Privacy Policy

We welcome you to Gstic Medical and our website at www.gsticmedical.com. Gstic Medical takes the protection of personal data very seriously. In the following, we explain which data we collect, process, and use within the framework of our website.

We process your personal data in line with this Privacy Policy and in accordance with Federal Decree-Law No. 45 of 2021 (“Law No. 45”), and the General Data Protection Regulation (GDPR).

Responsible person

The responsible party is

Gstic Medical

Jumeirah Lake Towers,

Cluster G, JBC 1, Office 3801,

Dubai UAE

Web: www.gsticmedical.com

E-mail: info@GsticMedical.com

Phone: +966 (13) 8084640

Our principles

Gstic Medical processes personal data in order to better understand the needs of its customers and thus to be able to improve its services. Personal data will only be used in the specific context of your customer relationship with Gstic Medical to the extent permitted by law or on the basis of your prior express consent.

In particular we are committed to the following key principles:

We protect your privacy and aim to provide you with a service that is tailored to your needs.
Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
You have the right to information and access to your personal data at any time and may request its correction or deletion.
We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with group companies, brand licensees, partners, and other service providers. In this case, their own privacy policies may also apply.
We take all reasonable measures to ensure the security and protection of your data from misuse.
Personal data are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered there.

Your rights

You have the following rights with regard to the personal data concerning you:

Right to information,
Right to rectification,
Right to erasure,
Right to restriction of processing,
Right to object to processing,
Right to data portability.

Where you have given, us consent to process your data, you may withdraw this consent at any time with effect for the future. The lawfulness of the processing of your data until revocation remains unaffected.

To assert your rights or for other data protection concerns, you can contact us at any time.

Legal basis for the processing of personal data

Consent: the individual has given clear consent to process personal data for a specific purpose.
Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

General technical organizational measures

Gstic Medical has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Gstic Medical is protected by physical, technical, and procedural measures that limit access to the information to specifically authorized persons in accordance with this Privacy Policy.

The Gstic Medical website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personal data. These employees are trained in security and privacy practices and treat your information confidentially.

Nonetheless, databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Transmission and disclosure of personal data

In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a web site. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

To provide our website, we use the services of Dreamhost, which processes the data listed below and all data to be processed in connection with the operation of this website (log file when visiting the website) on our behalf.

Data processing in third countries

If we process data in a third country (i.e., outside the United Arab Emirates) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses, in the presence of certifications or binding internal data protection regulations.

Economic analyses and market research

For business reasons and to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our website.

The analyses are carried out for the purpose of business evaluations, marketing, and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarized, i.e., anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are consent, and our legitimate interest. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

Furthermore, based on our business interests, we store information on suppliers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Information in the context of the use of the website

In principle, it is possible to use the Gstic Medical website without providing personal data. When a page of our website is accessed and each time a file is retrieved, access data about this process is stored in a log file. The corresponding log file contains: Your IP address, the page from which the file was requested, the name of the file, the date and time of the request, the amount of data transferred, the access status (file transferred, file not found, etc.), a description of the type of operating system and web browser used. The stored data does not allow any conclusions to be drawn about your identity and is evaluated exclusively for statistical purposes.

The collection and processing of this data is carried out in order to enable the use of the website at all, on the basis of our legitimate interest, whereby our legitimate interest is the provision of our website. Incidentally, we store this aforementioned data, including the IP addresses, only in anonymized form and use it only in this anonymized form to analyze the use of the offer and the further development and optimization of our website in your interest, also on the basis of our legitimate interest. Our legitimate interest is the ongoing improvement of our online offer in order to provide you with the greatest possible user comfort.

Contacting Us

If you contact us, send us general enquiries, the contact details you provide, will be stored, and used by us to fulfil the purpose associated with the transmission, e.g., to process your enquiry or in the event of follow-up questions.

The basis for this storage and use of your personal data is your consent, which you give us separately before sending the request. Insofar as you provide us with your personal data for the purpose of responding to your questions or preparing a quotation, the entry of personal data is required as without this information, we cannot process your request.

You have the right to revoke your consent to the data processing described above at any time with effect for the future. In this case, we will no longer process your data. Your personal data will be deleted even without your revocation in any case if we have processed your request or if the storage is inadmissible for other legal reasons.

Non-existence of automated decision making

We would like to point out that in the course of using our website and the services offered on it, you will not be subject to any decision based exclusively on automated processing – including or similarly significantly affects you.

Cookies

During the use of our website, so-called “cookies”, small text files, are stored on your computer. Such cookies register information about your computer’s navigation on our website (pages selected, day, time and duration of use, etc.).

For further information on cookies in general, please visit www.allaboutcookies.org and for further details on the cookies we use, please refer to our Cookie Policy.

Storage period and deletion of data

Even without a specific request, we naturally comply with our obligations to delete personal data (e.g., in accordance with Law No. 45, and the GDPR) and therefore only store data for as long as is necessary for the provision of the requested service or the respective purpose.

Please note, however, that the deletion will be replaced by a blocking or restriction of processing insofar as a deletion conflict with legal retention obligations that we must fulfil. For example, according to the legal regulations in the UAE`s Commercial Laws, we must retain contract-related communications with you in connection with subscription orders for a period of up to ten years.

External Links

Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

Changes to this Privacy Policy

Gstic Medical will review and revise this Privacy Policy from time to time as appropriate, for example, due to new technical developments or changes in case law or in our business operations. Therefore, we recommend that you review this Privacy Policy from time to time to ensure that you are aware of how Gstic Medical collects, processes, and uses data.

Further Information

If you have any questions or comments about our Privacy Policy or would like to exercise your rights under applicable law, please contact us at the following details: