Compliance

GDPR Terms & Conditions

Our commitment to data protection aligns with the General Data Protection Regulation (GDPR). This page outlines how we uphold your rights when processing personal data within the Udenz TPA platform.

1. Definitions

GDPR refers to Regulation (EU) 2016/679 governing the protection of personal data across the European Union and European Economic Area. Personal Data means any information relating to an identified or identifiable natural person.

2. Data Controller & Data Processor

Udenz TPA may act as both Data Controller and Data Processor. As a Data Controller we determine the purpose and means of processing. As a Data Processor we process data on behalf of our users who remain the controllers for the information they provide.

3. Lawfulness of Processing

We process personal data in line with the principles of lawfulness, fairness, and transparency. Lawful bases include contractual necessity, compliance with legal obligations, legitimate interests, and, where appropriate, explicit consent.

When consent is required, it is obtained in clear and specific terms. Individuals may withdraw consent at any time without affecting the lawfulness of prior processing performed under that consent.

5. Rights of Data Subjects

We support the full range of GDPR rights, including access, rectification, erasure, restriction, objection, data portability, and protection from automated decision-making. We respond to verified requests in line with GDPR timelines.

6. Data Security

Technical and organisational safeguards are in place to maintain confidentiality, integrity, and availability of personal data. We routinely assess, test, and improve our controls to mitigate risk.

7. Data Transfers

Personal data may be transferred outside the EEA for processing or storage. In such cases we rely on approved safeguards, including Standard Contractual Clauses or recognised adequacy mechanisms.

8. Data Breach Notification

If a breach occurs that risks individuals' rights and freedoms, we promptly notify the relevant Data Protection Authority and affected individuals as required by the GDPR.

9. Data Retention

Personal data is retained only as long as necessary to fulfil the purposes for which it was collected or to satisfy legal requirements. On request or service termination we securely delete or anonymise the data in accordance with applicable laws.

10. Third-Party Processors

We may engage carefully vetted processors to support our services. Each partner must adhere to GDPR standards and provide sufficient guarantees for the protection of personal data.

11. Updates

These terms may change as our services evolve or regulations are updated. Continued use of Udenz TPA indicates acceptance of any revisions, which will always be reflected on this page.

12. Contact

For questions about GDPR compliance or data processing, contact us at support@udenz.ae. Using our services confirms that you have read and agree to these GDPR Terms & Conditions.