Skip to main content
Book Appointment

Your Privacy Matters

How Reforma collects, uses, and protects your personal data — in line with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia.

Privacy Policy

This Privacy Policy explains how Reforma (“Reforma”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal data when you visit our website, book a consultation or treatment, purchase products, or otherwise interact with us. We are committed to handling your personal data in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (Royal Decree M/19, as amended) and its Implementing Regulations, overseen by the Saudi Data & AI Authority (SDAIA).

Who We Are

Reforma is an aesthetic clinic and authorised distributor of premium cosmetic, aesthetic, and wellness products operating in the Kingdom of Saudi Arabia. For the purposes of the PDPL, Reforma is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, you can contact us at support@reforma.sa.

Data We Collect

We collect personal data that you provide to us directly, as well as limited technical data collected automatically when you use our website. Depending on how you interact with us, this may include:

  • Booking and consultation details — your name, phone number, email address, preferred treatment or physician, preferred dates, and any notes or information you share about your concerns or goals.
  • Contact enquiries — your name, email, phone number, and the content of any message you send through our contact form.
  • Newsletter sign-ups — your email address and your consent to receive updates.
  • Orders and purchases — billing and delivery name and address, contact details, and order history. Payment card details are processed by our payment provider and are not stored on our servers.
  • Account data — if you create an account, your username and email address.
  • Technical and usage data — IP address, browser and device type, language preference, and pages viewed, collected through cookies and similar technologies.

Sensitive & Health-Related Data

Because we provide aesthetic treatments, you may share information about your skin, medical history, or treatment interests. Under the PDPL this is treated as sensitive personal data. We process such data only with your explicit consent, restrict access to authorised clinic staff and the licensed practitioners treating you, and never sell it. You may withdraw your consent at any time, subject to any treatment or legal record-keeping obligations.

How We Use Your Data

  • To schedule, confirm, and manage your consultations and appointments.
  • To respond to your enquiries and provide customer support.
  • To deliver treatments, products, and aftercare safely and effectively.
  • To process orders, payments, and deliveries.
  • To send service updates and, where you have consented, marketing and newsletter communications.
  • To operate, secure, and improve our website and services.
  • To meet our legal, regulatory, and record-keeping obligations.

Legal Basis for Processing

We process your personal data on one or more of the following bases recognised under the PDPL: the performance of a service you have requested (such as a booking or order); your consent (for example, for marketing, cookies, and sensitive health data); our legitimate interests in operating, securing, and improving our services, balanced against your rights; and compliance with applicable legal obligations.

CRM & Email Marketing

We store enquiry and booking contacts in a customer relationship management (CRM) system so we can manage our relationship with you and send relevant updates. Marketing emails are sent only with your consent, every marketing message includes an unsubscribe link, and you can opt out at any time by emailing support@reforma.sa.

Cookies & Tracking

Our website uses cookies and similar technologies to function correctly and to understand how the site is used. These include essential cookies (which enable core features such as the cart and your language preference), preference cookies, and, where enabled, analytics cookies that help us improve the site. You can manage or disable cookies through your browser settings; disabling essential cookies may affect how parts of the site work.

Third Parties We Share Data With

We share personal data only where necessary to provide our services, and only with parties that act under appropriate data-processing arrangements. These may include:

  • Our e-commerce and hosting platform (WordPress / WooCommerce) and our hosting and infrastructure providers.
  • Our payment gateway, which securely processes card payments.
  • Our email and CRM provider, used to manage communications.
  • Delivery and logistics partners, to fulfil your orders.
  • Our website localisation tool (TranslatePress), which processes page content to provide our Arabic and English versions.
  • Web-analytics providers, where analytics are enabled, to help us understand and improve site performance.
  • Regulators, authorities, or professional advisers where required by law.

We do not sell your personal data to any third party.

International Transfers

Your data is primarily processed within the Kingdom of Saudi Arabia. Where a service provider operates outside the Kingdom, any transfer of personal data is carried out in accordance with the cross-border transfer rules under the PDPL and with appropriate safeguards in place.

Data Retention

We keep your personal data only for as long as necessary for the purposes set out in this policy. Booking and enquiry data is retained for as long as needed to provide the service and to meet legal obligations. Treatment and consultation records are retained in line with applicable Saudi healthcare record-keeping requirements. Marketing data is kept until you withdraw your consent. When data is no longer required, it is securely deleted or anonymised.

Your Rights under the PDPL

Subject to the conditions of the PDPL, you have the right to:

  • Be informed about how your personal data is collected and used.
  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request the deletion or destruction of your data, where applicable.
  • Withdraw your consent at any time, where processing is based on consent.
  • Object to certain processing of your data.

To exercise any of these rights, please email us at support@reforma.sa. You also have the right to lodge a complaint with the Saudi Data & AI Authority (SDAIA).

Data Security

We apply appropriate organisational and technical measures — including access controls, encryption of data in transit, and staff confidentiality obligations — to protect your personal data against unauthorised access, loss, alteration, or disclosure. No method of transmission or storage is completely secure, but we work continuously to safeguard your information.

Children

Our services and website are intended for adults. We do not knowingly collect personal data from minors without the verified consent of a parent or legal guardian. If you believe a minor has provided us with personal data, please contact us so we can take appropriate action.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date shown above reflects the most recent version. We encourage you to review this page periodically.

Contact Us

If you have any questions about this Privacy Policy, or wish to exercise your rights, please contact us at support@reforma.sa. The supervisory authority for data protection in the Kingdom of Saudi Arabia is the Saudi Data & AI Authority (SDAIA).