Date: February 2022
Physiowell is committed to upholding and maintaining your personal rights. We operate our business in-line with the UAE Personal Data Protection Law and DHA and observe your rights to change or withdraw your opt-in options at any time. As part of Physiowell’s ongoing commitment to uphold your rights, we will also extend advice on how you can issue formal complaints to relevant authorities, such as the UAE Data Office.
Physiowell is registered with the Dubai Economy Department under the license no 929943 and registered with the Dubai Health Authority as a rehabilitation center under the DHA license no. 6471536. If you have any questions or would like more details about how we use your personal information, please refer to the Contact Us section below.
You can find more information about us at: https://physiowell.ae/about-us/
Our company obligations
As a data controller, Physiowell is legally responsible for the personal data that you provide. In honouring that responsibility, we pledge to uphold our commitments under the UAE Federal Decree-Law No. 45 of 2021.
Physiowell will only use your data
- In ways that are both fair and legal
- As described within this Policy
- In ways that are necessary for the fulfilment of our services
In addition, Physiowell processes the personal data you submit or we collect your personal data as a data processor. As part of this role, Physiowell takes all the necessary precautions to secure the personal data we collect, process and store.
Physiowell may occasionally use the data you provide us with for marketing, relationship management or account management activities. These activities are designed to ensure you have adequate information about other products and/or services we offer, that we have reason to believe you may be interested in. You have the right to opt-out of these activities at any time.
What information do we collect?
In order for Physiowell to provide you with the products and services you have signed up or provided consent to, we need to collect and process personal data about you.
This is information you provide Physiowell about you by providing information or filling in forms on the Physiowell website (www.physiowell.ae) or at the clinic or by corresponding with us (for example, by telephone, e-mail or any other digital or electronic form). The information includes your personal details when you register as a patient, share data via the web-app’s social media functions, and when you provide information via telephone calls. If you contact us, Physiowell will keep at least an electronic record of such correspondence, including personal information shared at that time. The personal information you provide Physiowell may include your name, address, e-mail address, Emirates ID number and phone number, certain device information and other registration information you choose to provide (“personal data”).
Physiowell collects and processes personal data for specific, lawful purposes only, or for the performance of tasks carried out in the interests of Physiowell in compliance with DHA.
Why do we collect personal data?
The data protection law allows Physiowell to use your personal data provided we have acceptable reasons for doing so. This might include sharing your personal data outside Physiowell. The law categorises these acceptable reasons as follows:
- to fulfil our obligations to you under our terms and conditions or
- when it is our legal duty (legal obligation); or
- when it is in our legitimate interests (legitimate interests); or
- when you consent to it (consent).
A legitimate interest is when we have a business or medical reason to use your information. However, our legitimate interest must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we shall inform you what that reason is.
Physiowell does not collect any sensitive personal data about you other than your medical or health background. Sensitive personal data refers to (but is not limited to) information about your race or ethnic background, religious or political affiliations, trade union affiliations, sexual orientation or criminal background.
Please note that when you submit personal data on our website, you are giving Physiowell your explicit consent to use that personal data in line with this Policy.
Data processing, storage and transfer of personal data
Physiowell collects and stores personal data in the United Arab Emirates. Physiowell uses carefully selected and recognised third-parties to provide minor commerce services. Some of these third-parties may operate outside the United Arab Emirates.
You agree that we have the right to transfer the personal data described in this Policy to and from, and process and store it in the United Arab Emirates and (where applicable or required) with processors in other countries, some of which may have less protective privacy laws than those where you reside. Where this is the case, we will take appropriate security measures to protect your personal data in accordance with this Policy.
We may share your personal data with organisations outside Physiowell including:
- Insurance companies validly covering your medical circumstance;
- Dubai Health Authority;
- Fraud prevention agencies;
- Companies we have a joint venture or agreement to co-operate with;
- Third-party marketing agencies;
We may also share your personal data if the corporate structure of Physiowell changes in the future:
- We may choose to sell, transfer, or merge parts of our business, or our assets, and we may seek to acquire other businesses or merge with them. During any such process, we may share your data with other parties. We will only do this if the other party agree to keep your data safe and private.
- If a change to Physiowell happens, then other parties may use your data in the same way as set out in this Policy.
Physiowell will take all steps reasonably necessary to ensure your personal data is processed fairly and lawfully. By submitting your personal data, you agree to such processing in order for Physiowell to perform its general administrative functions, including but not limited to responding to enquiries you raise via the website and maintaining contacts for future informational or promotional activities. Unless otherwise notified, Physiowell does not ordinarily engage in automated decision making when processing your personal data.
Physiowell may process your data based on more than one legal ground. Circumstances under which we may be required to process your data under more than one legal ground may include:
|Reason||Data type||Legal basis|
|Patient registration||Identity and contact information||To carry out the services under our Terms and Conditions.|
|To manage our customer relationship with you||Identity, contact information, marketing and communications preferences||To carry out the services under our Terms and Conditions, to comply with legal obligations and to exercise our legitimate interests to keep our records updated.|
To preserve the integrity of our databases, to carry out on-going website updates, for research, analytics and statistics purposes and to ensure compliance with applicable laws, Physiowell retains personal data submitted by users for a reasonable length of time unless otherwise prescribed by the applicable Law.
Physiowell is not responsible for the accuracy of the information you provide, and will modify or update your personal data in our databases upon your request. We will erase or archive from active use your personal data upon request, unless we are required to retain it in accordance with applicable laws or to perform agreed services. By accessing or using the website, you do hereby represent and warrant that you understand that all information submitted by you through the website or otherwise to Physiowell may be used in accordance with applicable laws and this Policy.
In all the above cases in which we collect, use or store your personal data, you may have the following rights and, in most cases, you can exercise them. These rights include:
- the right to obtain information regarding the processing of your personal data and access to the personal data which Physiowell holds about you.
- the right to withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so. For example, we may need to retain personal data to comply with a legal or contractual obligation.
- in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided directly to Physiowell.
- the right to request that we rectify your personal data if it is inaccurate or incomplete.
- the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask Physiowell to erase your personal data, but we are legally entitled to retain it.
- the right to object to, or request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to refuse that request; and
- the right to lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.
You can ask us to restrict the use of your personal data if:
- It is not accurate.
- It has been used unlawfully but you do not want Physiowell to delete it.
- It is not relevant anymore, but you want Physiowell to keep it for use in legal claims.
Marketing and communications
Physiowell may send you marketing communications if you have given your contact details and opted-in to marketing communications. We may use your personal information to tell you about relevant products, services and offers. This is what we mean when we talk about ‘marketing’.
Physiowell will store your personal data for a period of ten years after your last recorded login attempt unless otherwise noted and explicitly stated. Physiowell stores personal data relating to transactions, payments and treatments for a period of up to ten years from the date of last admission or interaction. This period may be extended under certain circumstances as part of our ongoing commitment to comply with applicable law.
Physiowell will retain your personal information for as long as you are a patient of Physiowell. Within ten years after your last admission or interaction with Physiowell, we may keep your data
- To maintain records to comply with our legal and regulatory obligations.
- To respond to any questions or complaints.
- To show that we treated you fairly and ethicly.
- Since Physiowell may not delete it for legal, regulatory or medical reasons.
Physiowell may also keep your data for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.
As part of our ongoing commitment to the valid personal data protection law, Physiowell will report any security breaches or attempted breaches to the relevant authorities within 24 hours. Physiowell shall subsequently contact all those affected by the breach within 72 hours of its occurrence.
Although Physiowell endeavours to take steps to provide a secure environment for users accessing the website, due to the nature of the Internet, Physiowell cannot guarantee confidentiality or security of the personal and other information being provided. Physiowell makes no warranty whatsoever to you, express or implied, regarding the security of the website, including with respect to the ability of unauthorised persons to intercept or access information transmitted by you through the Internet.
Further, despite all possible security measures that Physiowell would take to keep our website free from hacking and other interference, the website like any other website is not free from such risks. Physiowell disclaims all liability on account of any loss or damage that any user may suffer or incur on account of any alteration or manipulation of any data or information accessed or downloaded from our website.
Whilst Physiowell endeavours to take every reasonable precaution to ensure accuracy, security and confidentiality of information available through the website, Physiowell cannot be held responsible for any consequence of any action(s) carried out by any authorised or unauthorised user.
Changes to this Privacy Notice
Physiowell may update this Policy from time to time as the website changes and privacy law evolves. If such updates occur, Physiowell shall do so online and follow such other steps as required by the then applicable law.
Physiowell is committed to upholding your rights. If you have any questions, complaints, comments or concerns about this Policy or if you wish to exercise your rights in relation to your personal data or submit a complaint, please contact us at:
- PO Box : 34156
- Telephone : +971 4 2692121
- Email : email@example.com
You can also refer your concerns directly to the UAE Data Office, the body that regulates the handling of personal data in the UAE.
Physiowell shall fully co-operate with the UAE Data Office in the handling of complaints against it.