Privacy Policy

Bahrain Blood Donor Network ("BBDN", "we", "us", "our") is operated by MSS Technology Company W.L.L (CR 182156-1), a company registered in the Kingdom of Bahrain. We operate bloodbh.com — a voluntary, non-commercial platform connecting blood donors with hospitals across the Kingdom of Bahrain.

When you register, we collect: full name, email address, phone number, blood group, location (governorate), gender (optional), date of birth (optional), and CPR number (optional). If you submit a blood request, we collect patient details, hospital name, urgency level, and contact information. CPR numbers are stored using AES-256-GCM encryption; only HMAC-SHA256 hashes are used for matching lookups. Only the first 4 digits are ever displayed.

We use your data exclusively to: match eligible donors to blood requests from partner hospitals; send you donation request notifications via WhatsApp, SMS, or email (with your explicit consent); display anonymised aggregate statistics on the public site; conduct eligibility screening; and comply with applicable legal obligations.

We process your personal data under the following legal bases recognised by Bahrain's PDPL: (a) Consent — for registration, notifications, and optional data fields; (b) Legitimate interests — to operate the donor-matching platform and prevent misuse; (c) Legal obligation — to comply with applicable Bahraini law and regulatory requirements.

Hospital administrators at approved partner hospitals can view your name, blood group, location, phone number, and email to coordinate a donation. Superadmin accounts can access all fields for support and compliance purposes. We never sell, rent, or share your personal data with third parties for marketing or commercial purposes.

Your account data is retained for as long as your account remains active. You may request deletion at any time from your account settings or by contacting us. Audit logs are retained for 1 year in accordance with PDPL requirements. Anonymised aggregate statistics may be retained indefinitely.

All data is transmitted using TLS 1.3 encryption. Passwords are hashed using bcrypt (12 rounds). CPR numbers are encrypted using AES-256-GCM and are never stored or displayed in plaintext. All systems are protected with industry-standard security controls, including rate limiting on all authentication endpoints and regular security reviews.

Your data is stored on secured and encrypted infrastructure. We take all reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, in accordance with PDPL requirements.

Under Bahrain's Personal Data Protection Law (Law No. 30 of 2018), you have the right to: access a copy of your personal data; correct inaccurate or incomplete data; request deletion of your data (right to be forgotten); withdraw consent for processing at any time; object to certain types of processing; and request data portability. To exercise any right, email admin@bloodbh.com or use the Data Request form at bloodbh.com/data-request. We will respond within 30 days.

We use a single session cookie for authentication and a preference cookie to remember your language setting. We do not use tracking pixels, analytics cookies, or third-party advertising cookies. You can control cookies through your browser settings.

This platform is not intended for persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us immediately at admin@bloodbh.com.

Our platform may contain links to third-party websites, such as hospital pages or partner organisations. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify registered users by email and update the 'Last updated' date. Continued use of the platform following notification constitutes your acceptance of the revised policy.

For privacy questions or to exercise your data rights: MSS Technology Company W.L.L (CR 182156-1), Manama, Kingdom of Bahrain. Email: admin@bloodbh.com. We aim to respond within 30 days.