Privacy Policy
Last Updated: April, 2026
Solara Clinic ("we," "us," or "our") respects your privacy and is committed to protecting your personal data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), Dubai Health Authority (DHA) standards for telehealth and health data protection, Federal Law No. 2 of 2019 on ICT in Health, and other applicable UAE laws.
This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our Website, book women's health or peptide-related telehealth consultations, or interact with our services.
1. Data We Collect
We collect:
- Personal Identifiers: Name, Emirates ID, date of birth, contact details (email, phone), gender, nationality.
- Health Data (sensitive/special category under PDPL): Medical history, symptoms, consultation notes, prescriptions, lab results, women's health details, and peptide-related information. This is necessary for providing safe care.
- Technical Data: IP address, device info, browser type, usage logs, cookies (for functionality and analytics).
- Payment Data: Processed securely via third-party providers (we do not store full card details).
- Consent and Communication Records: Records of consents, feedback, and support interactions.
We collect this directly from you, during consultations (with physician involvement), or automatically via the Platform.
2. How We Use Your Data
We process your data for:
- Providing and managing telehealth services (consultations, prescriptions where compliant).
- Verifying identity, ensuring eligibility, and maintaining health records (as required by DHA).
- Communicating with you (appointments, results, reminders).
- Complying with legal obligations (e.g., DHA reporting, PDPL).
- Improving our Platform (anonymized analytics only).
- Marketing (only with your explicit consent; you can opt out anytime).
For sensitive health data, processing relies on explicit consent, contractual necessity (to provide services), or legal bases such as medical diagnosis/treatment, public health, or as permitted under PDPL and healthcare laws. We do not sell your data.
3. Sharing Your Data
We may share data with:
- DHA-licensed physicians and healthcare professionals involved in your care.
- Licensed pharmacies (for prescriptions/dispensing, if applicable).
- Service providers (e.g., hosting, payment processors, telehealth tech) under strict confidentiality and data processing agreements.
- Regulators (DHA, MOHAP) as legally required.
- In cases of merger, acquisition, or legal requirement.
We do not share health data for marketing without consent. Where personal data is transferred outside the UAE (for example, to cloud hosting or telehealth technology providers in other jurisdictions), we ensure such transfers comply with PDPL requirements through: (a) an adequacy determination by the UAE Data Office; (b) standard contractual clauses or equivalent binding safeguards; or (c) your explicit consent where required. The applicable safeguard will be disclosed on request.
4. Data Security and Retention
We implement technical and organizational measures (e.g., encryption, access controls, ISO/HIPAA-aligned standards where relevant) to protect data, especially sensitive health information, per DHA and PDPL requirements.
Data is retained in accordance with applicable law and DHA mandatory retention periods. For adult patient records, DHA requires a minimum of 10 years from the date of last entry. For patients who were minors at time of treatment, records are retained until the patient reaches age 18 plus an additional 10 years. Financial and billing records are kept for a minimum of 5 years per UAE commercial law. Operational logs are retained for 12 months unless a longer period is required. Upon expiry of the applicable retention period, or upon a valid request where legally permitted, we securely delete or anonymize your data subject to any applicable legal holds or regulatory obligations.
5. Your Rights under PDPL
You have the right to:
- Access, correct, or update your data.
- Withdraw consent (where processing is based on consent; this may limit our ability to provide services).
- Request deletion, restriction, or portability of your data (subject to exceptions, e.g., legal/medical requirements).
- Object to certain processing.
- Lodge complaints with the UAE Data Office (www.uaedataoffice.gov.ae), and for health data matters, with the Dubai Health Authority (dha.gov.ae) or Ministry of Health and Prevention (mohap.gov.ae).
To exercise rights, contact us at fraser@solaraclinic.ae. We respond within the timelines required by PDPL (30 days, extendable by a further 30 days with prior notice). To withdraw consent, email fraser@solaraclinic.ae with subject line "Consent Withdrawal" or use the privacy preferences in your account settings. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal date.
6. Cookies and Tracking
We use essential cookies for Platform functionality. Analytical cookies require consent. Manage preferences via your browser or our cookie banner.
7. Children's Data
Our services are not directed at children under 18. We do not knowingly collect data from minors without guardian consent.
8. Changes to This Policy
We may update this Policy from time to time. We will notify you of significant changes via the Website and by email at least 14 days before they take effect. Where a change affects processing that relies on your consent, we will seek fresh consent before applying the updated terms to your data. Continued use of the Platform following notification of non-material changes constitutes acknowledgment of the updated Policy.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in risk to your rights or freedoms, we will notify the UAE Data Office without undue delay and, where feasible, within 72 hours of becoming aware. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay, describing the nature of the breach, likely consequences, and measures taken or proposed to address it. We maintain a breach register and will cooperate fully with the UAE Data Office and DHA in any investigation.
10. Contact Us
Data Protection Officer / Privacy Inquiries: fraser@solaraclinic.ae. For health data concerns, refer to DHA guidelines.
By using our Platform, you consent to the processing described here (where consent is the basis) and acknowledge our collection and use of your data, including sensitive health information, for legitimate telehealth purposes.
