Last Updated: 3/12/2025
Your privacy and the security of your personal data are extremely important to us. At The Specialized Company for Medical Insurance Management, hereinafter referred to as “Med.Service”, we affirm our commitment to protecting your personal data and processing it in accordance with the Jordanian Personal Data Protection Law ((JPDPL), the instructions issued by the Central Bank of Jordan, and all applicable regulatory requirements.
This Privacy Notice (“Notice”) aims to explain how your personal data is collected, processed, retained, protected, and what your legal rights are in relation to such data.
Scope of the Notice
This Notice applies to all services provided by Med.Service, including but not limited to:
- The website
- Mobile applications
- Human Resources Management Systems
- Medical insurance administration services
- Electronic communication and digital platforms
How We Collect Your Personal Data
Med.Service collects your personal data through the following methods:
1. Direct Collection
We obtain personal data directly from you to enable us to provide services or to engage with you. This includes, without limitation:
- Completing paper or electronic forms
- Entering into an employment relationship
- Using our website or mobile application
- Contacting customer service
- Any other interaction depending on the service requested or agreed upon
2. Indirect Collection
We may collect personal data about you indirectly from various sources, including:
- Website cookies and tracking files
- Device identifiers
- Employee attendance systems
- Social media platforms
- Public sources
- Business partners
- Medical service providers
- Recruitment platforms
This helps us better understand your needs, fulfill legal obligations, or achieve other legitimate purposes.
How We Use Your Personal Data
We collect and process your personal data for a variety of purposes related to the services we provide or our interactions with you, including but not limited to:
- Providing our services to you
- Handling inquiries and complaints
- Supplying you with information relevant to your relationship with us
- Conducting evaluations, testing, and analysis for statistical or market research purposes
- Assessing, improving, and developing our services
- Managing employee attendance and working hours
- Protecting our business interests and developing business strategies
- Communicating with you via mail, phone, SMS, email, and digital channels
- Fulfilling regulatory requirements and reporting obligations
- Evaluating any application submitted by you
- Monitoring, recording, and analyzing communications between you and us
- Sharing your data with medical service providers and others with authorized access
- Internal access by authorized Med.Service staff
- Marketing, sales, and research agencies
Legal Bases for Processing Your Personal Data
We rely on the following legal bases when processing your personal data:
1. Contractual Necessity
Processing your personal data as required to enter into or perform a contract with you—for example, when applying for employment or joining the medical network.
2. Legal or Regulatory Obligation
Processing your data to comply with applicable laws, regulations, or supervisory requirements.
3. Legitimate Interest
Processing necessary to pursue a legitimate business interest, such as:
- Cybersecurity protection
- Improving products and services
- Profiling and analytics to enhance service relevance
4. Consent
Where no other legal basis applies, processing will occur only with your explicit consent.
You may withdraw your consent at any time by contacting us using the details provided below.
Types of Personal Data We Collect and Process We may collect the following categories of personal data, including data submitted at the start of our relationship or thereafter:
- Personal details: name, date of birth, email, nationality, marital status, gender, contact information, residential address
- Employment information and qualifications of job applicants
- Health and biometric data
- Financial data relating to contracts, income, and payment arrangements
- Tax-related information such as Tax Identification Number, compliance forms, and other required information
- Audio and visual images for marketing purposes
- Digital identifiers (IP address, email address, device identifiers)
- Website cookies (refer to our Cookies Notice)
- Information of other individuals such as emergency contacts or guardians
When registering children under medical insurance, their data is processed only with the consent of their legal guardian.
Retention of Personal Data :
We retain your personal data for as long as necessary to:
- Provide our services
- Maintain business communication
- Comply with applicable legal, regulatory, and professional obligations Regulations require personal data to be retained for at least five (5) years from the end of the relationship.
- Required by law or regulation
- Necessary to respond to official requests
Once the data is no longer needed, it will be securely disposed of. For inquiries regarding data retention, contact our Data Protection Office (DPO) at: DPO@medser.net
If the use of cloud services or servers outside Jordan becomes necessary, Med.Service will ensure that data is transferred only under legally approved safeguards and recognized data protection standards.
Marketing
We may send you marketing communications related to our services. You may opt-in or opt-out at any time, or object to the processing of your data for marketing purposes through any of our digital communication channels.
How We Protect Your Personal Data
We implement appropriate technical and organizational measures to prevent loss, misuse, or alteration of your personal data.
Access to your data is restricted to individuals who require such access, and they are obligated to maintain strict confidentiality.
Who Has Access to Your Personal Data and With Whom It May Be Shared
To serve you effectively, we may share your personal data with third parties under legally binding agreements requiring them to protect the data and process it only under our instructions.
We may share your data with:
- Regulatory bodies and governmental authorities
- Courts and judicial entities
- Legal advisors
- Our affiliated companies (e.g., for data backups)
- Authorized Med.Service staff
- Insurance companies and self-funded funds managed by Med.Service
- Third-party service providers (including cloud service providers)
- External auditors
- Mailing, delivery, and courier services (e.g., delivering insurance cards)
- Collection agencies for unclaimed checks
- Other parties you have explicitly authorized us to share data with
For more details regarding third parties, contact our Data Protection Officer.
Your Rights and How to Exercise Them
You have the following rights regarding your personal data:
- Right of access
- Right to be informed about processing activities
- Right to withdraw consent
- Right to correct, amend, or update your data
- Right to restrict processing
- Right to erase your personal data (unless retention is legally required)
- Right to object to processing and profiling
- Right to data portability (where technically feasible)
- Right to be notified of any data breach that may cause significant harm within 24 hours of detection
We will respond to your request within 15 business days, as required by regulations.
Requests may be subject to lawful limitations.
To exercise your rights, contact: DPO@medser.net
Complaints
If you have any complaints regarding personal data processing, please contact our (DPO) via the channels below.
We will handle all requests and provide a response within 10 days of receipt DPO@medser.net
Contact Information
Med.Service – The Specialized Company for Medical Insurance Management
Shmeisani, Al-Malha Street, Building No. (2)
P.O. Box 922178, Amman 11192, Jordan
Phone: +962.6 463 2965
Changes to This Notice
We reserve the right to update this Notice to reflect changes in our practices in line with regulatory requirements. Any updates become effective upon publication on our website.