GDPR Policy

GDPR Compliance Statement for The Emirates Medical Review

Last Updated: August 02, 2025

1. Introduction and Commitment to GDPR

The Emirates Medical Review (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of our users. This GDPR Compliance Statement outlines our commitment and adherence to the principles and requirements of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This policy applies to all users of our website, https://www.theemiratesmedicalreview.com (the “Site”), particularly to individuals residing in the European Economic Area (EEA). Our goal is to ensure that you feel secure when visiting our Site and to provide transparency regarding how we collect, process, and protect your Personal Data.

For more comprehensive details about our data handling practices, please refer to our main Privacy Policy. This document serves as a specific addendum to address GDPR requirements.

2. Our Role: Data Controller

For the purposes of the GDPR, The Emirates Medical Review is the Data Controller for the personal information we collect from our users in connection with our Site. This means we are responsible for deciding how and why your Personal Data is processed.

If you have any questions about our role as a Data Controller or how we handle your data, please contact our Data Protection Officer at dpo@namebangla.com.

3. What Personal Data We Collect and Why

We collect Personal Data only for specified, explicit, and legitimate purposes. We do not process your data in any manner that is incompatible with these purposes. The types of data we collect and our legal basis for doing so are outlined below:

  • Usage Data:
    • Data Collected: IP address, browser type, device type, pages visited, time spent on pages.
    • Purpose: To analyze site traffic, improve user experience, enhance security, and ensure the proper functioning of our Site.
    • Legal Basis (GDPR Art. 6(1)(f)): Legitimate Interest. It is in our legitimate interest to understand how our users interact with our Site to improve our services and to maintain a secure environment.
  • Contact Data (via Contact Forms or Email):
    • Data Collected: Name, email address, and any other information you voluntarily provide in your message.
    • Purpose: To respond to your inquiries, feedback, or support requests.
    • Legal Basis (GDPR Art. 6(1)(a)): By contacting us, you consent to us using your data to process your request.
  • Newsletter Subscription Data:
    • Data Collected: Email address.
    • Purpose: To send you newsletters, updates, and other marketing communications that you have requested.
    • Legal Basis (GDPR Art. 6(1)(a)): You provide explicit consent when you subscribe to our newsletter, and you can withdraw this consent at any time.
  • Cookie Data:
    • Data Collected: Information stored in cookies as described in our Privacy Policy.
    • Purpose: For functionality, analytics, and serving personalized advertisements.
    • Legal Basis (GDPR Art. 6(1)(a)): We request your consent via our cookie banner before placing non-essential cookies on your device.

4. Your Rights as a Data Subject under GDPR

If you are an individual residing in the EEA, the GDPR grants you specific rights regarding your Personal Data. We are fully committed to upholding these rights. You have:

  • The Right to Be Informed: The right to know how your data is being collected and used. This policy serves this purpose.
  • The Right of Access (GDPR Art. 15): The right to request a copy of the Personal Data we hold about you.
  • The Right to Rectification (GDPR Art. 16): The right to have inaccurate or incomplete Personal Data corrected.
  • The Right to Erasure / “Right to be Forgotten” (GDPR Art. 17): The right to request the deletion of your Personal Data where there is no compelling reason for its continued processing.
  • The Right to Restrict Processing (GDPR Art. 18): The right to block or suppress the processing of your Personal Data in certain circumstances.
  • The Right to Data Portability (GDPR Art. 20): The right to request that we move, copy, or transfer your Personal Data to another service in a structured, commonly used, and machine-readable format.
  • The Right to Object (GDPR Art. 21): The right to object to the processing of your Personal Data, for example, for direct marketing purposes.
  • Rights in Relation to Automated Decision Making and Profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact our Data Protection Officer at dpo@namebangla.com. We will respond to your request within one month, as required by law. We may need to verify your identity before processing your request.

5. Data Transfers Outside the EEA

As a global publication, your data may be processed by service providers located outside the European Economic Area (EEA). For example, our web hosting servers or third-party analytics providers (like Google Analytics) may be based in the United States.

When we transfer your Personal Data outside the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. These are known as Standard Contractual Clauses (SCCs).

For providers based in the US, we may transfer data to them if they are part of the EU-U.S. Data Privacy Framework, which requires them to provide similar protection to personal data shared between Europe and the US.6. Data Security and Breach Notification

We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. These measures include encryption, access controls, and regular security assessments.

In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with our legal obligations under GDPR Article 33 and 34.

7. Data Retention

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention periods for different types of data are detailed in our main Privacy Policy.

8. Children’s Data

Our Site is not intended for children, and we do not knowingly collect data relating to children under the age of 16. If we become aware that we have collected Personal Data from a child without verification of parental consent, we take steps to remove that information from our servers.

9. Third-Party Links and Advertising

Our Site features third-party advertising (e.g., Google Ad Exchange) and links to other websites. Our GDPR policy does not cover the data practices of these third parties. We encourage you to read their privacy policies to understand how they collect and use your data. For information on how to opt-out of personalized advertising, please visit the ad settings of the respective provider (e.g., Google’s Ad Settings).

10. How to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your data (e.g., for newsletters or cookies), you have the right to withdraw that consent at any time.

  • Newsletters: You can unsubscribe by clicking the “unsubscribe” link at the bottom of any email we send you.
  • Cookies: You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings.

Withdrawing consent will not affect the lawfulness of any processing carried out before you withdrew your consent.

11. Contacting Us and Your Right to Complain

If you have any questions about this GDPR Policy or wish to exercise your rights, please contact our Data Protection Officer:

  • Email: dpo@namebangla.com

You also have the right to lodge a complaint at any time with a supervisory authority. The relevant supervisory authority would typically be the data protection authority of the EU member state where you reside. However, we would appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.