Privacy Notice
How VitaPing handles personal information for the UAE website and UAE deployments.
Effective date: 12 July 2026 | Version 1.0 | Regional website: vitaping.ae
Contents
- Who we are
- Scope
- Information we may collect
- Why we use information
- Lawful basis and sensitive information
- Emergency view and access
- Guardians, children and vulnerable people
- TGMNI and secondary use
- Sharing
- Service providers
- International transfers
- Retention
- Security
- Your rights
- Cookies
- Complaints
- Changes
- Contact
1. Who we are
VITAPING LTD, company number 17205180, registered office 23 De Morgan Road, London, England, SW6 2RP, operates the VitaPing website and develops emergency identity products and programmes. Privacy contact: privacy@vitaping.ae. General contact: contact@vitaping.ae.
2. Scope
This notice covers the public website, enquiries, product demonstrations, pilot discussions and, where this notice is expressly presented in-product, the applicable VitaPing account and emergency identity service. A partner organisation may be an independent controller or joint controller for a deployment; its own notice will also apply.
3. Information we may collect
Contact and enquiry details; organisation and role; account and identity details; guardian or nominated-contact details; emergency information selected by the user or authorised guardian; device/product identifiers; activation and access records; incident notes where enabled; support communications; security and diagnostic logs; consent and preference records; and website cookie data. Do not collect a full medical history where a smaller emergency dataset is sufficient.
4. Why we use information
To respond to enquiries; establish and manage accounts; create the user-controlled emergency view; route approved contact or notification actions; support organisation programmes; secure and maintain the service; investigate misuse or incidents; meet legal obligations; evaluate pilots; and conduct separately approved, governed TGMNI work. Marketing is optional and separate from service communications.
5. Lawful basis and sensitive information
VitaPing processes information only for defined purposes and on a lawful basis recognised by applicable law. Consent must be specific and recorded where required. For Dubai healthcare deployments, patient autonomy, consent, access control, least privilege and documented sharing arrangements must be addressed with the deployment partner. Emergency exceptions, direct-care use and secondary use must not be treated as interchangeable. TGMNI secondary use requires separate governance and, where identifiable information is not necessary, anonymous or appropriately de-identified information should be used.
6. Emergency view and access
A product tap or scan may open a limited emergency view. The public/helper view must contain only fields approved for that view. Additional professional or organisation access, if offered, requires an authenticated and authorised route. An activation is not proof that an emergency has occurred. Users and helpers should contact emergency services when appropriate.
7. Guardians, children and vulnerable people
A guardian or authorised representative must have a documented basis to create or manage a profile for another person. VitaPing must use age-appropriate explanations, verify authority proportionately, minimise the data shown and provide a safeguarding/escalation route. Organisation staff must not create informal profiles for children or vulnerable adults without the approved process.
8. TGMNI and secondary use
Emergency identity data does not automatically become TGMNI research or intelligence data. Any secondary use requires a separately defined purpose, lawful basis, institutional governance, data-minimisation and access controls. Identifiable data must not be used where anonymous or appropriately de-identified data is sufficient. TGMNI must not be used for public tracking, underwriting, employment screening or autonomous medical decisions.
9. Sharing
Information may be shared with the user’s chosen contacts; authorised organisation users; service providers acting under contract; emergency or healthcare professionals where a valid route exists; legal advisers, insurers or authorities where required; and approved TGMNI partners only under a separate governance framework. VitaPing does not sell personal health information.
10. Service providers
VitaPing may use hosting, communications, authentication, support, security, analytics and professional-service providers. A current subprocessor list and deployment-specific data-flow description should be made available to contracted organisations. Providers may use information only under VitaPing’s instructions unless they act as an independent controller.
11. International transfers
VitaPing will not state that UAE health data is hosted in the UAE until the production architecture and contracts confirm it. Where a deployment is subject to UAE health-data localisation or authority requirements, compliant hosting and access arrangements must be implemented before production use. Any cross-border access must have a documented legal basis and safeguard.
12. Retention
Recommended production defaults: website enquiries — 24 months after the last meaningful contact; unsuccessful pilot enquiries — 24 months; contracts and financial/business records — 7 years where required; account and emergency profile — while active, then deletion from active systems within 30 days after validated closure, with encrypted backups expiring within 90 days; emergency access logs — 24 months unless a documented deployment or legal requirement specifies another period; security logs — up to 12 months; marketing preferences — until withdrawal plus a minimal suppression record. The system configuration and contracts must match the published schedule before launch.
13. Security
VitaPing applies proportionate administrative, technical and organisational measures, including access control, encryption in transit, encryption at rest where supported, logging, secure development and incident response. Do not claim independent certification, annual audit, penetration testing or end-to-end encryption unless the exact scope is complete and evidenced.
14. Your rights
You may have rights including the rights available under applicable law, which may include access, correction, deletion, restriction or objection, withdrawal of consent where relevant, and the right to raise a complaint with the competent authority. To exercise a right, email privacy@vitaping.ae. VitaPing may verify identity and authority before acting.
15. Cookies
The public website should launch in essential-only mode unless a consent-management platform is implemented. Non-essential analytics or marketing technology must not run before affirmative consent. See the Cookie Policy.
16. Complaints
The competent complaint route depends on the deployment, emirate, sector and the role of each organisation. Contact VitaPing first at the details below; the deployment privacy notice will identify the relevant authority and escalation route.
17. Changes
The notice may be updated when the product, law, providers or processing changes. Material changes affecting registered users should be communicated through an appropriate channel. The page must display an effective date and version.
18. Contact
Privacy: privacy@vitaping.ae
General: contact@vitaping.ae
Registered office: 23 De Morgan Road, London, England, SW6 2RP
Telephone/WhatsApp: +44 7955 565 758 (WhatsApp)
This notice is written for the UAE-facing website. The website is operated by VITAPING LTD in England and Wales. UAE deployments must also comply with the UAE Personal Data Protection Law, applicable health-information legislation and the requirements of the relevant health authority or emirate. Deployment-specific controller/processor roles, hosting, consent and transfer arrangements must be documented before production use.