PREGGY CHECK GLOBAL PRIVACY POLICY

Effective Date: July 2025

Review Date: December 2026

1. DEFINITIONS

The following words or phrases shall have the meaning next to them:

1.1. "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data;

1.2. "Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data;

1.3. "Data Controller" as defined in the PDPL and GDPR, means the entity that determines the purposes and means of processing personal data. As defined in the POPI Act, means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means of processing personal information;

1.4. "Data Subject" means the individual to whom personal data belongs;

1.5. "Data Processor" means a third party that processes data on behalf of the controller or responsible party under a contractual agreement;

1.6. "Personal Data / Personal Information":

• 1.6.1. As defined in UAE PDPL, means any data relating to an identified natural person or an identifiable natural person, directly or indirectly;
• 1.6.2. As defined in GDPR, means any information relating to an identifiable, living natural person ('data subject')
• 1.6.3. As defined in POPIA, means information relating to an identifiable, living natural person, and where applicable, an identifiable, existing juristic person.

1.7. "Processing" means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, restriction, or destruction;

1.8. "Special Category Data / Special Personal Information" means any data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, or data concerning sex life or sexual orientation;

1.9. "Users" shall refer to any natural person who accesses, browses, registers, downloads, interacts with, or otherwise utilizes any part of PreggyCheck™ platform, including the website, mobile application, affiliated digital services, or communication tools (such as WhatsApp or email). This includes pregnant individuals, caregivers, healthcare professionals, and any other individuals engaging with the platform's content, tools, or services, whether on a registered or anonymous basis.

2. INTRODUCTION

PreggyCheck™ ("PreggyCheck", "we", "us", or "our") is a UAE registered digital health company dedicated to providing personalized maternal care through innovative technologies. This Global Privacy Policy outlines how we collect, use, store, and share your personal information when you interact with our website, mobile application, services, and affiliated platforms.

We are committed to protecting your privacy and complying with the relevant data protection laws in the jurisdictions where our Users reside, including:

• United Arab Emirates: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
• South Africa: Protection of Personal Information Act, 4 of 2013 (POPIA).
• European Union and United Kingdom: General Data Protection Regulation (GDPR) and UK DGPR.
• Other jurisdictions: As applicable in the countries where our services are offered.

3. SCOPE

This policy applies to all individuals who access or use PreggyCheck's™:

• Website (https://www.preggycheck.com)
• Mobile application(s)
• Digital platforms, integrations, and communications (including WhatsApp, email, and telehealth platforms).

4. WHAT DATA WE COLLECT

We may collect the following categories of data:

4.1. Identity & Contact Information

• Full names
• ID/passport number
• Date of birth
• Email address
• Phone number
• Physical address

4.2. Health Data (Special Category Data)

• Pregnancy-related health metrics (e.g. blood pressure, symptoms, test results)
• Pregnancy history and timeline
• Medication and treatment inputs

4.3. Technical & Usage Data

• Device identifiers
• IP address and geolocation
• Mobile device data
• Browser and Operating System (OS) data
• Usage logs, session history

4.4. Voluntary Submitted Data

• Reviews
• Survey responses
• Support queries and user-generated content

5. LEGAL BASIS FOR PROCESSING

We rely on several lawful bases to process personal data, depending on the nature of the data and the specific legal requirements in each jurisdiction where our Users reside.

In the United Arab Emirates (UAE) under the PDPL, we process person data when:

• You have given us clear consent.
• Processing is necessary for the performance of a contract with you.
• We are required to comply with legal obligations.
• The processing protects your vital interests or those of another person.
• We have legitimate interest that does not override your privacy rights.

Under the European Union and United Kingdom GDPR, we process personal data on similar grounds:

• Based on your explicit and informed consent.
• When it is necessary to perform a contract with you.
• When there is a legal obligation.
• To protect vital interests in urgent health scenarios.
• Where legitimate interests exist, provided these do not infringe on your fundamental rights.

Under the South African's POPI Act, we rely on:

• Your consent to process personal information.
• The necessity of processing to carry out a contract.
• Legal obligations we must comply with.
• The need to protect a legitimate interest of you or another person.

For all jurisdictions, processing of health-related or special category data (such as pregnancy-related information) will only be done with your explicit consent, unless an exception under law applies (such as vital interest or public health requirements).

6. HOW WE USE YOUR DATA

• We use your data or personal information to:
• Deliver personalized maternal health guidance.
• Operate our website and mobile application.
• Communicate reminders, updates, and support.
• Improve and optimize service offerings.
• Comply with legal and regulatory obligations.

7. SHARING OF PERSONAL DATA

We do not sell your personal data. We may share data with:

• Trusted service providers under strict data protection agreements.
• Healthcare professionals or partners (only with consent).
• Regulatory authorities or courts when legally required to do so.

8. CROSS-BORDER TRANSFERS

Given our cloud-based operations, personal data may be processed or stored in countries outside your own. These may include, but not limited to these countries:

• UAE PDPL: We apply contractual clauses to ensure data protection.
• DGPR/UK GDPR: We use Standard Contractual Clauses (SCCs) approved by the EU Commission.
• POPIA: Transfers are based on adequate protection measures.

You may request a copy of applicable transfer safeguards by contacting us.

9. DATA SECURITY

We implement industry-standard security practices:

• SSL encryption of data in transit.
• Role-based access controls.
• Secure authentication and password protocols.
• Regular penetration tests and system audits.
• Data backup and recovery mechanisms.

10. DATA RETENTION

We retain your personal data for no longer than is necessary for the purposes for which the data was collected and processed, including:

• As long as your account is active or as needed to provide you services.
• As required to comply with legal obligations (e.g., statutory record-keeping).
• For resolving disputes and enforcing our agreements.
• For a maximum of 5 years after account inactivity unless jurisdictional laws require longer retention.

Health-related or special category data may be retained for longer where:

• Required for legal or clinical purposes (e.g., health advisory follow-ups).
• You have explicitly consented to ongoing retention.

Once the retention period expires, data is securely deleted or irreversibly anonymized. You may also request deletion earlier under applicable laws.

11. YOUR RIGHTS

Depending on the data protection laws applicable to your jurisdiction, you may have the right to:

11.1. In the UAE under PDPL:

• Access your personal data and obtain details on how it is processed.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data in certain cases.
• Object to specific processing activities.
• Request data portability to another service provider.
• Lodge a complaint with the UAE Data Office.

11.2. In the European Union and UK under GDPR/UK GDPR:

• Access the personal data we hold about you.
• Request correction or completion of data.
• Request deletion under the "right to be forgotten."
• Restrict or object to processing.
• Request portability of your data.
• Lodge a complaint with your national data protection authority.

11.3. In South African under POPIA:

• Access a copy of your personal information.
• Request corrections or deletion of data.
• Object to the processing of your personal information.
• Lodge a complaint with the Information Regulator.

To exercise any of you rights contained herein, contact privacy@preggycheck.com

12. CHILDREN'S DATA

PreggyCheck™ does not knowingly collect data from children under the age of 16 without parental consent. If you believe we have collected such data, please contact us immediately.

13. DATA BREACH NOTIFICATION

In the event of a personal data breach:

13.1. Under GDPR and UK GDPR:

• We will notify the relevant supervisory authority within 72 hours and inform affected Users where there is a high risk to their rights and freedoms.

13.2. Under UAW PDPL:

• We will notify the UAW Data Office and the affected data subject if the breach may lead to serious harm.

13.3. Under POPIA:

• We will notify the Information Regulator and affected individuals as soon as reasonably possible.

All breach notifications will include:

• The nature and scope of the breach.
• The categories and number of data subjects affected.
• Possible consequences.
• Mitigation steps taken and recommendations for data subjects.

We maintain a breach response plan and regulatory train staff in breach identification and reporting protocols.

14. UPDATES TO THIS POLICY

We may update this policy from time to time. Changes will be posted on our website and mobile application, and Users will be notified where legally required.

ANNEX "A": SOUTH AFRICA POPIA ADDENDUM

This annex outlines specific provisions applicable to Users located in or accessing PreggyCheck™ from South Africa:

1. "Responsible Party": PreggyCheck™ acts as the responsible party under POPIA when processing personal information of South African Users.

2. Your POPIA Rights:

• Request access to your personal information.
• Request correction or deletion.
• Lodge complaints with the Information Regulator (https://www.justice.gov.za/inforeg/)

3. Local Storage and Processing: Where feasible, data collected in the Republic of South Africa may be stored on local servers or subject to secure cross-border safeguards as per section 72 of POPIA.

4. Compliance Contact: For POPIA-related matters, contact: legal@preggycheck.com