Privacy Policy

  1. Introduction:

    • Commitment to Privacy: Orva is committed to user privacy and data protection, adhering to Abu Dhabi’s Department of Health (DOH) standards, including the ADHICS standard, and aligning security controls to GDPR compliance standards.

    • Purpose: This policy outlines how Orva collects, stores, and protects data, ensuring compliance with UAE laws and international regulations, including GDPR.
  2. Data Collection:

    • Types of Data: Orva collects various types of data, including:
    ∙ Health Data: Surgical milestones, timestamps, and case information.
    ∙ PHI: Patient information such as names, MRNs, and medical records.
    ∙ PII: Personal identifiers like Emirates IDs.
    ∙ Application Data: Logins, sessions, and interactions for product improvement.

    • Consent: All data collection is subject to consent requirements, particularly for PHI and audio recordings, ensuring lawful and transparent processing as per GDPR requirements.
  3. Data Usage:

    • Purpose: Data collected by Orva is used for surgical milestone tracking, analytics, and healthcare management.

    • Data Residency: All PHI and PII data remain within the Healthpoint Azure tenant, in compliance with Federal Law No. 2 of 2019 and ADHICS standards.
  4. Data Sharing:

    • Internal Sharing:     Data is shared internally within Healthpoint for surgical coordination and analytics.

    External Sharing: Orva does not transmit PHI or PII outside UAE-approved IP ranges. Non-sensitive data may be shared for product improvements.
  5. Data Security:

    • Encryption:     Orva employs strong encryption for data storage and transmission, ensuring security in transit and at rest.

    Audit: Regular audits ensure compliance with data protection standards and detect potential vulnerabilities, following ADHICS requirements for logging, monitoring, and vulnerability management.
  6. User Rights:

    • Access and Correction:     Users can access, correct, or delete their information by contacting Orva support.

    • Right to be Forgotten: Under GDPR, users have the right to request the deletion of their data. Orva will comply with such requests, provided there are no overriding legal obligations.

    • Data Portability: Users can request to receive their data in a structured, commonly used, and machine-readable format.

    • Consent:     Consent is required for data collection, and users can opt-out of recording functionalities at any time, with clear processes for consent management.
  7. Cookies and Tracking:

    • Usage:     Orva uses cookies for data collection. Users can manage their preferences, with tracking information remaining non-sensitive.

    • GDPR Compliance:     Users are informed about the use of cookies, and explicit consent is obtained before cookies are placed on their devices. Users can withdraw consent at any time.
  8. Updates:

    • Policy Changes:     Orva reserves the right to update the PP. Changes will be communicated to users and made available on Orva's website.
OrvaTerms of ServicePrivacy Policy