100% Free Consultation PRP for 199dh Only! FREE 15-Mins Weight Loss Trial Session Tabby & Tamara Installment Plans Up to 50% Off on Laser Hair Removal 100% Free Consultation PRP for 199dh Only! FREE 15-Mins Weight Loss Trial Session Tabby & Tamara Installment Plans Up to 50% Off on Laser Hair Removal
dermatech.
Book Appointment

Privacy Policy

Last updated: 18 June, 2026
Controller: Dermatech Polyclinic LLC, 16th Floor, Emirates Concord Office Tower, Riggat Al Buteen, Dubai.
Trade Licence: 1458028
DHA Licence: 0236859
Contact: info@dermatechpolyclinic.com, +971 50 987 0036

Introduction

Dermatech Polyclinic LLC (“Dermatech”, “we”, “us”, “our”) operates a licensed aesthetic and dermatology clinic in Dubai, United Arab Emirates, regulated by the Dubai Health Authority (DHA). This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our clinic in person, through our website dermatechpolyclinic.com, our social media channels (Facebook, Instagram, WhatsApp), our online booking flows, and our advertising on Meta platforms.

 

We are committed to handling personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), applicable DHA Health Data Protection Regulations, and where applicable to EU-based visitors, the General Data Protection Regulation (GDPR).

Data We Collect

We collect the following categories of personal data:

  1. Identification & Contact: name, phone number, email, nationality, date of birth, Emirates ID (where required for medical records).
  2. Health & Treatment Data: medical history, allergies, treatment records, before/after photographs (with explicit consent), prescriptions, treatment outcomes.
  3. Booking & Transactional Data: appointment dates, treatment selections, payment method, package balances, invoices.
  4. Communication Data: messages sent to our Facebook Messenger, Instagram Direct Messages, WhatsApp Business account, email, and SMS, including timestamps, message content, and sender metadata.
  5. Marketing Interaction Data: ad clicks, lead-form submissions, landing-page visits, conversion events received via Meta Pixel and Conversion API.
  6. Technical Data: IP address, browser type, device, cookies (see Section 9), and approximate location when you visit our website.

How We Collect Data

  1. Directly from you during in-clinic visits, online forms, phone calls, and digital communications.
  2. Automatically through cookies and tracking pixels on our website.
  3. From Meta Platforms (Facebook, Instagram, WhatsApp) when you message us, react to ads, or submit lead forms.
  4. From third-party booking platforms when you book through them.

How We Collect Data

  1. Directly from you during in-clinic visits, online forms, phone calls, and digital communications.
  2. Automatically through cookies and tracking pixels on our website.
  3. From Meta Platforms (Facebook, Instagram, WhatsApp) when you message us, react to ads, or submit lead forms.
  4. From third-party booking platforms when you book through them.

Purposes of Processing

  1. Provide medical services: consultations, treatments, follow-up care, medical record-keeping.
  2. Manage appointments and bookings.
  3. Process payments and issue invoices.
  4. Communicate with you: via Email, SMS, WhatsApp, Facebook Messenger, Instagram DM, including appointment confirmations, treatment reminders, follow-up care, and customer service.
  5. Customer service quality assurance: we use internal tools (including our own customer relationship management (“CRM”) and SLA-monitoring software) to track response times, message volume, and quality of service interactions across Facebook Messenger, Instagram Direct, WhatsApp, and email. This processing is purely internal, used only by Dermatech’s authorised staff, and never shared with third parties.
  6. Marketing and advertising: running campaigns on Meta and Google platforms, audience-based remarketing, performance measurement.
  7. Comply with legal and regulatory obligations, including DHA record-retention requirements.

Legal Basis

We rely on the following legal bases for processing:

  1. Patient consent: for medical treatment, photographs, and direct marketing.
  2. Performance of contract: when delivering services you’ve booked or purchased.
  3. Legitimate interest: for service quality monitoring, fraud prevention, and improving our operations.
  4. Legal obligation: for medical record retention, tax records, and DHA compliance.

Sharing Personal Data

 We do NOT sell personal data. We share data only with:

  1. Treating clinical staff within Dermatech.
  2. Payment processors (e.g. RAK Bank acquirer, Tabby, Tamara) for transaction settlement.
  3. Meta Platforms Inc. for the operation of our Facebook Page, Instagram Business account, and WhatsApp Business account, including conversation history accessible to us via Meta’s Business APIs.
  4. Government authorities when legally required (DHA inspections, tax authorities, court orders).
  5. Professional advisors (auditors, lawyers, accountants) bound by confidentiality.

Data Retention

  1. Medical records: retained for at least 25 years as required by DHA regulations.
  2. Financial records: retained for at least 7 years for UAE tax/audit compliance.
  3. Marketing data: retained for up to 3 years after last interaction, or until you opt out.
  4. Social-media-conversation data accessed via Meta Business APIs: retained internally for up to 24 months for service-quality tracking; underlying Meta-hosted data remains subject to Meta’s own retention policies.

Your Rights

Subject to applicable laws (UAE PDPL, GDPR for EU residents), you have the right to:

  1. Access your personal data.
  2. Correct inaccurate or incomplete data.
  3. Request deletion (subject to legal retention obligations for medical records).
  4. Object to direct marketing, opt out anytime via reply “STOP” to any marketing message or email us at info@dermatechpolyclinic.com.
  5. Withdraw consent at any time (without affecting prior lawful processing).
  6. Lodge a complaint with the UAE Data Office or, for EU residents, your local Data Protection Authority.

To exercise any of these rights, contact us at info@dermatechpolyclinic.com.

Cookies and Web Tracking

Our website uses essential cookies for site functionality and analytics cookies (Google Analytics) and advertising cookies (Meta Pixel) to measure marketing performance. You can disable non-essential cookies via your browser settings.

Children

We do not knowingly collect personal data from children under 18 without parental consent. Patients under 18 may only be treated with a legal guardian’s documented consent.

Security

 We implement technical and organisational measures including encrypted storage, access controls (role-based), staff confidentiality agreements, and secure transmission (HTTPS, TLS) to protect personal data. However, no system is 100% secure; we cannot guarantee absolute security.

International Data Transfers

Some of our data processors (e.g. Meta Platforms, Google) may store data outside the UAE. We rely on these providers’ standard contractual clauses and equivalent safeguards for cross-border transfers.

Changes to This Policy

 We may update this Privacy Policy from time to time. Material changes will be communicated via our website. The “Last updated” date at the top reflects the most recent revision.