Privacy Policy

Introduction

NMC Healthcare Group have developed this Privacy Statement to explain how we collect, retain, use, process, share and transfer your personal data when you visit our facilities, use our services, or visit our websites. It has also been designed to help you understand your privacy choices whenever you interact with the NMC Healthcare Group.

About NMC Healthcare Group

NMC Healthcare Group is owned and operated by NMC OpCo Ltd who's registered office is located at DD # 16 – 109 – 001, 16th Floor, WeWork Hub71, Al Khatem Tower, ADGM Square, Al Maryah Island, PO Box: 764659, Abu Dhabi, UAE. It comprises several related businesses operating under the NMC, Cosmesurge, Fakih IVF, Provita, Americare, Aesthetics, brands in the UAE, Oman, and Kuwait.

NMC Healthcare Group (also referred to as “we” or “us” elsewhere in this Privacy Statement) together are responsible for your personal data as Independent Controllers, Joint Controllers or Data Processors, depending on the purpose for which your data is being processed. Please see the section on Transferring Your Data Within the NMC Healthcare Group below for details.

Our Commitment to Privacy

Our privacy commitments are fundamental to the way we run our business. These commitments apply to everyone who has a relationship with us - including patients, partners, and website visitors. NMC Healthcare Group is committed to delivering personalised care that matters and to giving you the best overall experience whenever you use any of our services or interact with us. We strive to strike the right balance between using your data to ensure the quality of those experiences and protecting your privacy. We have thought through each aspect of our business and have determined just the right amount of data we need to create the best experience for you.

Scope

This Privacy Statement applies to all information we collect about you. It includes information we collect directly from you, information collected automatically, information we collect through our mobile application(s) and information we collect from third parties.

Personal, Anonymous and Aggregate Information

Personal data, also referred to as personally identifiable information (PII) is information that identifies or can reasonably be used to identify you. Anonymous information (i.e., information that doesn't or can't be reasonably used to identify you specifically) and aggregate information (i.e., information taken from many peoples' data that is combined into groups or categories) are not considered personal data.

Examples of personal data include your:

Name and contact information - For example, your first and last name, email address, mailing address, phone number, photo, beneficiary and emergency contact details and other similar contact data.
Demographic data - For example, your date of birth and gender. We may also ask about your parental status and military status.
National identifiers - For example, your national ID/passport, citizenship status, residency and work permit status, social security number or other taxpayer/government identification number.
Employment details - For example, your job title/position, employer name and similar.
Spouse’s/partner’s and dependents’ information - For example, your spouse and dependents’ first and last names, dates of birth and contact details.
Background information - For example, your academic and professional qualifications, education, CV/Resume.
Video, voice, and image - We may collect and use your video, voice, and image data, subject to the requirements of local law, or internal policy.
Financial information - For example, your bank account details, tax information, salary, retirement account information, company allowances and other information necessary to administer payroll, taxes, and benefits.
Geo-location data - such personal data refers to information that identifies or can be used to identify your geographic location often using data processed by personal devices you may be using such as mobile phones, laptops, tablets, and similar.
Social media information - collected or generated through your use of social media platforms. This may include profile information, interactions with us or comments made on our social media accounts, and data related to private messages between you and us.
Information contained in online identifiers such as cookies and similar technologies.

o Privacy

Scope

Personal, Anonymous and Aggregate Information

The Personal Data We Use

How we Use Personal Data

Legal Basis for Using Your Personal Data

Opting Out of Processing

Third-Party Processing and Transfers Outside of ADGM

Retention of Personal Data

Your Rights

Transferring Your Data Within NMC Healthcare Group

Definitions

NMC Healthcare Group Company Directory

Introduction

About NMC Healthcare Group

Our Commitment to Privacy

Scope

Personal, Anonymous and Aggregate Information

Examples of personal data include your:

Name and contact information - For example, your first and last name, email address, mailing address, phone number, photo, beneficiary and emergency contact details and other similar contact data.
Demographic data - For example, your date of birth and gender. We may also ask about your parental status and military status.
National identifiers - For example, your national ID/passport, citizenship status, residency and work permit status, social security number or other taxpayer/government identification number.
Employment details - For example, your job title/position, employer name and similar.
Spouse’s/partner’s and dependents’ information - For example, your spouse and dependents’ first and last names, dates of birth and contact details.
Background information - For example, your academic and professional qualifications, education, CV/Resume.
Video, voice, and image - We may collect and use your video, voice, and image data, subject to the requirements of local law, or internal policy.
Financial information - For example, your bank account details, tax information, salary, retirement account information, company allowances and other information necessary to administer payroll, taxes, and benefits.
Geo-location data - such personal data refers to information that identifies or can be used to identify your geographic location often using data processed by personal devices you may be using such as mobile phones, laptops, tablets, and similar.
Social media information - collected or generated through your use of social media platforms. This may include profile information, interactions with us or comments made on our social media accounts, and data related to private messages between you and us.
Information contained in online identifiers such as cookies and similar technologies.

We may also process more sensitive personal data (also known as Special Category Data) including information relating to racial and ethnic origin, religious, political, or philosophical beliefs, trade union membership or information about your health, disabilities, and sexual orientation.

Personal information does not include:

De-identified or anonymised information (i.e., information about you where information that can be used to identify an individual has been removed permanently).
Aggregated consumer information (i.e., information taken from many people’s data and combined into anonymous groups or categories).
General business contact information that does not identify an individual.
Information about deceased persons.

The Personal Data We Use

We want you to know exactly what data we collect and use. NMC Healthcare Group may collect and use the following information:

Your name and other personally identifying information
Communication preferences and details
Login and authentication information
Online profile information
Online activity
Purchasing information
Payment information, methods, and history
Information about the device(s) you use
Information about the service usage
Support information
Cookies
Social media information
Date of birth
Copy of identification document
Subscription preferences
Financial and credit history
Location information and GPS data

Special Categories of Personal Data

We also collect and use more sensitive personal data (known as "Special Category Data") about you, such as information relating to your physical and mental health or your religion

Special category data must be handled even more sensitively than “standard” personal data. Your special category personal data will be managed in accordance with the Abu Dhabi Global Market (ADGM) Data Protection Regulations (ADGM DPR), this Privacy Notice and all applicable professional standards and laws including those issued by the UAE Federal Ministry of Health and Prevention, the Department of Health - Abu Dhabi, Dubai Health Authority, and those issued by the health authorities in Oman and in the other countries where we operate.

The special category personal data we hold about you may include some or all the following:

Details of your physical or mental health. This may include personal data about any healthcare services you have received (both from NMC Healthcare Group directly and other healthcare providers) or need, including about clinic and hospital visits and medicines administered. We provide further details below on the way we handle such personal data.
Details of care you have received from us including any images taken in relation to your care.
Details of your religion
Details of any genetic or biometric data relating to you.
Data concerning your sex life and/or sexual orientation.

The confidentiality of your medical information is important to NMC Healthcare Group. We make every effort to prevent unauthorised access to and use of information relating to your physical and mental health. In doing so, we comply with UAE and Oman data protection law, as well as other data protection laws in the jurisdictions where we operate.

How we Use Personal Data

We use your personal data in a variety of ways in order deliver you with the healthcare services that you need. We also use personal data belonging to our patients, and business partners to run our business and to comply with our legal obligations. Where you apply for a job at NMC Group, we need to process your personal data as part of our recruitment process.

How we Collect Your Personal Data

Directly From You

We may collect personal data directly from you when you:

enter a contract with us for the provision of your care.
use that care.
have remote or virtual consultations with a healthcare professional, for instance by telephone or some other communications method.
interact with us via email, phone, and other means of communication.
complete enquiry forms on our website.
send us a question including through our website, by email or by social media.
correspond with us by letter, email, telephone (all incoming and outgoing calls from/to patients are recorded) or social media, including where you reference NMC Healthcare Group in a public social media post.
attend our hospitals, clinics, pharmacies, or other healthcare facilities and are recorded on the CCTV systems we have installed.
apply for a position at one of the NMC entities.
take part in our marketing activities.
enrol in healthcare campaigns championed by health authorities.

From Other Healthcare Providers

Our patients will often receive healthcare services from other organisations in addition to NMC Healthcare Group, and so to provide you with the best care possible we may have to collect personal data about you from these other organisations. This may include medical records from:

your physician
your dentist
mental health providers
other healthcare professionals (including their medical secretaries) Medical records include personal data about your tests and diagnosis, clinic and hospital visits and medicines administered.

Health Data Exchange Platforms (UAE)

If you are a patient in the UAE, your health data will most likely also be held and processed in either Emirate’s Health Data Information Exchange Platform. These are known as Malaffi in Abu Dhabi, Nabidh in Dubai, and Riayati in the Northern Emirates (Sharjah, Ajman, Umm Al Quwain, Fujairah, and Ras Al Khaimah). Your profile in either or each of these platforms holds an electronic record of your patient information, including medication, allergies, bad reactions to medicines, and where available past and present medical information, created from your NMC Healthcare Group medical record. They can be seen and used by authorised staff, within NMC Healthcare Group and in other areas of the UAE health and care system, who are directly involved in your care. Access to your record in these systems optimises patient safety allowing us to make the most clinically informed decisions. You can find more information about Malaffi here, about Nabidh, here and Riayati here.

From Other Third Parties

We may also collect personal data about you from other third parties in the following ways:

solicitors or other third parties acting on your behalf in connection with medico-legal proceedings.
your current or former employer, healthcare professional or other healthcare services or benefit provider
your family
your health insurance policy provider
experts (including medical experts) and other service providers about your care
government agencies,

In such cases, we will inform you that we have received your personal data from third parties, along with required information under applicable data protection laws.

Legal Basis for Using Your Personal Data

We use (or “process”) your personal data for several different purposes but in all cases, we must have a legal basis for doing so. When we use Special Category personal data such health data, (see section on Special categories of personal data above) we must have a specific additional legal basis to do so.

Below we have outlined the purposes for which NMC Healthcare Facilities process your personal data and the legal bases for doing so.

NMC AssetCo processes personal data jointly with NMC Healthcare Facilities as a joint controller, as both parties participate in the determination of the purposes and means of the processing of personal data of NMC Group patients. For all the processing activities NMC AssetCo relies on legitimate interest as its basis for processing of personal data. Please note that you have the right to object to processing based on legitimate interest. Please see Section Your Rights, Right to Object to the Processing of Your Personal Information for More Information.

When it comes to a condition for processing Special Category (Health) Data, NMC AssetCo relies on processing that is necessary for reasons of public interest in the area of public health to ensure continued high standards of quality and safe health care, of medicinal products or medical devices.

No.PurposeDetailsLegal BasisSpecial Category (Health) Data:

1To set you up as a patient and process your data in NMC Healthcare Group’s systems.

We use your personal data to create a Medical Record within our systems in which we will hold your medical history.

We also use it to establish your identity and the method you will use to pay for the services that we provide you with (i.e., via your insurance provider, cash, or some other means).

Contract

We need to use your personal data to take steps so that you can enter a contract with us and/or a healthcare.

Providing personal data is a requirement to enter a contract. Failure to provide personal data would prevent us from entering a contract with you.

Performance of Contract

Processing is required for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering into a contract.

2.To provide you with healthcare and related services

This is the primary reason you are likely to visit any of our facilities or use our services. We will therefore process your personal and health data for that and related purposes.

We may also need to carry out diagnostic tests or imaging procedures, some of which may be conducted within the facility you visit while others may be conducted at other NMC Healthcare Group facilities or by specially vetted third parties in compliance with local regulations. This means that some of your data might need to be shared with other hospitals within NMC group or other third parties.

Contract
We need to process your health information to perform our healthcare contract with you.

You are required to provide personal data to perform our contract with you. If you do not provide us with your personal data, we will be unable to perform our contract with you.

Health Purposes
Processing is necessary for health purposes.3.To provide you with medical services in cases of emergencyWhere there is a risk to your life or other consequences may occur that would cause you great harm, we need to process personal and health data to protect your vital interests. Sometimes, we need to share your data with third parties in order the achieve that.

Vital Interests

We may also need to process your health information to protect your vital health interests for instance, in life threatening emergencies.

Vital Interests Processing is necessary to protect vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving Consent4.To settle your accountWe will use your personal and health data to ensure that your account and billing is fully accurate and up to date. This may include sharing your personal information with your health insurance provider or employer both before and after you receive treatment at any of our healthcare facilities.Contract
We need to process your personal and health information to perform our healthcare contract with you.

Performance of Contract

Processing is required for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering a contract. Processing is required for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering a contract.

Processing is required for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering a contract.

5.For internal or government clinical audit related to our Abu Dhabi HospitalsWe may share your personal data with government auditors, Clinical Outcome Review Programmes and other government led quality improvement projects. We may also share your personal data with other audit programmes set up by clinical standards accreditation bodies such as Joint Commission International.

Legal obligation

To comply with our regulatory or legal obligations.

Legal Obligation The exercise of a function or requirement conferred on a person by Applicable Law6.For internal or government clinical audit at our hospitals outside of the Emirate of Abu DhabiWe may share your personal data with government auditors, Clinical Outcome Review Programmes and other government led quality improvement projects. We may also share your personal data with other audit programmes set up by clinical standards accreditation bodies such as Joint Commission International.

Legitimate Interest
To make improvements to our procedures and practices provided that we have put appropriate safeguards in place to protect your privacy so that this use does not override your interests unduly.

Please note that you have the right to object to processing based on legitimate interest. Please see Section Your Rights, Right to Object to The Processing of Your Personal Information for more information.

Public Interests
Processing is necessary for reasons of public interest in the area of public health to ensure continued high standards of quality and safe health care, of medicinal products or medical devices.7.Contacting you and resolving queries or complaintsThere may be times when you raise queries, or even complaints, with us. We take those communications very seriously and will usually need to use your personal data to resolve them fully.

Legitimate Interests It is in our interest to improve our standards of care, service delivery, in any other way that will benefit our patients and other stakeholders provided that these interests are not overridden by your own interests.

Please note that you have the right to object to processing based on legitimate interest. Please see Section Your Rights, Right to Object to the Processing of Your Personal Information for more information.

Public Interests Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.8.Providing you with service informationWe will use contact information you have given us to get in touch and remind you about appointments you have booked with us, to inform you about test results, or to otherwise follow up with you about an appointment you have attended with us. We will generally do this by telephone, SMS, email or by messenger app (such as WhatsApp).

Contract
In order to fulfil our contractual obligations, we need to process personal data to fulfil our contractual obligations.

Providing personal data is a contractual requirement. Failure to do so might prevent us from perform our contract with you.

Performance of Contract
Processing is required for the performance of a contract to which the Data Subject is party or to take steps at the request of the Data Subject prior to entering into a contract.9.Medical researchWe also participate in medical research and may share personal data with government approved research projects.

Your Consent

We will obtain your consent before using your personal data for any medical research purposes to bring healthcare improvements to the public.

Explicit consent You can withdraw your consent at any time. Please see Section "Your Rights", "Right to object to How we Use Your Personal Information for Direct Marketing Purposes" and the "Right to Withdraw Your Consent" for more information.10.Medical research where your consent has not been obtainedWe also participate in medical research and may share personal data with government approved research projects where allowed by regulatory bodies in the country.

Legitimate Interest
It is in our legitimate interest to process personal data obtained from you for medical research purposes and share with government approved research projects where allowed by regulators provided that these interests are not overridden by your own interests.

Research Purposes
Processing is necessary for Archiving and Research Purposes in accordance with Applicable Law11.Clinical referralsIn order to provide you with comprehensive and high-quality health care, it may be necessary to refer your clinical case to other healthcare professionals at other facilities within the NMC Healthcare Group. In rare instances, it may also be necessary to refer your case outside of our network.

Contract

We need to process your health information to perform our healthcare contract with you and fulfil your request.

12.Patient transferIn order to continue your treatment, we may need to transfer you to another health care facility in the country.Contract
We need to process your personal and health information in order to fulfil our contract with you and transfer you to another facility where you can continue your treatmentHealth Purposes
Processing is necessary for health purposes.

13.Patient transfer at your requestTo continue your treatment at another facility or in another country at your request

Contract

We need to process your personal and health information in order to fulfil the contract with you and transfer you to another facility where you can continue the treatment

14.Patient transfer when there is insufficient insurance coverage or where your treatment cannot be continued at our facilityTo protect your life, we may need to transfer you to another healthcare facility outside the country. By doing so we have to communicate your personal and health data to third parties. The healthcare facility outside the country.Vital Interests
We need to process your personal and health information to protect your vital health interests for instance, in life threatening emergencies.Vital Interests
Processing is necessary to protect vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving Consent

15.Providing improved quality servicesWe take measures to continually improve the quality of the services we provide. This includes monitoring or recording telephone calls to our contact numbers for training and security purposes and conducting pre and post treatment surveys.

Legitimate Interests It is within our legitimate business interests to take measures to improve the quality and efficiency of the services we provide to you provided that our interests are not overridden by your interests.

Please note that you have the right to object to processing based on legitimate interest. Please see Section Your Rights, Right to Object to the processing of your personal information for more details.

16.Recruiting new staffWe will process your personal data if you apply for a job at NMC Healthcare Group. This includes all phases of the recruitment process including shortlisting, assessment, and interview, and offers of a position made to successful candidates.Contract
We need to process your personal data to take steps to enter into a contract of employment with you.

17.Recruiting new staff: processing your applicationWe may use external vendors to provide cloud-based video interviewing, assessment, and scheduling services. NMC Healthcare Group currently has currently engaged HireVue Inc. to provide these services. You can learn more about them by reading their privacy policy.

Legitimate Interests It is within our legitimate business interests to employ increasingly efficient processes and technology when searching for and assessing new talent to join our business provided that our interests are not overridden by your interests. Please note that you have the right to object to processing based on legitimate interest.

Please see Section Your Rights, Right to Object to the Processing of Your Personal Information for more details.

18.Vetting and onboarding new business partners and vendorsBefore engaging with new suppliers, vendors, or business partners, it is NMC Healthcare Group’s policy to conduct appropriate due diligence to ensure that we know who we are doing business with. These checks may require us to process personal data belonging to board directors, officers or other employees of these companies or organisations.

Legitimate Interests
It is in our legitimate business interest to use your personal data to conduct proper due diligence before we engage in any business venture with you or your organisation, provided that these interests are not overridden by your own interests.

19.MarketingWe may use your personal data to bring information about our services and products. This may include contact information you have given us to contact you by phone, by email, SMS, or other messaging platform you agree to.

Consent We will only contact you if you consent to us doing so and have not withdrawn that consent.

You can withdraw your consent at any time. Please see Section Your Rights, Right to Object to How We Use Your Personal Information for Direct Marketing Purposes and the Right to Withdraw Your Consent for more information.

Explicit consent You can withdraw your consent at any time. Please see Section Your Rights, Right to Object to How We Use Your Personal Information for Direct Marketing Purposes and the Right to Withdraw Your Consent for more information.

20.Law enforcement requestsThere may be times when we are required to provide the personal data of our patients or employees to law enforcement agencies such as the police, public health authorities and others. We will cooperate with these agencies when we receive such requests.Legal Obligation
In these situations, we are compelled to process your personal data to comply with a legal obligation to which we are subject.Legal Obligation
The exercise of a function or requirement conferred on a person by Applicable Law

21.Appointment bookingsIn order for us to book your appointment we must process your personal and health information.

Contract We must process your personal information to enter a contract with you if you are our new patient or fulfil our contractual obligations if you are our existing patient.

You are required to provide personal data in order to enter or perform our contract with you. If you do not provide us with your personal data, we will be unable to perform our contract with you.

Performance of Contract Processing is required for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.22.Processing for financial and accounting purposesAnalysis of financial results, internal and external audit requirements, receiving professional advice (e.g., tax, financial, legal, or public relations advice)

Legitimate Interests
It is in our legitimate business interest to use your personal data conduct to, where necessary, conduct internal audits, consult with public relations experts and other experts to maintain efficient and effective operations, provided that these interests are not overridden by your own interests.

Please note that you have the right to object to processing based on legitimate interest. Please see Section "Your Rights", "Right to Object to the Processing of Your Personal Information" for more details.

Public Interest
Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.

23.CCTV RecordingsStoring and reviewing CCTV images is necessary to maintain our facilities safeLegal Obligation To comply with our legal and regulatory obligations to maintain safe and secure premises for visitors to our premises and our employees.

24.Managing our accounting recordsWe need to maintain our accounting recordsLegal Obligation
To comply with relevant financial accounting and tax requirements.

25.Keeping your recordsWe need to keep your medical records to comply with relevant lawsLegal Obligation To comply with laws regulating the duration of storage of medical records.Legal Obligation The exercise of a function or requirement conferred on a person by Applicable Law.

26.Incident ReportingYou can always reach out to NMC and report a complaint

Legitimate Interest
It is in our legitimate interest to know about incidents that happen within our hospitals provided that these interests are not overridden by your own interests.

27.Communicating with embassies and agencies about your treatmentSometimes NMC AssetCo will need to communicate with your home country’s embassy or an agency about your treatment.Contract We need to process your personal and health data to enter a contract with youPerformance of Contract Processing is required for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.

28.Occupational healthWe need to process your personal information in order to assess your work capacity, whether you can perform the specific work or perform other employment related health serviceContract
We need to process your personal and health data to perform our healthcare contract with you and provide you with requested servicesHealth Purposes
Processing is necessary for health purposes, including preventative or occupational medicine, the assessment of the working capacity of an employee, medical diagnosis, the provision of health care or treatment or the management of health care systems or services or pursuant to a contract with a health professional provided that Processing is by or under the responsibility of a health professional subject to the obligation of professional secrecy or duty of confidentiality

29.Sharing your data with Health Information Exchange in Dubai, Sharjah, Ras Al Khaimah, Umm Al Quwain, FujairahWhere you give us your consent, we can share your personal and health information with the Health Information Exchange. By doing so all healthcare providers involved in your treatment can access your information.

Consent Please note that for us to share your personal and health data with HIE systems in Dubai, Sharjah, Ras Al Khaimah, Umm Al Quwain, Fujairah, we need your consent.

You can withdraw your consent at any time. Please see Section "Your Rights", "Right to Object to the Processing of Your Personal Information" for more details.

Explicit consent You can withdraw your consent at any time. Please see Section "Your Rights","Right to Object to the Processing of Your Personal Information" for more details.

30.Sharing your data with Abu Dhabi Health Information ExchangeWhere you give us your consent, we can share your personal and health information with the Health Information Exchange. By doing so all healthcare providers involved in your treatment can access your information. However, even if we do not receive your consent, we must share your personal and health information with Abu Dhabi Health Information Exchange.Legal Obligation
We need to share your personal data with Abu Dhabi Health Information Exchange platform as a legal requirement.Legal Obligation
The exercise of a function or requirement conferred on a person by Applicable Law

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the ADGM or for any other restricted transfer. We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority.

Where your personal data is processed by a member of NMC Healthcare Group that is registered within the ADGM, you also have the right to lodge any complaints or concerns regarding the use of their personal data with the ADGM Commissioner for Data Protection (both health and non-health personal data) the local data protection authority at [email protected]

Verifying your identity

Where you decide to exercise any of these rights, we may request additional information from you to help us verify your identity or to confirm that you have given authority to another person to exercise these rights on your behalf.
We do however reserve the right not to restrict access to your information or to limit your rights (e.g., if such disclosure is prohibited by law or if the rights of another individual might be violated). In some instances, this may mean that we are able to retain your personal data even if you withdraw your consent. Please contact the Data Protection Officer at [email protected] for more information about your rights or to exercise any of them.

Conflicts between Law and this Privacy Statement

If there is a conflict between this Privacy Statement and an applicable law, applicable law will apply to you. We will determine whether there is a conflict, so you do not have to.

Impact of Automated Decisions

We will not make any decision, policy, or assessment that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Getting in Touch With Us

Your main point of contact for all issues arising from the use of your personal data, is the NMC Healthcare Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

By email:

[email protected]

By Post:

The Data Protection Officer,
NMC AssetCo,
10th Floor,
Al Ain Tower,
Khalidiya,
Abu Dhabi, UAE.
If you have any questions, concerns, or complaints regarding our compliance with this Privacy Statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.

Restriction on Children’s Information

We do not knowingly collect personal data online directly from individuals under the age of 18 years. Adults who interact with NMC Healthcare Group should ensure that they have proper authority to transfer personal data belonging to children to NMC Healthcare Group (under 18 years). This means that the adult must either be the parent of the child in question or the legally recognised guardian.

Transferring Your Data Within NMC Healthcare Group

We will transfer your personal data to other entities within the NMC Healthcare Group where necessary.

Patients

If you are a patient, the facility where you had your initial consultation, we may share your personal data (including health data) with other NMC Healthcare Group facilities in certain circumstances and for specific purposes that are related to the delivery of health care services to you. These may include:

To refer your medical case to a more appropriate facility.
To refer your medical case to a more specialised or experienced healthcare professional within our extensive network.
To enable you pick up pharmacy prescriptions.
At your request, and with your consent, to enable you use any of our optional ancillary health care services using our Cosmetic Surgery or IVF providers.

Data Controller vs Data Processor
In most cases, your data will be accessed by the corresponding health provider through NMC Healthcare Group’s Health Information system. Both will be Joint Controllers with joint responsibility for processing your data. NMC AssetCo is a joint Controller for all the processing activities, outlined in section on ‘How we Use Your Personal Data’ above. NMC AssetCo will be responsible for facilitating the exercise of data subjects’ rights and will serve as a primary point of contact.

Definitions

“Personal data”, “personal information”, or “PII” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity.

“Special Categories of Personal Data” refers to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and the processing of data concerning health or sexual orientation.

“Sensitive personal data” either indicates “special categories” (see above) or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached.

“Anonymised” is the deletion or changing of personal data in such a way that it can no longer be foreseeably assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost, and work.

“Consent” is any freely given, specific and transparently, unambiguous, well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously).

“NMC Healthcare Group” means, NMC OpCo Ltd and its subsidiaries. Click here for a detailed listing.

“NMC Healthcare Facility” means, a facility that is providing healthcare services such a hospital, clinic and similar.

Policy Reference Number: NMC/DS/E&C/016/01

8008020

24/7

Introduction

About NMC Healthcare Group

Our Commitment to Privacy

Scope

Personal, Anonymous and Aggregate Information

Introduction

About NMC Healthcare Group

Our Commitment to Privacy

Scope

Personal, Anonymous and Aggregate Information

The Personal Data We Use

Special Categories of Personal Data

How we Use Personal Data

How we Collect Your Personal Data

Legal Basis for Using Your Personal Data

Transferring Your Data Within NMC Healthcare Group

Definitions

Disclaimer

NMC ProVita International Medical Center, Abu Dhabi, UAE

Quick Navigation

Contact Details

8008020

24/7

[email protected]

Newsletter