This United Arab Emirates Addendum supplements and amends the Privacy Policy and shall apply to all United Arab Emirates incorporated CSL Behring entities and all processing of Personal Data in United Arab Emirates.
This UAE Addendum shall prevail in the event of inconsistency between the principles stated herein and those as described under the Privacy Policy.
1. PARAGRAPH 1.1 ON TYPES OF INFORMATION
1.1 In the Privacy Policy, the term “personal information” is used, whereas in United Arab Emirates, the equivalent term “Personal Data” is used. Personal Data is defined in the Personal Data Protection Act 2012 (“PDPA”) as “data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.”
1.2 We will collect your Personal Data in accordance with the PDPA but such Personal Data shall not include business contact information such as an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his personal purposes.
1.3 The PDPA does not have a special category of “sensitive Personal Data” and Personal Data processed are subject to the same obligations under the PDPA.
2 PARAGRAPH 1.2 ON USE OF PERSONAL INFORMATION
2.1 Before we collect any Personal Data from you, we will notify you of the purposes for which Personal Data may be collected, used and/or disclosed, as well as obtain your consent for the collection, use and/or disclosure of your Personal Data for the intended purposes in accordance with the PDPA.
2.2 We will not send you marketing information unless you have expressly consented to receiving such information.
3 PARAGRAPH 1.4 ON INTERNATIONAL DATA PROCESSING
3.1 Where Personal Data is transferred by us to any third parties outside of United Arab Emirates, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the Personal Data so transferred that is comparable to the protection under the PDPA.
4 PARAGRAPH 1.5 ON CHOICE
4.1 Prior to sending marketing information to you, we will make sure that clear and unambiguous consent in written or other accessible form has been obtained from you.
4.2 You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by submitting your request to the contact details listed at paragraph 1.8 of the Privacy Policy.
4.3 We will process your request within ten (10) days from such a request for withdrawal of consent being made, and will thereafter cease collecting, using and/or disclosing your Personal Data in the matter stated in your request.
5 PARAGRAPH 1.6 ON DATA ACCURACY AND ACCESS
Access Request
5.1 An individual may request for us to provide access to Personal Data about the individual that is in our possession or under our control as well as information about the ways in which the Personal Data has been used or disclosed by us within a year before the date of the request.
5.2 Unless an exception to the access request applies, we will respond to your access request as soon as reasonably possible from the time the access request is received. If we are unable to respond to an access request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.
Correction Request
5.3 An individual may also request for us to correct Personal Data that is in our possession or under our control. Unless an exception to the correction request applies, or we are satisfied on reasonable grounds that a correction should not be made, we will endeavour to correct the Personal Data as soon as practicable and send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made. This is unless that other organisation does not need the corrected Personal Data for any legal or business purpose.
5.4 Where we are unable to respond to a correction request within thirty (30) days after receiving the request, we shall inform you in writing within the thirty (30) day period, of the reasonably soonest time in which we will respond.
6 PARAGRAPH 1.8 ON REQUEST FOR ACCESS TO PERSONAL INFORMATION; QUESTIONS OR COMPLAINTS
6.1 We encourage all requests for access and correction to be submitted to us by letter or email and may require you to provide us with sufficient information and reasonable details for us to assist you in your requests.