Privacy Policy

1. Introduction

Czech Rehabilitation Hospital - Al Ain ("we," "our," or "the Hospital") is committed to protecting your privacy and personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our online consultation request platform.

This policy complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, Abu Dhabi Department of Health (DOH) regulations, and internationally recognized healthcare privacy standards including HIPAA principles.

2. Information We Collect

When you submit a consultation request, we collect:

• Personal Information: Full name, phone number, Emirates ID
• Health Information: Type of surgery needed, medical condition description, preferred timing
• Insurance Information: Insurance plan details (optional)
• Medical Records: Uploaded medical reports, ultrasounds, CT scans (optional)
• Voice Messages: Audio recordings of your medical condition (optional)
• Technical Information: IP address, browser type, submission date/time

3. How We Use Your Information

We use your information for the following purposes:

• Medical Consultation: To review your case and schedule a consultation appointment
• Communication: To contact you via phone, WhatsApp, or email regarding your appointment
• Medical Records: To maintain accurate and complete medical records as required by UAE law
• Treatment Planning: To prepare for your consultation and surgical procedure
• Healthcare Operations: To improve our services and patient care quality
• Legal Compliance: To comply with UAE healthcare regulations and DOH requirements

4. Legal Basis for Processing

We process your personal health information based on:

• Your Consent: You explicitly consent to data processing when submitting the form
• Medical Necessity: Processing is necessary to provide healthcare services
• Legal Obligation: Compliance with UAE Federal Decree-Law No. 45 of 2021 and DOH regulations
• Legitimate Interest: Healthcare operations and quality improvement

5. Data Security & Protection

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
• Access Control: Only authorized medical staff can access patient information
• Secure Storage: Data stored on Cloudflare's secure infrastructure with enterprise-grade protection
• Regular Backups: Automated backups to prevent data loss
• Audit Logs: All data access is logged and monitored
• Staff Training: All staff trained on data protection and patient confidentiality

6. Data Retention

In accordance with UAE healthcare regulations and Abu Dhabi DOH requirements:

• Medical Records: Retained for a minimum of 7 years from the date of last consultation or treatment
• Consultation Requests: Retained for 7 years or as long as medically necessary
• Deleted Records: Soft-deleted records retained in recycle bin for 30 days before permanent deletion
• After Retention Period: Data is securely and permanently deleted

7. Data Sharing & Disclosure

We do NOT sell, rent, or trade your personal health information. We may share your information only in these limited circumstances:

• Healthcare Providers: With consulting physicians and medical staff involved in your care
• Insurance Companies: With your insurance provider for billing and coverage verification (only with your consent)
• Legal Requirements: When required by UAE law, court order, or DOH regulations
• Emergency Situations: To prevent serious harm to you or others
• Service Providers: Encrypted cloud storage providers (Cloudflare) under strict confidentiality agreements

8. Your Rights Under UAE Law

Under UAE Federal Decree-Law No. 45 of 2021, you have the following rights:

• Right to Access: Request a copy of your personal health information
• Right to Correction: Request correction of inaccurate or incomplete information
• Right to Deletion: Request deletion of your data (subject to medical record retention requirements)
• Right to Withdraw Consent: Withdraw your consent for data processing (may affect our ability to provide services)
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to certain types of data processing
• Right to Lodge a Complaint: File a complaint with UAE data protection authorities

9. International Data Transfers

Your data may be processed and stored on servers located outside the UAE. We ensure that any international data transfers comply with UAE data protection laws and that adequate safeguards are in place, including encryption and contractual protections with our service providers.

10. Cookies & Tracking

Our platform uses minimal cookies and local storage for essential functionality only (e.g., language preference, notification settings). We do not use tracking cookies or share data with third-party advertisers.

11. Children's Privacy

Our services are intended for adults. If you are submitting information on behalf of a minor (under 18 years), you must be the parent or legal guardian and have the authority to consent to the processing of the minor's health information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Last Updated" date and, where appropriate, by email or prominent notice on our platform.

13. Contact Information

14. Regulatory Compliance

This platform complies with:

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
• Abu Dhabi Department of Health (DOH) healthcare regulations
• UAE Cybercrime Law (Federal Decree-Law No. 5 of 2012)
• International healthcare privacy standards (HIPAA principles)

DOH License Number: GD40081