LEGAL
Privacy Policy
Last updated: May 2026 · GDPR & UAE PDPL Compliant
Your privacy matters to us. We never sell your data and are committed to transparent, responsible data handling. Questions? Contact dpo@healthcorebridge.com.
1. Introduction
Healthcore Bridge International Ltd ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you register for our events, use our website, or interact with our services.
We process personal data in accordance with the General Data Protection Regulation (GDPR), the UAE Federal Law No. 45 of 2021 on Personal Data Protection, and other applicable data protection legislation. If you have questions about this policy, contact our Data Protection Officer at dpo@healthcorebridge.com.
2. Data We Collect
We collect the following categories of personal data:
Registration data: Full name, professional title, medical specialty, employing institution, country of practice, email address, phone number, and billing address.
Professional credentials: Medical registration number, CME record identifiers, and accreditation body affiliations (required for CME certificate issuance).
Payment data: Billing details are processed by our payment provider and are not stored on our systems. We retain only transaction references and invoice records.
Event participation data: Session attendance records, assessment results, survey responses, and networking interactions (for accreditation and programme improvement purposes).
Technical data: IP address, browser type, device type, and usage data collected automatically when you use our website or virtual event platform.
3. How We Use Your Data
We use your personal data for the following purposes:
Event management: Processing registrations, issuing access credentials, managing delegate communications, and delivering the event experience.
CME accreditation: Generating and issuing CME certificates, submitting attendance records to accreditation bodies on your behalf, and maintaining CME records in your delegate account.
Communications: Sending event updates, programme changes, post-event surveys, and information about future events relevant to your specialty. You can opt out of marketing communications at any time.
Service improvement: Analysing aggregate attendance data and survey responses to improve our event programmes and digital platforms.
Legal compliance: Fulfilling our legal and regulatory obligations, including financial record keeping and responding to lawful requests from public authorities.
4. Legal Basis for Processing
We process your personal data on the following legal bases:
Contract performance: Processing necessary to fulfil your registration and provide the services you have paid for.
Legitimate interests: Sending relevant professional content and improving our services, where this does not override your rights.
Legal obligation: Maintaining financial and accreditation records as required by law.
Consent: Where we collect optional data or send marketing communications, we rely on your explicit consent, which you may withdraw at any time.
5. Data Sharing
We share your personal data only where necessary and with appropriate safeguards:
Accreditation bodies: We share attendance records with EACCME, AMA, and equivalent bodies solely for the purpose of issuing CME credits.
Event co-organisers: Where events are co-organised with a partner institution, limited delegate data is shared under a data sharing agreement.
Service providers: We use third-party providers for payment processing, email delivery, and virtual event platforms. All providers are contractually bound to handle your data only as instructed.
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
6. International Data Transfers
As a global organisation, we may transfer your personal data to countries outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.
Our primary data centres are located in the European Union and United Arab Emirates. Virtual event platform data is processed in accordance with the platform provider's data processing agreements.
7. Data Retention
We retain your personal data for as long as necessary to provide our services and fulfil our legal obligations:
Registration and CME records are retained for 10 years to support professional revalidation requirements.
Financial records are retained for 7 years in accordance with UAE and UK accounting regulations.
Marketing preferences and opt-out records are retained indefinitely to respect your choices.
You may request deletion of data that is no longer required. Note that deletion may affect your ability to access historical CME records.
8. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you. Correction: Request correction of inaccurate or incomplete data. Erasure: Request deletion of your data where it is no longer necessary. Portability: Receive your data in a structured, commonly used format. Objection: Object to processing based on legitimate interests. Restriction: Request that we restrict processing in certain circumstances.
To exercise these rights, contact dpo@healthcorebridge.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include 256-bit SSL encryption for data transmission, access controls limiting data access to authorised personnel only, regular security assessments, and incident response procedures.
In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority in accordance with legal timelines.
10. Contact
For privacy-related enquiries, to exercise your rights, or to raise a complaint, contact our Data Protection Officer:
Email: dpo@healthcorebridge.com Post: Data Protection Officer, Healthcore Bridge International Ltd, India
This policy was last updated in May 2026. We may update this policy periodically and will notify registered users of material changes.