Privacy Policy

Collection and Use of personal information

  • 1 Individual should be made aware about what identifiable and non-identifiable information is being collected while they are utilizing or accessing DXH services. Individuals must be told what their personal information will be used for.
  • 2 For example:
    • To keep a record of registered users.
    • To allow DXH to customize services based on users preferences.
    • To collect internal statistics that help us serve the users better.
    • To contact users in order to provide DXH news or information regarding up-coming events, or any other information user may have requested.
  • 3 Personal information shall be processed lawfully, fairly and in a transparent manner.
  • 4 The personal information for each individual is collected for a specified and legitimate purpose and will be used solely for the intended purpose.
  • 5 Personal information adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Concept of data anonymization shall be adopted where appropriate.
  • 6 Information collected using cookies on websites or accessing mobile device features should be made transparent to the individual.
  • 7 DXH shall not share e-mail addresses submitted by a user through DXH’s website .

 

Access and Security of Personal Information

  • 1 DXH shall implement appropriate steps to protect the personal information users share with DXH using various technology and security features that safeguard the privacy of user’s personal information.
  • 2 For safe transfer of information, DXH shall employ electronic, material and legal protection measures to maintain confidential information.
  • 3 Personal information shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  • 4 Captured Information shall be encrypted and stored. DXH shall use encryption methods to protect information, which is deemed sensitive, or any other data that should remain secure to meet federal, Local or DXH’s legal requirements.
  • 5 Access to personal information is granted to staff only where this is necessary for work purposes and staff must only access personal information if there is a work related reason for this.
  • 6 To protect confidentiality of Personal Information, it shall be only available on ‘Need to know’ basis to the staff, contractors, or third parties. Staff (including contractors) must not disclose personal information to individuals or organisations outside DXH who does not need to know. Disclosure refers to release of personal information to another entity.
  • 7 There are some limited circumstances in which personal information may be disclosed without breaching personal privacy. These circumstances include the following:
    • • where there is appropriate documentary evidence that individual has agreed to disclosure.where there is appropriate documentary evidence that individual has agreed to disclosure.
    • • where a privacy notice given at the point of collection advises the individual about the usual practices for disclosure
    • • where disclosure is required or authorised by law (for example, court order or subpoena, legislative obligation to disclose)
    • • where disclosure is necessary to manage or lessen a serious threat to a person’s life, health, safety or welfare, or to public health, safety or welfare
    • • where disclosure is necessary for investigation or enforcement of criminal matters or other law enforcement matters.

 

Privacy Notice and Consent

  • 1 An appropriate privacy notice (statements) must be provided when collecting information directly from an individual. Individual should provide his consent for collecting his personal information.
  • 2 Privacy notice shall be in simple language without technical jargons included in it.
  • 3 Privacy notices will address the below details :
    • a) Boundaries of applicability of the ‘Privacy Notice’ shall be limited to DXH.
    • b) Individual user shall be informed about the consequence of accessing external website though the link is provided at the DXH’s website in context. Users shall be encourage to read the third party privacy policies before providing personal information. DXH will not accept responsibility or liability for any harm or loss incurred as a result of surfing other website.
    • c) What personal data is collected and purpose of collection,
    • d) What are the processing activites that are performed on personal data and why,
    • e) Are data transferred involved, and who are the third parties who receive data,
    • f) Who can be contacted for more information, normally a DXH representative who could be reached out by individual to raise his/her concerns,
    • g) How is personal data protected, explaining organizational or technical measures in place at a very high level
  • 4 Personal information of individual is never shared, sold or transferred to any external parties unless explicit consent is obtained, or it is required by law to protect DXH rights or properties.
  • 5 Individual should be asked to provide consent if their personal data is being processed outside of a legitimate purpose that the individual has been informed to or agreed to.
  • 6 Consent must be obtained from the individual before collecting and processing his/her personal information.
  • 7 Consent must be asked explicitly for a clear purpose and must be given freely. Consent requires clear and affirmative action from the individual.
  • 8 The language of consent should be easy, explicit, clear, and unambiguous.
  • 9 Consent must be recorded for future reference. Individual shall be allowed to withdraw his/her previously given consent at any point in time.

 

Breach of Privacy

 

  • 1 The Privacy of Information and use of Electronic means needs to be enforced under the Federal Decree No. 5 of 2012 on Combating Cybercrimes.
  • 2 The most common privacy breaches happen when personal information is stolen, lost or improperly destroyed. Breaches may be the result of inadvertent errors or malicious actions by employees, third parties or intruders.
  • 3 When the personal data breach results in a high risk to the rights and freedoms of an individual, DXH authority will report the breach to the concerned authorities and notify the person impacted.
  • 4 The communication to the person shall describe in clear and plain language the nature of the personal data breach.
  • 5 DXH employees (including contractors), and third parties employees shall be reminded not to discuss the incident with those who have no need to know.
  • 6 The breach which involves misuse or inappropriate access to personal information by a staff member may be a breach of the DXH’s Code of Conduct and managed under disciplinary actions policy. Where the matter involves a breach of information security, Information Security Officer shall be involved to assist with responding to and reporting on the complaint.

 

Managing Third parties

  • 1 Any contract or MoU (Memoradum of Understanding) terms which is entered into by the DXH must include appropriate safeguards for protection of personal information.
  • 2 It is the responsibility of the information owner who has delegated authority to enter into contracts and commercial arrangements, to ensure that privacy risks are adequately addressed and that DXH's privacy obligations are appropriately incorporated into the formal terms of the contract where necessary.
  • 3 Third party shall have access to personal information of individual on ‘Need to know’ basis only.

 

Social Media Sites

  • 1 These terms apply to users that interact with DXH’s social media accounts (e.g., Facebook.com, Twitter.com, LinkedIn.com, Instagram etc.) (“Social Media Hosts”). Any suggestions, materials (including without limitation, images, photographs, videos, and sound recordings etc.), ideas or comments submitted to DXH (“Submitted Materials”) shall be deemed as non-confidential. DXH shall ask users of the social media sites to be respectful of the larger community by complying with the terms and policies of each Social Media Host.
  • 2 DXH shall appreciate and encourage users to contribute comments that are respectful and further discussion on our social media sites, but ask that users avoid making comments that might be considered:
    • • Confrontational
    • • Offensive;
    • • Discriminatory;
    • • Profane;
    • • Off-topic;
    • • Spam (i.e., unsolicited promotion of a third-party business);
    • • Misleading; or
    • • Fake.
  • 3 DXH shall reserve the right to remove comments or content on the DXH social media sites that fit into any one of the above categories, or for any other reason, to preserve the integrity of the DXH social media sites. DXH may block further posting on the DXH social media sites by any individual who violates this Privacy Policy. DXH shall claims no liability, in any way, connected to the use of or access to the DXH social media sites. Any comments or content posted by the users do not reflect, in any way, DXH’s opinion.

 

Modifications

  • DXH reserves the right to modify or amend the privacy policy at any time and the effective date will be posted at the beginning of the privacy policy. It is advisable to check the privacy policy on a regular basis for any changes.

 

Accessibility Options

Login

Remember Me

Don't have an account

Hospital Login

Register

Already have an account