Table of Contents
Privacy Policy
Effective Date: October 18, 2025
At Lumos Polyclinic L.L.C. (“we”, “us”, “our”), protecting your privacy and medical confidentiality is our top priority. This policy explains how we collect, process, store, and protect your data when you visit our website lumosclinics.com, engage with our marketing channels, or receive healthcare services at our facility. We comply with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, Dubai Health Authority (DHA) and Ministry of Health and Prevention (MOHAP) regulations, and NABIDH standards.
1. Information We Collect
- Personal Identification: Name, date of birth, gender, nationality, Emirates ID, contact details.
- Medical & Health Information: Medical history, examination notes, diagnoses, laboratory results, imaging, prescriptions, and treatment plans stored in our iHealthConnect EMR system.
- Appointment & Billing Data: Booking details, payment information, insurance submissions, and invoices.
- Website & Marketing Data: IP address, browser type, device details, cookies, location data, and interactions via contact forms, WhatsApp chat, or online booking.
- Employment & CCTV Data: Staff records, job applications, training documents, and security camera footage within clinical premises for safety and compliance.
2. How We Use Your Information
- Deliver medical, dental, dermatological, and aesthetic treatments.
- Schedule, confirm, and remind you of appointments.
- Process billing, insurance, and secure payments.
- Send promotional messages, newsletters, and offers only with your explicit consent.
- Analyze website performance and enhance service quality.
- Comply with DHA/MOHAP regulatory, audit, and reporting requirements.
- Maintain staff records and ensure workplace safety and training compliance.
3. Legal Basis for Processing
Data is processed based on your consent, contractual obligation (for treatment and payment), or legal requirement as per UAE law and DHA regulations.
4. Data Sharing and Third Parties
We may share information with:
- Licensed healthcare professionals involved in your care.
- Insurance companies and TPAs for claims processing.
- DHA, MOHAP, and NABIDH systems for mandatory health data reporting.
- Accredited laboratories, pharmacies, or referral clinics.
- Authorized IT, hosting, and analytics providers supporting WordPress and iHealthConnect platforms.
All third parties are contractually required to ensure confidentiality and data protection.
5. Marketing and Website Technologies
Our website uses WordPress, Elementor, Google Analytics 4, Google Tag Manager, Meta Pixel, and reCAPTCHA v3. Cookies and pixels collect non-identifiable data to optimize performance and measure advertising results. A consent banner allows you to accept or manage cookies. Marketing emails or WhatsApp campaigns are sent only after opt-in consent, in accordance with TRA and DHA guidelines.
6. Patient Media, Photos & Testimonials
Before/After photos or testimonials are published only with signed patient consent. Images used in marketing are anonymized and stored separately from medical records.
7. Data Storage, Security & Retention
All medical and personal data are stored in the secure iHealthConnect EMR system, hosted within the UAE and compliant with NABIDH security protocols. Data access is role-based and logged. We retain medical records for 25 years as mandated by DHA, and other records for as long as necessary to fulfil legal and contractual obligations.
8. International Transfers
Lumos Polyclinic does not transfer medical data outside the UAE unless required by law or with explicit patient consent and adequate data-protection assurances.
9. Data Breach Notification
In case of unauthorized access, loss, or disclosure, affected individuals and DHA/MOHAP will be notified within legally prescribed timelines, and corrective actions will be implemented immediately.
10. Your Rights
- Access and obtain a copy of your personal data.
- Request correction of inaccurate information.
- Withdraw consent for marketing communications.
- Request deletion where legally permissible.
Requests can be made via info@lumosclinics.com. Identity verification may be required.
11. CCTV & Visitor Monitoring
Our facility uses CCTV surveillance for safety, theft prevention, and legal compliance. Footage is retained for a limited period and accessible only to authorized personnel.
12. Updates to This Policy
We may update this policy periodically to reflect legal or operational changes. Updated versions will be posted at lumosclinics.com/privacy-policy. Continued use of our services constitutes acceptance of the revised terms.
13. Contact Information
For all privacy and data-protection inquiries, contact our Data Protection Officer:
Lumos Polyclinic L.L.C.
📧 info@lumosclinics.com
📍 Sheikh Zayed Road, Dubai, UAE
☎ +971 4 352 4140