b) What Personal Data we collect

We collect the following categories of Personal Data:

• Personal Identifiers: Full name, date of birth, phone number, email address, gender, nurse/midwife category, city, region and country, passport, emirates id or any other government id, photographs, medical/nurse council registration certificate (name of council, registration number and nursing license), valid identity and residency proof, valid proof of current employment (nurse id, letter from the institute), work experience, photograph, hospital/institute details (institute name, job title, country, city), reporting manager details (name, designation, email id and contact number), reference details (full name, relationship with the referrer, organization, designation, country, mobile number and email id), proof of education (degree name, degree certificate), social media profile link (linkedIn, x, facebook and instagram), supporting documents.

• Account Login and Device Information: IP address, internet domain, browser type, device details, encrypted password etc.

c) How and When we collect your Personal Data

The methods by which we collect your Personal Data include but are not limited to the following:

• When you visit our website and engage in activities such as registering or login-in purposes,

• When you fill out the application for registration as a prospective award participant for our Global Nursing Award.

• When you contact us regarding any queries.

• When you communicate with us through social networking websites, third-party applications, or similar technologies.

Information from Third-Party Services
If you access the services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.

d) Use of Your Personal Data

Your Personal Data may be used or Processed for various purposes including but not limited to the following:

• (www.asterguardians.com) collects certain anonymous data regarding the usage of the website. This information does not personally identify users, by itself or in combination with other information, and is gathered to improve the performance of the website.

• To verify the details that you have provided us and determine if you qualify to be a nominee of our Global Nursing Award,

• To verify the details regarding any communication/query made to us in relation to the award.

• To send promotional communications via SMS, WhatsApp, email, and other channels, and to support related services such as customer support, marketing, analytics, advertising, and performance tracking etc.

• To carry out insurance-related purposes, including claims processing, verification, and billing.

• To perform studies, research, and analysis for improving our information, services, and technologies and ensure that the content displayed is customized to your interests and preferences based on your feedback,

• To administer or otherwise carry out our obligations in relation to any agreement you have with us,

• To comply with legal and regulatory requirements, including responding to court orders, or legal Processes, establishing or exercising our legal rights, defending against legal claims, and investigating, preventing, or taking action regarding illegal activities, suspected fraud, violations of our terms of use, breaches of our agreement with you, or as otherwise required by law.

•  

e) Legal Basis for Processing of Your Personal Data

We will only Process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your Personal Data. In almost every case, the legal basis will be one of the following:

a. Consent: For example, where you have provided your consent to receive certain marketing/promotional messages from us or where you have provided your explicit consent for us to Process your data during registering on our website.
b. Our legitimate interest: Where it is necessary for us to understand our customers, promote our services, and effectively provide services, provided in each case that this is done in a legitimate way that does not duly affect your privacy and other rights.
c. Compliance with law/agreement: Where we are subject to a legal obligation and need to use your Personal Data in order to comply with that obligation. For example, when you apply for the Aster Guardians Global Nursing Award during that time we need to Process your personal information for verification.
d. Vital Interests: In some limited cases, we may need to Process your Personal Data where it is necessary to protect your vital interests or the vital interests of another person.

We will always take steps to ensure that the Processing of your Personal Data is fair and lawful and that it does not unduly affect your privacy.

f) AI Usage

We may use Artificial Intelligence (AI) technologies to enhance healthcare services, including but not limited to supporting diagnostic processes, personalizing treatment recommendations, and automating certain administrative and clinical workflows. These tools are used in accordance with applicable legal and regulatory guidelines, and are subject to internal assessments to ensure accuracy, fairness, and patient safety.
Wherever applicable, separate and explicit consent will be obtained from individuals prior to the use of AI tools in Processing their health data or delivering AI-assisted healthcare services.

g) Children’s Privacy

We understand the importance of taking extra precautions to protect the privacy and safety of children using our website or services. Minors are not permitted to use the website or services, and we request that minors under the age of 18 do not submit any Personal Data to the website.
Since information regarding minors under the age of 18 is not collected, we do not knowingly distribute Personal Data regarding minors under the age of 18. By accessing this website, you affirm and guarantee that you are 18 years of age or older.
We hold no liability for any unsolicited information provided by you, and you consent to the usage of such information in accordance with this Privacy Notice. If we become aware that a person submitting Personal Data is under 18, we will delete all the information as soon as possible unless it is with the consent and involvement of a parent or guardian.
If you believe we might have any information from or about a child under 18, please contact us via email at Privacy@asterdmhealthcare.com.

h) Term of storage of Personal Data

We take diligent measures to ensure that the Personal Data you provide us is retained only for as long as necessary for the purpose for which it was collected, and for satisfying any legal, accounting or reporting requirements or as required by any applicable law.
If you withdraw your consent from marketing, we will remove your credentials from the marketing database.

i) Sharing and Transferring of Personal Data

Basis your consent, you authorize us to exchange, transfer, share, your Personal Data within the Aster affiliates/agents/third party service providers/partners/authorities, Health Information Systems (HIS) and from your country to any other countries across the world for legal documentation, insurance processing, marketing purposes, or for providing our services for the purposes specified under this Notice or as may be required by applicable laws and regulations.
We may share your information with authorized third-party vendors and service providers that help us with specialized services, including customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These authorized third-party vendors are subject to risk assessment test and will not use your information for purposes other than those related to the services they are providing to us.
All such data sharing is conducted in accordance with applicable data localization requirements, security protocols, and applicable regulatory standards.
If you choose to engage in public activities on the third-party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these sites and forums. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in public areas.
You acknowledge that some countries where we may transfer your Personal Data may not have adequate data protection regime or laws that are as stringent as the laws of your own country. You acknowledge that it is adequate that when The Company transfer your Personal Data to any other entity within or outside your country of residence, The Company will place contractual obligations along with technical and organizational measures on the transferee which will oblige the transferee to adhere to the provisions of this Notice.
Additionally, the principle of data localization is followed, where applicable, in accordance with UAE PDPL, KSA PDPL and other local Data Privacy laws to the extent applicable. Thus, Personal Data is stored within the same jurisdiction as its collection to ensure the accuracy and integrity of the Personal Data.

Exceptions
There are certain exceptions under which Patient Health Information can be transferred or shared outside the country of collection, by virtue of a decision issued by the Federal or local governmental Health authority in the State and after getting approval from the Dubai Health Authority or any other relevant local Authority wherever applicable. Such exceptions include, but are not limited to:

• Matters of public interest

• Information that is already publicly available

• Medical diagnosis, the provision of healthcare or social care, treatment, or health insurance services

• Protection of the Data Subject’s vital interests

• Compliance with legal obligations or the exercise of established rights in the areas of employment, social security, or social protection laws, as permitted under applicable legislation

• Establishment, exercise, or defense of legal claims, including international judicial cooperation

• Execution of a contract that serves the Data Subject’s interests

Disclaimer
We define Patient Health Information as information that includes or pertains to:

1. Your personal health, which may consist of your medical history.

2. Your physical traits, such as weight and height.

3. Any disabilities you have or have had.

4. Any healthcare services provided or being provided to you.

5. Information provided by you related to the donation of your body part or bodily substance or obtained from the examination or testing of your body part or bodily substance.

6. Information collected before or during the provision of healthcare services incidental to your care.

7. Any other information or documents you choose to disclose.

(Continued in next message due to length…)

(Continued from previous message…)

j) Your Rights and Control over your Personal Data

We will respect your legal rights in relation to your Personal Data. Aster Guardian is committed to protecting them and ensuring compliance if you wish to exercise any of the rights under the applicable Personal Data Protection Laws.

a. Data Subject Rights

i. Right to obtain information – You have the right to request information about the Personal Data we hold about you at any time.
ii. Right to withdraw consent – You have a right to withdraw consent at any time from further Processing your data.
iii. Right of grievance redressal – You have a right to grievance redressal where your exercise to request your rights is refused.
iv. Right of data portability – You have the right to request to get a copy of your data transferred to you or another party collected by us in a machine-readable and easy-to-read format.
v. Right of correction – You have the right to request correction of your Personal Data if the information is incorrect, including the right to have incomplete Personal Data completed.
vi. Right of erasure – You have the right to get your Personal Data erased or removed at any time except:

• If your request affects the investigation procedures, claims for rights and legal proceedings or defence by Aster Guardians.

• Your request conflicts with other legislation to which Aster Guardians is subject.
  vii. Right to restrict Processing – You have the right to restrict the Processing of your Personal Data if:

• If you have asserted that your Personal Data is incorrect, Aster Guardians must restrict the Processing of such data pending the verification of the accuracy of the Personal Data.

• If the Processing is unlawful.

• If the Processing violates the purpose for which data was collected.
  viii. Right to object – You have the right to object to the Processing of your Personal Data if such Processing is not necessary. Where applicable this right extends to right to object to direct marketing.
  ix. Right not to be subject to automated decision-making – You have the right to not be subject to a decision solely based on automated Processing, including profiling, which produces legal effects or otherwise significantly affects you.
  x. Right to Be Notified of Data Breach – The Data Subject has the right to be informed of any breaches affecting their Personal Data.

To exercise any of your above-mentioned rights, please contact us at Privacy@asterdmhealtcare.com.
We will respond to your access request as soon as reasonably possible and/or as per the applicable timeframes laid down by the respective privacy laws/regulations. Should we not be able to respond to your access request within thirty (30) days (in case of Bahrain – 15 days and Oman – 45 days) after receiving your access request, we will inform you in writing of the same as soon as practically possible.
If we are unable to provide you with your Personal Data or to make a correction requested by you, we shall inform you of the reasons why we are unable to do so (except where we are not required to do so under the law).
Please note that depending on the request that is being made, we will only need to provide you with access to the Personal Data contained in the documents requested, and not to the entire documents themselves. For example, The Company may not be obliged to provide the employee with access to the disciplinary records, investigation reports, or decisions to terminate, that the organization has created for evaluative and/or investigative purposes of the employee.
The Company is committed to protect your privacy. To respect your preferences, we provide multiple ways to opt out of receiving marketing and promotional communications. You can do this at any time using the unsubscribe or opt-out links provided in our emails and messages.
If you wish to withdraw your consent for marketing or for the sharing of information, you can do so by writing to us through an email at Privacy@asterdmhealtcare.com requesting the same. Once you withdraw your consent to share the Personal Data collected by us, we shall have the option not to fulfil the purposes for which the said Personal Data was sought, and we may restrict you from using our services or the website or parts of it as the case may be.

k) Security

The security of your Personal Data is important to us. We have adopted and maintained reasonable technical and organizational security measures and procedures including rigorous third-party risk assessments, strong access controls and information sharing on a need-to-know basis, encryption of Personal Data, secure storage of Personal Data, rapid data breach management procedures, etc. to ensure that the Personal Data collected is secure at rest and in transit.
We restrict access to your Personal Data to our and our affiliates’ employees, agents, third-party service providers, partners, and agencies on a need-to-know basis and absolutely limited to the purposes as specified above in this Notice.

l) Use of Cookies

• Cookies are small bits of data cached in a user’s browser. Aster Guardians utilises cookies to determine whether or not you have visited the home page in the past. However, no other user information is gathered. We may use non-personal “aggregated data” to enhance the operation of our website or analyse interest in the areas of our website.

• If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.

• You may also be able to control or limit the collection of this technical data through your browser or device settings.

•  

m) International Users and Personal Data

We welcome users from around the world and are committed to respecting their privacy. We encourage them to visit Aster Medical Travel on (https://astermedicaltravel.ae) for more details on how we handle their Personal Data.

n) Modifications to this Privacy Notice

The website Privacy Notice and terms & conditions would be changed or updated occasionally to meet the requirements and standards. Therefore, customers are encouraged to frequently visit these sections in order to be updated about the changes on the website. Modifications will be effective on the day they are posted and the date of this Privacy Notice of when it was last updated will appear at the top of this document.

o) Contact Us

If you have any questions regarding this Privacy Notice, you may contact our Group Data Protection Officer:
DPO Details: Privacy@asterdmhealtcare.com
Contact No.: +971565037221

Or you can write to us/post at:
The Data Protection Officer
Aster DM Healthcare Limited.
Official Address: 33rd Floor – Aspect Tower, Business Bay, P.O. Box: 8703 – Dubai – U.A.E

If you have any questions, concerns, or complaints regarding our compliance with the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by data protection laws.