1. Introduction
At Prestige International Polyclinic LLC (‘we’, ‘us’, ‘our’), we take your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with us — whether through our website, in person at our clinic, via phone, WhatsApp, email, or any other channel.
This Policy is compliant with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and other applicable data protection regulations in the Emirate of Dubai.
By using our services or providing us with your personal data, you consent to the practices described in this Policy.
2. Who We Are (Data Controller)
Prestige International Polyclinic LLC is the data controller responsible for your personal information.
- Registered Name: Prestige International Polyclinic LLC
- Registered Address: Business Point Building, Al Seedaf 1 St, Behind Mall Of Emirates, Al Barsha First, Al Barsha, Dubai, UAE
- DHA Licence No.: 0002033
- Data Protection Contact: info@presclinic.com
3. What Personal Data We Collect
3.1 Identity & Contact Information
- Full name, date of birth, nationality
- Phone number, email address, home/billing address
- Emirates ID or passport number (for identity verification purposes)
3.2 Health & Medical Information (Sensitive Data)
- Medical history, current medications, allergies, skin conditions
- Treatment records, consultation notes, before-and-after photographs
- Consent forms and signed waivers
Health data is classified as sensitive personal data under UAE PDPL and is handled with the highest standard of care. We only collect health data with your explicit consent or as necessary to provide medical treatment.
3.3 Payment Information
- Payment method (card type, last 4 digits — full card details are never stored by us)
- Transaction history and invoices
3.4 Communications & Interactions
- Records of phone calls, emails, WhatsApp messages, or live chat conversations
- Appointment history and feedback/reviews you submit
3.5 Website & Technical Data
- IP address, browser type, device type
- Pages visited, time spent on site, referring URLs
- Cookie and tracking data (see Section 9)
3.6 Marketing Preferences
- Whether you have opted in or out of marketing communications
- Preferred communication channels (SMS, email, WhatsApp)
4. How We Collect Your Data
- Directly from you: When you book an appointment, complete intake forms, consent forms, or contact us
- From our website: Via contact forms, booking systems, cookies, and analytics
- From third parties: Referrals from other healthcare providers (with your consent)
- From your device: Technical data collected automatically when you visit our website
5. How We Use Your Data
5.1 Providing Medical & Aesthetic Services
- To assess your suitability for treatments and provide clinical care
- To maintain accurate medical records as required by the DHA
- To contact you about your appointments and treatment aftercare
5.2 Business Operations
- Processing payments, issuing invoices and receipts
- Sending appointment reminders and follow-up communications
- Managing your account and correspondence
5.3 Marketing & Communications (with consent)
- Sending promotional offers, newsletters, and treatment updates via email, SMS, or WhatsApp — only if you have opted in
- Personalising communications based on your treatment history and preferences
You may opt out of marketing communications at any time by contacting us or clicking ‘unsubscribe’ in any marketing email.
5.4 Legal & Regulatory Compliance
- Complying with DHA requirements for medical record retention
- Responding to lawful requests from regulatory authorities
- Protecting and defending our legal rights
5.5 Website Improvement
- Analysing website usage to improve functionality and user experience
- Monitoring and preventing fraud or security incidents
6. Legal Basis for Processing Your Data
We process your personal data under one or more of the following legal bases as defined under the UAE PDPL:
- Consent: Where you have given explicit consent (e.g., marketing, photographs)
- Contractual Necessity: To fulfil our service agreement with you
- Legal Obligation: Where required by UAE law or health regulations
- Legitimate Interests: Where processing is in our legitimate business interests and does not override your rights
- Vital Interests: Where processing is necessary to protect your health or safety in an emergency
7. How We Share Your Data
We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:
7.1 Healthcare Providers
With other treating physicians or specialists, only where medically necessary and with your consent.
7.2 Service Providers & Processors
With trusted third-party vendors who process data on our behalf (e.g., appointment booking software, payment gateways, email service providers). These parties are contractually obligated to protect your data and may only use it for specified purposes.
7.3 Regulatory & Legal Authorities
With the Dubai Health Authority (DHA), Ministry of Health, or law enforcement agencies, where required by law.
7.4 Business Transfers
In the event of a merger, acquisition, or sale of the Clinic, your data may be transferred to the new entity, who will be bound by this Privacy Policy.
8. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes outlined in this Policy, including:
- Medical records: Minimum 10 years as required by DHA regulations
- Financial records: Minimum 5 years as required by UAE commercial law
- Marketing data: Until you opt out or withdraw consent
- Website technical data: Up to 24 months
After the applicable retention period, your data will be securely deleted or anonymised.
9. Cookies & Tracking Technologies
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us improve your browsing experience and understand how visitors use our site.
9.2 Types of Cookies We Use
- Essential Cookies: Necessary for the website to function (cannot be disabled)
- Analytics Cookies: Help us understand website traffic (e.g., Google Analytics)
- Marketing Cookies: Used to show relevant advertisements (only if you consent)
- Functional Cookies: Remember your preferences (e.g., language settings)
9.3 Managing Cookies
You can control or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our website. For detailed guidance, visit your browser’s help documentation.
10. Your Rights Under UAE PDPL
As a data subject, you have the following rights in relation to your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (subject to our legal retention obligations)
- Right to Restriction: Request that we limit how we use your data
- Right to Data Portability: Request your data in a commonly used, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time, without affecting prior processing
To exercise any of these rights, please submit a written request to info@presclinic.com. We will respond within 30 days. We may request proof of identity before fulfilling your request.
11. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, loss, or destruction. These include:
- Encrypted digital storage systems
- Restricted access to medical records (clinical staff only)
- Secure physical storage of paper records
- Regular staff training on data protection
- Password-protected and encrypted communication tools
Despite our best efforts, no data transmission or storage system can be guaranteed to be 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required by UAE law.
12. International Data Transfers
Your personal data is primarily processed and stored within the UAE. If any data is transferred outside the UAE (e.g., to cloud service providers), we ensure such transfers comply with UAE PDPL requirements, including implementing appropriate safeguards.
13. Children’s Privacy
Our services are intended for individuals aged 18 years and above. We do not knowingly collect personal data from children under 18 without verifiable parental or guardian consent. If we become aware that we have collected data from a minor without appropriate consent, we will delete it promptly.
14. Third-Party Websites
Our website may contain links to third-party websites or social media platforms (e.g., Instagram, Facebook). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party sites you visit.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website with an updated effective date. Where changes are significant, we will notify you directly. Continued use of our services after the update constitutes acceptance.
16. Contact & Complaints
For any privacy-related queries, requests, or concerns, please contact our Data Protection Lead: