Nuwaidrat Email: info@5dmaty.ai Phone: +973 66935121

For data access, deletion, objections, or complaints, users may contact the above address. Regulatory complaints may be filed with the Personal Data Protection Authority of Bahrain (PDPA).

Effective Date: This policy is effective as of April 23, 2025.

Last Revised: April 23, 2025