Privacy Policy
1. Introduction
Vital Mena Health ("the Clinic", "we", "us") is a DHA-licensed pulmonology clinic based in Dubai, UAE, specialising in General Respiratory Medicine, Sleep Medicine & Sleep Studies, and Diagnostic Procedures including spirometry, bronchoscopy, lung function tests, chest X-ray, and CT scanning.
This Privacy Policy explains how we collect, use, store, share, and protect your personal and health data in accordance with UAE Federal Decree-Law No. 45/2021 on Personal Data Protection (PDPL), DHA healthcare data standards, and the NABIDH health data exchange framework.
Respiratory health information — including pulmonary function test results, sleep study findings, and diagnostic reports — constitutes special-category data under PDPL Article 9 and receives the highest level of protection we provide.
2. Data Controller
Vital Mena Health is the data controller for personal data processed under this policy.
| Legal Entity | Vital Mena Health |
| Specialty | Pulmonology & Respiratory Medicine |
| Location | Dubai, UAE |
| Address | Um Hurair second, Royal palm business center, 13th floor office #4, OF13-4 Dubai, UAE |
| Website | www.vitalmenahealth.com |
| teledoc@vitalmenahealth.com | |
| Phone | 045781600 |
| Privacy Contact | privacy@vitalmenahealth.com |
3. Scope
This policy applies to personal data collected through:
- Our website and online booking forms
- In-person consultations at the clinic (Vital Mena Health is an in-person only clinic — no telemedicine)
- Telephone and WhatsApp enquiries and appointment booking
- Email correspondence
- Newsletter subscription
- Referral letters received from other healthcare providers (GPs, ENTs, cardiologists)
4. Personal Data We Collect
4.1 Categories of Personal Data
| Category | Data Elements | Source |
|---|---|---|
| Identity Data | Full name, date of birth, gender, nationality, Emirates ID number | Patient registration form |
| Contact Data | Email address, phone number, emergency contact details | Booking / reception |
| Insurance Data | Insurance provider, plan name, policy number, pre-authorisation references | Booking / reception |
| Clinical & Respiratory Health Data | Diagnosis (asthma, COPD, sleep apnea, etc.); pulmonary function test results (spirometry); bronchoscopy findings; chest X-ray and CT scan reports; sleep study results; prescriptions; medical history | Clinical consultations; diagnostic results; referring physician letters |
| Referral Data | Clinical letters and summaries from referring physicians | GP, ENT, cardiologist referrals |
| Technical Data | IP address, browser type, device, pages visited, timestamps | Website cookies and server logs |
| Newsletter Data | Email address and communication preferences | Newsletter subscription form |
4.2 Special Category Data
Respiratory health data — including pulmonary function test results, sleep study findings, bronchoscopy reports, and lung imaging — is classified as special-category data under PDPL Article 9. This data is subject to enhanced protection measures and is never used for commercial purposes.
5. Lawful Basis for Processing
| Lawful Basis | Examples of Processing Activity |
|---|---|
| Consent (PDPL Art. 5) | Newsletter subscription; optional follow-up communications; research participation |
| Healthcare Treatment | Delivering pulmonology consultations, sleep studies, spirometry, bronchoscopy, and issuing treatment plans |
| Legal Obligation | DHA reporting; NABIDH data sharing; court orders; Ministry of Health requirements |
| Vital Interests | Emergency respiratory care where consent cannot be obtained |
| Contract | Processing bookings, payments, insurance claims |
| Legitimate Interests | Service quality monitoring; cybersecurity; fraud prevention |
6. How We Use Your Data
6.1 Clinical Purposes
- Delivering pulmonology consultations and issuing clinical diagnoses
- Conducting and reporting sleep studies (polysomnography)
- Performing and reporting lung function tests and spirometry
- Carrying out and reporting bronchoscopy findings
- Processing and reporting chest X-ray and CT scan results
- Issuing CPAP, BiPAP, and other respiratory device prescriptions
- Communicating with referring physicians and GPs about patient care
- Follow-up care after diagnostic procedures
6.2 Administrative Purposes
- Appointment booking, confirmation, and reminders
- Insurance pre-authorisation and claims processing under Dubai Law No. 11/2013
- Billing and payment processing
- Responding to patient enquiries
6.3 What We Will NOT Do
- Sell your personal or health data to any third party
- Share diagnostic results with your employer without your explicit consent
- Share results with insurers beyond what is necessary for treatment coverage
- Use your health data for advertising or marketing purposes
7. Data Sharing
| Recipient | Data Shared | Legal Basis |
|---|---|---|
| Referring Physicians & GPs | Diagnostic results, clinical summaries, treatment plans | Patient consent; continuity of care |
| Insurance Companies | Diagnosis codes, procedure codes for coverage verification | Legal obligation; contract |
| DHA / MOHAP | Mandatory disease notifications; regulatory submissions | Legal obligation |
| NABIDH | Diagnostic results accessible to authorised DHA-licensed providers | Legal obligation |
| UAE Courts | Data required by court order or legal proceedings | Legal obligation |
| IT Service Providers | Encrypted access for EHR and infrastructure maintenance | Legitimate interests |
NABIDH — Dubai Health Data Exchange
Vital Mena Health is a NABIDH-connected facility. Respiratory diagnostic results (including spirometry reports, sleep study results, and bronchoscopy findings) may be accessible to other DHA-licensed healthcare providers involved in your direct care through the NABIDH platform.
You may request information about your NABIDH data sharing by contacting teledoc@vitalmenahealth.com.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Adult clinical records (consultations, test results) | Minimum 10 years from last contact (DHA standard) |
| Minor patient records | Until age 18 plus 10 years |
| Diagnostic imaging reports (X-ray, CT, sleep studies) | Minimum 10 years |
| Insurance and billing records | 5 years (UAE commercial records law) |
| Newsletter subscriber data | Until unsubscription |
| Website server logs and technical data | 90 days rolling |
| CCTV footage (if applicable) | 30 days |
9. Your Data Rights
Under UAE PDPL you have the following rights. To exercise any right, contact privacy@vitalmenahealth.com.
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you, including diagnostic reports and clinical records. |
| Correct | Request correction of inaccurate or incomplete personal data. |
| Erase | Request deletion of your data where there is no legal obligation to retain it (clinical records are subject to mandatory retention periods). |
| Restrict | Request that we limit processing of your data in certain circumstances. |
| Portability | Receive your data in a structured, machine-readable format. |
| Withdraw Consent | Withdraw consent at any time where processing is based on consent (e.g., newsletter). Withdrawal does not affect lawfulness of prior processing. |
| Complaint | Lodge a complaint with the UAE Data Protection Office or DHA at any time. |
10. Security Measures
- All clinical records stored in an encrypted Electronic Health Record (EHR) system
- Role-based access controls — only treating clinicians can access patient diagnostic results
- TLS/SSL encryption for all data in transit via the website
- Regular security assessments and staff data protection training
- Data breach notification within 72 hours of discovery (PDPL Art. 27)
- Respiratory diagnostic data completely isolated from website analytics
11. Children's Privacy
Patients under 18 years of age require the consent of a parent or legal guardian for all consultations, diagnostic procedures, and processing of their health data. Vital Mena Health treats paediatric respiratory conditions including childhood asthma, bronchiolitis, and related disorders with appropriate safeguards.
All records relating to minor patients are subject to enhanced retention and access controls.
12. Newsletter & Electronic Communications
Our newsletter is strictly opt-in. We will only send electronic marketing communications with your explicit consent, in compliance with TDRA regulations. You may unsubscribe at any time by clicking the unsubscribe link in any email or by contacting teledoc@vitalmenahealth.com.
13. Policy Updates
This policy is reviewed annually or when applicable laws change. We will notify registered patients of material changes via email. The current version is always available at [www.vitalmenahealth.com].
- For all privacy enquiries: privacy@vitalmenahealth.com
- Address: Um Hurair second, Royal palm business center, 13th floor office #4, OF13-4 Dubai, UAE
- Phone: 045781600
14. Legislative Reference
| Reference | Full Title | Relevance |
|---|---|---|
| UAE PDPL | Federal Decree-Law No. 45/2021 on Personal Data Protection | Primary data protection law |
| PDPL Executive Reg. | Cabinet Resolution No. 33/2022 | PDPL implementation rules |
| DHA Law | Dubai Law No. 13/2021 — Dubai Health Authority | DHA regulatory framework |
| Health Insurance | Dubai Law No. 11/2013 | Mandatory health insurance |
| NABIDH | DHA Health Data Exchange Framework | Connected health data sharing |
| UAE Cybercrime | Federal Law No. 5/2012 (amended 34/2021) | Digital security obligations |
| Consumer Protection | Federal Decree-Law No. 5/2023 | Patient / consumer rights |
| Medical Liability | Federal Law No. 4/2016 | Healthcare provider liability |
| TDRA Telecom | Federal Law No. 3/2003 and regulations | Electronic communications / spam |
| Medical Records | DHA Standard for Patient Records Management | Retention requirements |
Ready to improve your lung
health?
Take the first step towards better breathing. Connect with
our respiratory specialists today.