Please read this Privacy Policy carefully. It explains how DarDoc collects, uses, stores, and protects your personal data when you use our platform and services.
1.1 This Privacy Policy ("Policy") sets out how DARDOC HEALTH TECHNOLOGIES LIMITED ("DarDoc," "we," "us," or "our"), a healthcare technology company incorporated in Abu Dhabi Global Market (ADGM) and incubated by the Department of Health, Abu Dhabi (DOH), collects, uses, stores, discloses, and protects your personal data when you access or use the DarDoc mobile application, website (www.dardoc.com), and any associated systems (the "Platform").
1.2 For the purposes of applicable data protection legislation, DarDoc is the "data controller" in respect of the personal data processed through the Platform. DarDoc determines the purposes and means of processing your personal data in connection with the Services.
1.3 This Policy forms an integral part of DarDoc's Terms and Conditions ("Terms"). Capitalised terms used herein but not separately defined shall bear the meanings ascribed to them in the Terms.
1.4 By creating an Account, making a Booking, or otherwise using the Platform, you acknowledge that you have read, understood, and consent to the practices described in this Policy. If you do not agree with this Policy, you must discontinue use of the Platform.
DARDOC HEALTH TECHNOLOGIES LIMITED
2.1 DarDoc's collection, storage, processing, and use of personal data is carried out in compliance with the following regulatory framework:
2.2 Where any conflict arises between the provisions of the ADGM Data Protection Regulations and other applicable UAE data protection legislation, DarDoc shall comply with the more protective standard.
3.1 DarDoc collects and processes the following categories of personal data in connection with the Platform and the Services:
We collect personal data that you provide directly when you: (a) create an Account; (b) make a Booking; (c) undergo a medical consultation, blood test, IV therapy, or other clinical Service; (d) place a pharmacy order; (e) communicate with the CX Care Team; (f) submit feedback, reviews, or complaints; or (g) otherwise interact with the Platform.
When you access or use the Platform, we automatically collect certain Technical Data and Usage Data through cookies, analytics tools, and similar technologies, as described in Clause 8.
We may receive personal data about you from: (a) Partner Providers who deliver Services to you through the Platform; (b) accredited laboratory partners who process your blood test and diagnostic samples; (c) third-party payment processors who facilitate transactions; and (d) analytics and advertising partners, in aggregated or pseudonymised form.
5.1 DarDoc processes your personal data for the purposes and on the legal bases set out below:
5.2 Where processing is based on consent, you have the right to withdraw consent at any time in accordance with Clause 11. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
5.3 Where processing is based on legitimate interest, DarDoc has conducted a balancing assessment and has determined that its legitimate interests are not overridden by your rights and freedoms. You may request details of such assessments by contacting legal@dardoc.com.
Health Data collected and processed by DarDoc is classified as sensitive personal data (special category data) under the ADGM Data Protection Regulations and the UAE PDPL. DarDoc applies enhanced technical and organisational safeguards to the processing of Health Data.
Health Data is processed on one or more of the following bases: (a) your explicit consent, obtained at the time of Account creation, Booking, or Service delivery; (b) necessity for the provision of healthcare Services, including diagnosis, treatment, and care management; (c) legal obligation under Federal Law No. 2 of 2019, DHA, DOH, and MOHAP regulations governing health records; and (d) protection of vital interests of the data subject, where applicable in emergency situations.
Health Data is collected during: (a) Digital Clinic consultations; (b) home nursing Service delivery; (c) blood test and laboratory sample collection; (d) IV therapy clinical screening and administration; (e) pharmacy prescription verification; and (f) any other clinical interaction facilitated through the Platform.
Access to Health Data is restricted to: (a) the Caregiver or Healthcare Professional directly assigned to your Booking, to the extent necessary for Service delivery; (b) DarDoc's clinical operations team, for care coordination and quality assurance; (c) Partner Providers and laboratory partners, to the extent necessary for the delivery of the applicable Service; and (d) DarDoc's compliance team, where required for regulatory reporting or audit.
Health Data shall never be: (a) used for marketing, advertising, or promotional purposes; (b) shared with analytics providers, advertising networks, or any third party for non-clinical purposes; (c) sold, rented, or licensed to any third party; or (d) used for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.
Health Data is retained for a minimum of ten (10) years from the date of the last clinical interaction, in accordance with UAE health record retention requirements under Federal Law No. 2 of 2019 and applicable DHA and DOH regulations, or for such longer period as may be required by law.
7.1 DarDoc may share your personal data with the following categories of recipients, solely for the purposes described in this Policy:
7.2 DarDoc does not sell, rent, trade, or otherwise commercialise your personal data to any third party.
7.3 All third parties with whom DarDoc shares personal data are bound by contractual obligations of confidentiality and data protection, and are required to process personal data only for the specified purposes and in accordance with applicable law.
8.1 The Platform uses cookies and similar tracking technologies to collect Technical Data and Usage Data. The following categories of cookies are deployed:
8.2 You may manage your cookie preferences at any time through: (a) the cookie settings accessible on the Platform; (b) your device or browser settings; or (c) contacting DarDoc's support team. Disabling certain cookies may affect the functionality of the Platform.
8.3 DarDoc does not use cookies or tracking technologies to collect, process, or transmit Health Data.
All personal data collected through the Platform is stored on servers located within the United Arab Emirates. DarDoc does not transfer personal data outside the UAE.
DarDoc implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, destruction, or accidental loss, including but not limited to:
Health Data is subject to additional security measures, including restricted access permissions, enhanced encryption standards, and segregated storage from non-clinical data, in accordance with Federal Law No. 2 of 2019 and applicable DHA and DOH health information security requirements.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, DarDoc shall: (a) notify the ADGM Office of Data Protection within seventy-two (72) hours of becoming aware of the breach, where required under ADGM DPR; and (b) notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Notification shall include a description of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.
10.1 DarDoc retains personal data for the periods necessary to fulfil the purposes described in this Policy and to comply with applicable legal, regulatory, and record-keeping obligations. The following retention periods apply:
10.2 Upon expiry of the applicable retention period, personal data shall be securely deleted, destroyed, or irreversibly anonymised in accordance with DarDoc's data retention and disposal procedures.
10.3 Notwithstanding the foregoing, DarDoc may retain personal data beyond the specified retention periods where: (a) required by applicable law, regulation, or order of a competent authority; (b) reasonably necessary for the establishment, exercise, or defence of legal claims; or (c) required for ongoing regulatory audit or investigation.
11.1 Subject to applicable data protection legislation, including the ADGM Data Protection Regulations and the UAE PDPL, you may exercise the following rights in respect of your personal data:
11.2 To exercise any of the above rights, please submit a written request to legal@dardoc.com, providing sufficient information to verify your identity and specify the right(s) you wish to exercise.
11.3 DarDoc shall respond to your request within thirty (30) days of receipt. Where a request is complex or where DarDoc has received a high volume of requests, the response period may be extended by an additional sixty (60) days, with notice to you.
11.4 If you are not satisfied with DarDoc's handling of your request, you have the right to lodge a complaint with the ADGM Office of Data Protection or such other supervisory authority as may have jurisdiction.
12.1 DarDoc does not knowingly collect personal data directly from individuals under the age of eighteen (18). Where Services are booked on behalf of a minor, personal data — including Health Data — is collected from and with the consent of the minor's parent or legal guardian in accordance with Clause 9 of the Terms.
12.2 Personal data of minors is used solely for the purposes of delivering the booked Service, maintaining clinical records, and meeting regulatory obligations. Personal data of minors shall not be used for marketing or promotional purposes.
12.3 The parent or legal guardian may exercise any of the rights set out in Clause 11 on behalf of the minor at any time.
12.4 If DarDoc becomes aware that it has collected personal data from a minor without verified parental or guardian consent, it shall take reasonable steps to delete such data without undue delay.
13.1 By providing your contact details during Account registration or Booking, you agree to receive transactional communications from DarDoc, including appointment confirmations, booking updates, service reminders, account notifications, and payment receipts. Transactional communications are necessary for the delivery of Services and cannot be opted out of while your Account remains active.
13.2 Where you have provided consent, DarDoc may send you marketing and promotional communications, including health and wellness information, promotional offers, new service announcements, and surveys. Marketing communications may be delivered via SMS, email, push notification, WhatsApp, or in-app messaging. Message and data rates may apply depending on your mobile carrier and plan. Message frequency varies based on account activity and preferences.
13.3 You may opt out of marketing and promotional communications at any time by: (a) replying STOP to any SMS received from DarDoc; (b) clicking the "unsubscribe" link in any marketing email; (c) adjusting your notification preferences within the Platform; or (d) contacting DarDoc's support team at legal@dardoc.com.
13.4 Opting out of marketing communications shall not affect your receipt of transactional communications.
14.1 The Platform may contain links to third-party websites, applications, or services that are not owned, operated, or controlled by DarDoc. This Policy does not apply to the data practices of any third party.
14.2 DarDoc is not responsible for the privacy practices, content, or security of any third-party website or service. You are advised to review the privacy policies of any third party before providing personal data or engaging with their services.
15.1 DarDoc reserves the right to amend, update, or replace this Policy at any time to reflect changes in our data practices, legal or regulatory requirements, or operational needs.
15.2 Where changes are material, DarDoc shall provide notice through the Platform, by email, SMS, or push notification at least fourteen (14) days before the revised Policy takes effect.
15.3 Your continued use of the Platform following the effective date of any amendment shall constitute your acceptance of the revised Policy. If you do not agree with the revised Policy, you must discontinue use of the Platform and close your Account.
15.4 The "Last Updated" date at the top of this Policy indicates when the most recent revision took effect.
16.1 If you have any questions, concerns, or requests regarding this Policy or DarDoc's data protection practices, please contact:
16.2 DarDoc shall acknowledge receipt of your inquiry within five (5) business days and shall provide a substantive response within thirty (30) days.
16.3 If you are not satisfied with DarDoc's response, or if you believe that DarDoc has processed your personal data in a manner inconsistent with applicable data protection law, you have the right to lodge a complaint with:
ADGM Office of Data Protection
Abu Dhabi Global Market, Al Maryah Island, Abu Dhabi, UAE
DARDOC HEALTH TECHNOLOGIES LIMITED. All rights reserved.