Privacy Policy
Introduction
Aster Hospitals (hereinafter referred to as “The Company”, “we”, “us”, “our”) is the “Data Controller” in respect of your Personal Data. The Company provides an extensive network of hospitals in the UAE with specialists and support staff, delivering the best and latest medical treatments (Cardiology, ENT, Neurology, Oncology etc.).
We understand the importance of protecting the Personal Data of our Customers (hereinafter referred to as “Customer”, “you”, “user”, “Data Subject”). This Privacy Policy outlines how we Process any Personal Data collected from you by accessing, browsing and/or using the Website. This Privacy Policy applies only to activities that a customer engages in on this Website and does not apply to The Company’s activities that are "offline" or unrelated to the Website.
Any capitalized terms used in this Privacy Policy shall have the meanings ascribed to them under applicable Data Protection laws and regulations.
What Personal Data we collect
We collect the following categories of Personal Data:
- Personal Identifiers: Full Name, Phone Number, Email Address, Age, Gender, Appointment Details (Date and Time), Resume, Title, Nationality, Date of Birth, Religion, Covid 19 Certificate, Criminal Record, Education, Work Experience, Social Media Job Profile (LinkedIn, Indeed),
- Patient Health Data: Health Records, Health condition
- Account Login and Device Information: IP address, internet Domain, Browser type, Device details etc.
How and when we collect your Personal Data
The methods by which we collect your Personal Data include but are not limited to the following:
- When you visit our Website and engage in various activities.
- When you make bookings through the Website including doctors’ appointment and home Healthcare Services etc.
- When you apply for a Job using our Job Portal,
- When you communicate with us through email for the purpose of recruitment and/or recruitment related queries,
- When you communicate with us through social networking Websites, Third-Party applications, or similar technologies.
Use of Your Personal Data
Your Personal Data may be used or processed for various purposes including but not limited to the following:
- (www.asterhospitals.ae) collects certain anonymous data regarding the usage of the Website. This information does not personally identify users, by itself or in combination with other information, and is gathered to improve the performance of the Website.
- Allowing users to book appointments.
- To advertise the Products and Services of Aster Hospitals and send you updates about new products, special offers, and other information that may interest you at the Email Address you provided,
- To perform studies, research, and analysis for improving our information, Services, and technologies and ensure that the content displayed is customized to your interests and preferences based on your feedback,
- To share the information with the central HIS systems like NABIDH etc.,
- To administer or otherwise carry out our obligations in relation to any agreement you have with us,
- To comply with legal and regulatory requirements, including responding to court orders, or Legal Processes, establishing or exercising our Legal Rights, defending against legal claims, and investigating, preventing, or taking action regarding illegal activities, suspected fraud, violations of our terms of use, breaches of our agreement with you, or as otherwise required by law.
If you are a Job Applicant, your Personal Information will be collected and used by us for the following purposes, and we may disclose your Personal Data to Third Parties where necessary for the following purposes:
- Assessing and evaluating your suitability for employment in any current or prospective position within the organization; and
- Verifying your identity and the accuracy of your Personal Details and other information provided.
Legal Basis for Processing Your Personal Data
We will only Process your Personal Data where we have a Legal Basis to do so. The Legal Basis will depend on the purposes for which we have collected and use your Personal Information. In almost every case, the Legal Basis will be one of the following:
- Consent: For example, where you have provided your Consent to receive certain marketing/promotional messages from us or where you have provided your explicit Consent for us to Process your data during live Tele-Consultation Services.
- Our Legitimate Interest: Where it is necessary for us to understand our customers, promote our services, and effectively provide services, provided in each case that this is done in a legitimate way that does not duly affect your privacy and other rights.
- Compliance with law/agreement: Where we are subject to a legal obligation and need to use your Personal Data in order to comply with that obligation. For example, when you may purchase products/services from us, or book appointments we need to use your contact details and payment information in order to Process your order.
- Vital Interests: In some limited cases, we may need to Process your Personal Data where it is necessary to protect your Vital Interests or the Vital Interests of another person.
We will always take steps to ensure that the Processing of your Personal Data is Fair and Lawful and that it does not unduly affect your Privacy.
AI Usage
We may use Artificial Intelligence (AI) technologies to enhance healthcare services, including but not limited to supporting diagnostic Processes, personalizing treatment recommendations, and automating certain administrative and clinical workflows. These tools are used in accordance with applicable legal and regulatory guidelines, and are subject to internal assessments to ensure Accuracy, Fairness, and Patient safety.
Wherever applicable, separate and explicit Consent will be obtained from individuals prior to the use of AI tools in Processing their health data or delivering AI-assisted healthcare services.
Children’s Privacy
We understand the importance of taking extra precautions to protect the Privacy and Safety of Children using our website or Services. Minors are not permitted to use the Website or services, and we request that Minors under the age of 18 do not submit any Personal Information to the Website. Since information regarding minors under the age of 18 is not collected, we do not knowingly distribute Personal Data regarding minors under the age of 18. By accessing this Website, you affirm and guarantee that you are 18 years of age or older. We hold no liability for any unsolicited information provided by you, and you Consent to the usage of such information in accordance with this Privacy Notice. If we become aware that a person submitting Personal Data is under 18, we will delete all the information as soon as possible unless it is with the Consent and involvement of a Parent or Guardian. If you believe we might have any information from or about a child under 18, please contact us via email at Privacy@asterdmhealthcare.com.
Term of storage of Personal Data
We take diligent measures to ensure that the Personal Data you provide us is retained only for as long as necessary for the purpose for which it was collected, and for satisfying any Legal, accounting or reporting requirements or as required by any applicable law.
If you withdraw your Consent from marketing, we will remove your credentials from the marketing database.
Sharing and Transferring of Personal Data
Basis your Consent, you authorize us to exchange, transfer, share, your Personal Data within the Aster affiliates / agents / third party service providers / partners / authorities, Health Information Systems (HIS) and from your country to any other countries across the world for legal documentation, marketing purposes, or for providing our services for the purposes specified under this Notice or as may be required by applicable laws and regulations. This will be subject to applicable data localization measures, security measures and applicable regulatory measures.
Please note that, in line with regulatory requirements and basis your Consent, all health-related data is securely shared with government-mandated Health Information Exchanges (HIEs) such as NABIDH, ADHIE and other applicable platforms to support better care coordination and public health outcomes.
You acknowledge that some countries where we may transfer your Personal Data may not have adequate Data Protection regime or laws that are as stringent as the laws of your own country. You acknowledge that it is adequate that when Aster Hospitals transfers your Personal Data to any other entity within or outside your country of residence, Aster Hospitals will place contractual obligations along with Technical and Organizational measures on the transferee which will oblige the transferee to adhere to the provisions of this Notice. Additionally, the Principle of Data Localization is followed, where applicable, in accordance with UAE PDPL, 2021 and DIFC Data Protection Law and other applicable laws of various jurisdictions to the extent applicable. Thus, Personal Data is stored within the same jurisdiction as its collection to ensure the accuracy and integrity of the Personal Data.
Exceptions:
There are certain exceptions under which Patient Health Information can be transferred or shared outside the country of collection, by virtue of a decision issued by the Federal or local governmental Health authority in the State and after getting approval from the Dubai Health Authority or any other local Authority. Such exceptions include, but are not limited to:
- Matters of public interest
- Information that is already publicly available
- Medical diagnosis, the provision of healthcare or social care, treatment, or health insurance services
- Protection of the Data Subject’s vital interests
- Compliance with legal obligations or the exercise of established rights in the areas of employment, social security, or social protection laws, as permitted under applicable legislation
- Establishment, exercise, or defense of legal claims, including international judicial cooperation
- Execution of a contract that serves the Data Subject’s interests
Your Rights and Control over your Personal Data
We will respect your Legal Rights in relation to your Personal Data. Aster is committed to protecting them and ensuring compliance if you wish to exercise any of the rights under the applicable Data Protection Laws.
- Right to Obtain Information – You have the right to request information about the Personal Data. we hold about you at any time, including the Process of filing complaints with the UAE Data Office subject to exemptions.
- Right of Data Portability – You have the right to request to get a copy of your data transferred to you or another party collected by us in a machine-readable and easy-to-read format.
- Right of Correction – You have the right to request correction of your Personal Data, if the information is incorrect, including the right to have incomplete Personal Data completed.
- Right of Erasure – You have the right to get your Personal Data erased or removed at any time except:
- If your request affects the investigation procedures, claims for rights and legal proceedings or defence by Aster Hospitals.
- Your request conflicts with other legislation to which Aster Hospitals is subject.
- Right to Restrict Processing – You have the right to restrict the Processing of your Personal Data,
- If you have asserted that your Personal Data is incorrect, Aster Hospitals must restrict the Processing of such data pending the verification of the accuracy of the Personal Data.
- If the Processing is unlawful.
- If the Processing violates the purpose for which data was collected.
- Right to object to Automated Decision-Making – You have the right to not be subject to a decision solely based on Automated Processing, including profiling, which produces Legal Effects or otherwise significantly affects you.
- Right of Grievance Redressal – You have a right to grievance redressal where your exercise to request your rights is refused.
- Right to withdraw consent – You have a right to withdraw consent at any time from further Processing your data.
To exercise any of your above-mentioned rights, please contact us at Privacy@asterdmhealthcare.com.
We will respond to your access request as soon as reasonably possible and/or as per the applicable timeframes laid down by the respective Privacy Laws/regulations. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing of the same as soon as practically possible. If we are unable to provide you with your Personal Data or to make a correction requested by you, we shall inform you of the reasons why we are unable to do so (except where we are not required to do so under the law).
Please note that depending on the request that is being made, we will only need to provide you with access to the Personal Data contained in the documents requested, and not to the entire documents themselves. For example, the Company may not be obliged to provide the employee with access to the disciplinary records, investigation reports, or decisions to terminate, that the organization has created for evaluative and/or investigative purposes of the employee.
You have the right to withdraw your Consent at any point, provided such withdrawal of the Consent is intimated to us in writing through an email at Privacy@asterdmhealthcare.com requesting the same. Once you withdraw your Consent to share the Personal Data collected by us, we shall have the option not to fulfil the purposes for which the said Personal Data was sought, and we may restrict you from using our Services or the Website or parts of it as the case may be.
Security
The security of your Personal Data is important to us. We have adopted and maintained reasonable technical and organizational security measures and procedures including rigorous Third-Party Risk Assessments, strong Access Controls and information sharing on a need-to-know basis, Encryption of Personal Data, secure storage of Personal Data, rapid Data Breach management procedures, etc. to ensure that the Personal Data collected is secure at rest and in transit. We restrict access to your Personal Data to our and our affiliates’ employees, agents, Third-Party service providers, partners, and agencies on a need-to-know basis and absolutely limited to the purposes as specified above in this Policy.
Use of Cookies
- Cookies are small bits of data cached in a user’s browser. Aster Hospitals utilises Cookies to determine whether or not you have visited the home page in the past. However, no other user information is gathered. We may use non-personal "aggregated data" to enhance the operation of our Website or analyse interest in the areas of our Website.
- If you would like to find out more about Cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.
International Users and Personal Data
We welcome international users and respect their privacy. We encourage you to visit Aster Medical Travel (https://astermedicaltravel.ae/) for details how we collect, process data.
Modifications to this Privacy Notice
The Website Privacy Notice and terms & conditions would be changed or updated occasionally to meet the requirements and standards. Therefore, customers are encouraged to frequently visit these sections in order to be updated about the changes on the Website. Modifications will be effective on the day they are posted and the date of this Privacy Notice of when it was last updated will appear at the top of this document.
Contact Us
If you have any questions regarding this Privacy Notice, you may contact our Group Data Protection Officer:
DPO Details: Privacy@asterdmhealthcare.com
Contact No: +971565037221
Or you can write to us at:
Office Address: 33rd Floor, Aspect Towers, Business Bay, Dubai, UAE