At Alora Health Premier, we are committed to the highest standards of data protection and clinical integrity. This policy outlines how we manage information in accordance with the UK GDPR and relevant regulations in the GCC region (KSA, UAE).

​

1. Data Minimisation & Sovereignty

​

Our consultancy model is built on "Privacy by Design." To ensure maximum security:

• Anonymised Data: We perform governance audits using documents where patient and staff identifiers have been redacted by the client.

• Remote Access: When accessing client systems, we utilise secure remote protocols. No sensitive clinical data is downloaded or stored on our local infrastructure in the UK.
   

2. Information We Collect

​

We collect minimal personal data, primarily for business communication:

• Contact Information: Name, professional email, and job title of client representatives.

• Technical Data: IP addresses and cookies used for website analytics to improve user experience.
   

3. Purpose of Processing

​

We process data to:

• Deliver Clinical Decision Governance services and implement The Safety Shield™.

• Communicate regarding project milestones and Decision Authority Matrix (DAM) design.

• Comply with our legal obligations as a UK-registered business.
   

4. Security & Compliance
 

• ICO Registration: We are registered with the UK Information Commissioner’s Office (ICO).

• Cyber Security: Our operations align with the UK Cyber Essentials standards, including mandatory Multi-Factor Authentication (MFA) and encrypted communications.
   

5. Your Rights

​​