Contact
Data Protection

GDPR & Data
Protection Policy

This policy explains how Alpha Health Group collects, processes, stores and protects personal data in full compliance with the EU General Data Protection Regulation (GDPR) and UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL).

Effective: 1 January 2025 Last Reviewed: June 2026 Applies: UAE & Global

Alpha Health Group is committed to protecting your privacy. This policy applies to all personal data processed through our website, consultancy services, and client engagements. Please read it carefully.

Section 1

Data Controller

The data controller responsible for your personal information is:

  • Company Name: Alpha Health Group
  • Address: UAE (registered offices in Abu Dhabi & Dubai)
  • Email: info@alphahmc.com
  • Phone: +971 4 272 4064

For all data protection enquiries or to exercise your rights, please contact our Data Protection Officer (DPO) at dpo@alphahmc.com.

Section 2

Personal Data We Collect

We may collect and process the following categories of personal data:

Identity & Contact Data
  • Full name, job title, and employer / facility name
  • Email address, telephone number, and postal address
Professional & Engagement Data
  • Details of your healthcare facility (type, size, licensing status)
  • Correspondence, inquiries, and service requests submitted to us
  • Records of training, accreditation, or consultancy projects
Technical & Usage Data
  • IP address, browser type, and device information
  • Pages visited, time spent on site, and referral source
  • Cookie identifiers and session tokens (see Section 9)
Marketing Preferences
  • Your preferences for receiving communications from us
  • Responses to surveys and feedback forms

We do not collect or process special category data (e.g., health records, biometric data, racial or ethnic origin) through this website. Consultancy engagements may involve de-identified or aggregated facility data only, governed by separate contractual terms.

Section 3

Lawful Basis for Processing

Under GDPR Article 6, we rely on the following lawful bases:

  • Consent (Art. 6(1)(a)): Where you have freely given, specific, and informed consent — e.g., subscribing to our newsletter.
  • Contract (Art. 6(1)(b)): Processing necessary to perform a contract with you, or at your request prior to entering a contract.
  • Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with UAE regulatory or GDPR obligations.
  • Legitimate Interests (Art. 6(1)(f)): To maintain and improve our website, prevent fraud, and communicate professionally with existing clients. We have balanced our interests against your rights and confirmed these do not override your fundamental freedoms.
Section 4

How We Use Your Personal Data

We use collected data for the following purposes:

  • Responding to service inquiries and providing consultancy proposals
  • Delivering contracted healthcare management and accreditation services
  • Sending relevant healthcare industry updates, insights, and newsletters (with consent)
  • Administering, maintaining, and improving our website and digital services
  • Complying with UAE DOH, DHA, MOH licensing, and other regulatory requirements
  • Conducting analytics to understand how our services are used and improve them
  • Preventing fraudulent or unauthorised activity

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason compatible with the original purpose and the law permits this.

Section 5

Sharing Your Personal Data

We do not sell, rent, or trade personal data. We may share data with:

  • Service Providers: IT hosting, CRM, email delivery, and analytics providers acting as data processors under binding contracts.
  • Regulatory Authorities: UAE government bodies (DOH, DHA, MOH, HAAD) where required by law or licensing.
  • Professional Advisers: Legal, accounting, or insurance advisers under strict confidentiality obligations.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred; we will notify affected individuals in advance.

All third parties are required to respect data security and process personal data only for specified, lawful purposes.

Section 6

International Data Transfers

Your data is primarily stored and processed in the UAE. Where data is transferred outside the UAE or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • UAE PDPL Article 22 transfer requirements
Section 7

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements.

  • Website enquiries: 2 years from last contact
  • Contractual / client records: 7 years from project completion (UAE commercial law)
  • Newsletter / marketing: Until consent is withdrawn or 3 years of inactivity
  • Website analytics (cookies): Up to 13 months

Upon expiry, data is securely deleted or anonymised. You may request early deletion subject to legal obligations — see Section 8.

Section 8

Your Data Subject Rights

Under GDPR and the UAE PDPL, you have the following rights regarding your personal data. Requests are free of charge and responded to within 30 days.

Right of Access

Request a copy of the personal data we hold about you and information on how it is processed.

Right to Rectification

Ask us to correct inaccurate or incomplete personal data without undue delay.

Right to Erasure

Request deletion of your personal data where there is no compelling reason for its continued processing.

Right to Restriction

Ask us to suspend processing your data in certain circumstances — e.g., while accuracy is contested.

Right to Portability

Receive your data in a structured, machine-readable format and transmit it to another controller.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes at any time.

Withdraw Consent

Where processing relies on consent, you may withdraw it at any time without affecting prior lawful processing.

Right to Complain

Lodge a complaint with your local supervisory authority (e.g., UAE TDRA or EU lead supervisory authority).

Section 9

Cookies & Tracking Technologies

Our website uses cookies to distinguish you from other users, enhance your experience, and analyse traffic. We use:

  • Strictly Necessary Cookies: Essential for site functionality (session management, security). Cannot be disabled.
  • Performance / Analytics Cookies: Google Analytics to understand usage patterns (anonymised IP). Require consent.
  • Functional Cookies: Remember your preferences (language, region). Require consent.
  • Marketing Cookies: Used to deliver relevant advertisements. Require consent.

You can manage cookie preferences via the cookie consent banner displayed on your first visit, or through your browser settings. Note that disabling certain cookies may affect site functionality.

Section 10

Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:

  • TLS/SSL encryption for all data in transit
  • Encryption of sensitive data at rest
  • Role-based access controls and least-privilege principles
  • Regular security assessments and penetration testing
  • Staff data protection training and confidentiality agreements
  • Incident response plan with 72-hour breach notification (GDPR Art. 33)

Despite these measures, no internet transmission is completely secure. If you suspect a security incident, please notify us immediately at security@alphahmc.com.

Section 11

Children's Personal Data

Our services are directed exclusively at healthcare professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data from a minor has been collected without appropriate consent, we will delete it promptly.

Section 12

Policy Updates

We review this policy at least annually and whenever significant changes occur in our data processing activities or applicable law. Material changes will be communicated by:

  • Posting a notice on this page with the updated effective date
  • Email notification to registered users where the change materially affects their rights

We encourage you to review this page periodically. Your continued use of our services after a policy update constitutes acceptance of the revised terms.

Section 13

Contact & Complaints

To exercise any of your rights, submit a data subject request, or raise a concern, please contact our Data Protection Officer:

  • Email: dpo@alphahmc.com
  • Post: Data Protection Officer, Alpha Health Group, UAE
  • Response time: Within 30 calendar days

If you are not satisfied with our response, you have the right to lodge a complaint with:

  • UAE: Telecommunications and Digital Government Regulatory Authority (TDRA)
  • EU/EEA: The supervisory authority in your EU member state of residence

Questions About Your Data?

Our Data Protection Officer is ready to assist you with any enquiries, requests, or concerns about how we handle your personal information.

Email the DPO Contact Us