GDPR Compliance

Updated, August 5, 2023

What is GDPR

The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on May 25, 2018, bringing the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the digital age requirements.

The 21st century brings with it a broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Medical Projects website

Medical Projects is committed to ensuring the security and protection of the personal information that we process and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place that complies with existing laws and abides by data protection principles.

However, we recognize our obligations to update and expand this program to meet the demands of GDPR and Germany’s DSVGO. Medical Projects is dedicated to safeguarding personal information under our remit and developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of and appreciation for the new regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include developing and implementing new data protection roles, policies, procedures, controls, and measures to ensure maximum and ongoing compliance.

Medical Projects already has a consistent level of data protection and security across our organization; however, we aim to comply with GDPR fully. Our preparation has included:

Information Audit 

We are carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.

Policies & Procedures – revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:

Data Protection: Our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand, adequately disseminate, and evidence our obligations and responsibilities.

Data Retention & Erasure: We are reviewing our retention policy and schedule to ensure that we meet the ‘data minimization’ and’storage limitation’ principles and that personal information is stored, archived, and destroyed compliantly and ethically. We have dedicated erasure procedures in place and are aware of when these and other data subjects’ rights apply, along with any exemptions, response timeframes, and notification responsibilities.

Rights of access, correction, erasure, and your duty to inform us of changes

It is essential that the personal information we hold about you is accurate and current, particularly regarding professional data and contact details. Please let us know if your personal information changes while using our website. We may contact you periodically to update your details.

Your rights in connection with personal information

Under certain circumstances, by law, you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• You can request corrections to the personal information we hold about you. This enables you to have any incomplete or inaccurate information corrected.
• Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information if you have exercised your right to object to its processing (see below).
• You have the right to object to processing your personal information where we rely on a legitimate interest (or those of a third party) and something about your particular situation makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request a restriction on the processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.

If you wish to review, verify, correct, or request the erasure of your personal information, object to processing your personal data, or request that we transfer a copy of your personal information to another party, please contact us by email.

What may we need from you?

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone with no right to receive it.

Right to withdraw consent.

In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by email.

Should you have any questions about how we process your personal data, please read our Privacy Policy or feel free to contact us using any of the details below.

Mahara Consultancy

7731 Al Hawary Rd.

Riyadh, Saudi Arabia

Phone: +966504102940

WhatsApp: +966504102940

email: [email protected]