Privacy Policy 1. Introduction Ain Al Khaleej Hospital is committed to protecting the privacy, confidentiality, and security of all personal and health information we handle. We comply with the UAE Federal Law No. 45 of 2021 on the Protection of Personal Data, the Abu Dhabi Healthcare Information and Cybersecurity Standard (ADHICS V2), and other applicable local and international regulations. This Privacy Policy explains how we collect, use, store, share, and protect your personal and health information when you receive medical care, use our digital platforms, or interact with our staff. 2. Scope This policy applies to all personal and health information processed by Ain Al Khaleej Hospital relating to: • Patients, healthcare professionals, employees, contractors, and visitors • UAE residents, non-residents, and international patients receiving medical or telehealth services It covers information in both electronic and physical form throughout its lifecycle—from collection to secure deletion. 3. Information We Collect We may collect the following categories of personal and health information: • Personal Identification Data: Name, Emirates ID, passport number, contact details, nationality, date of birth • Health Information: Medical history, diagnosis, treatment details, laboratory and imaging results, prescriptions • Financial and Insurance Data: Payment information, insurance coverage, billing records • Other Sensitive Data: Biometric or genetic information (where necessary for medical care) Information may be collected directly from you, through your healthcare provider, during registration or consultations, via our online platforms, or from authorised third parties such as insurance companies or government bodies. 4. Purpose and Legal Basis for Processing We process personal and health information only where lawful and necessary, including to: • Deliver safe and effective medical care • Manage appointments, billing, and insurance claims • Maintain accurate medical records as required by ADHICS • Report mandatory health information to authorities such as the Department of Health – Abu Dhabi • Conduct quality monitoring and service improvement • Support research or public health purposes using anonymised data Processing is based on your consent, legal obligations, contractual necessity, or public interest in healthcare. 5. Data Sharing and Disclosure Your personal and health information may be shared, where necessary and permitted by law, with: • Other healthcare professionals involved in your care • Insurance companies and third-party payers for claims processing • Regulatory authorities and government bodies, such as the Department of Health – Abu Dhabi • Research institutions or partners, but only using anonymised data All external recipients are bound by confidentiality and data-protection obligations equivalent to those of Ain Al Khaleej Hospital. 6. Data Retention and Deletion We retain personal and health records for the duration required by applicable healthcare regulations—normally 25 years following the last patient interaction—unless a longer period is legally required. When data is no longer needed, it is securely deleted or anonymised in accordance with ADHICS standards. 7. Cross-Border Data Transfers If your personal or health data needs to be transferred outside the UAE, Ain Al Khaleej Hospital will ensure: • The destination country provides an adequate level of protection, or • Contractual safeguards are in place to maintain equivalent privacy standards Where required, we will obtain approval from the Department of Health – Abu Dhabi and your explicit consent prior to such transfers. 8. Your Rights You have the right to: • Access and receive a copy of your personal or health data • Request correction of inaccurate or incomplete information • Request deletion of your data, subject to legal retention requirements • Restrict or object to the processing of your data • Request data portability to another healthcare provider • Withdraw consent at any time (without affecting prior lawful processing) To exercise your rights or submit a privacy-related request, please contact our Data Protection Officer (DPO) using the details below. 9. Security and Safeguards We implement technical and organisational measures to protect your data, including: • Encryption of stored and transmitted data • Access controls and role-based permissions • Secure data storage and backup systems • Regular security testing and risk assessments • Employee training and awareness programmes We design privacy and security into all our systems and services in line with the privacy-by-design principle. 10. Children’s Data We provide enhanced protection for minors under 18 years of age. Consent for the collection and processing of a child’s health information must be provided by a parent or legal guardian, unless treatment is required in an emergency situation. 11. Data Breach Response In the unlikely event of a data breach, Ain Al Khaleej Hospital will promptly assess and contain the incident, notify relevant authorities as required by ADHICS, and inform affected individuals where applicable. 12. Updates to This Policy This Privacy Policy is reviewed periodically and may be updated to reflect changes in laws, regulations, or operational practices. The most current version will always be available on our website. 13. Contact Us For privacy-related enquiries or to exercise your data-protection rights, please contact: Data Protection Officer (DPO) Ain Al Khaleej Hospital, Al Ain, United Arab Emirates 📧 dpo@ak-hospital.com