Privacy Policy

1. Data Controller Identity

The data controller responsible for your personal data is The Reach Foundation, operating within the United Arab Emirates. For any data protection inquiries, you may contact us at reach@drhisham.com.

2. Information We Collect

When you submit an application or inquiry through our portal, we may collect the following categories of personal data:

• Identity Data: Full name, contact information (email, phone number), and location
• Educational Data: GPA, university, major, year of study (for scholarship applicants)
• Sensitive Medical Data: Diagnosis reports, treatment records, child age (for healthcare applicants)
• Legal & Financial Data: Case type, urgency, financial status (for legal aid and community applicants)
• Supporting Documents: CVs, medical reports, legal documents, and other uploaded files
• Corporate Data: Company name, size, contact person, and CSR interest areas (for corporate partners)

3. Purpose of Processing

Your personal data is collected and processed exclusively for the following purposes:

• Matching applicants with corporate-funded CSR initiatives (Scholarships, Healthcare Sponsorship, Legal Aid, Career Development, Community Support, and Sports Inclusion)
• Evaluating eligibility and verifying submitted information
• Communicating with you regarding your application status
• Coordinating with verified execution partners (hospitals, legal firms, universities) for initiative delivery
• Generating anonymized impact reporting for corporate CSR partners

4. Data Localization & Security

All sensitive data — including medical records, financial documentation, and legal case files — is stored securely on encrypted servers, compliant with UAE data residency preferences. We implement industry-standard security measures including:

5. Third-Party Sharing

Your personal data is only shared with verified execution partners strictly necessary for delivering the CSR initiative you have applied for. These may include:

• •Accredited universities and educational institutions (for scholarship applicants)
• •Licensed hospitals, clinics, and therapy centers (for healthcare applicants)
• •Authorized pro-bono legal consultants and law firms (for legal aid applicants)
• •Trusted local charitable organizations (for community development applicants)

6. Data Retention

We retain your application data for as long as necessary to process your application and fulfill the purposes outlined in this policy. Unapproved applications and their associated data are automatically deleted after 12 months from the date of submission to minimize legal liability and protect your privacy in accordance with UAE data protection regulations. Approved applications are retained for the duration of the initiative and for a reasonable period thereafter for reporting and audit purposes.

7. Your Rights Under UAE PDPL

Under the UAE Personal Data Protection Law, you have the following rights regarding your personal data:

To exercise any of these rights, please contact us at reach@drhisham.com. We will respond to your request within 30 days.

8. Beneficiary Data Protection

The Reach Foundation is committed to the highest standards of beneficiary data protection. Given the sensitive nature of the information we handle — including medical diagnoses, legal case details, and financial hardship documentation — we apply enhanced security protocols and strict access controls beyond standard requirements. All staff and execution partners with access to beneficiary data are bound by confidentiality agreements and are subject to regular compliance training.

9. Changes to This Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices or applicable law. Any material changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights under UAE PDPL, please contact us at: