VitaLan

Science-Powered Health

Get Started

 PRIVACY POLICY

This Privacy Policy describes how Vitalan, an informational platform and technology service provider operating in the United Arab Emirates (UAE), collects, uses, protects, and discloses information gathered through our website, including data related to diagnostic health testing services (e.g., Blood Count).

We are committed to respecting and protecting your privacy in compliance with UAE Federal Law No. 45 of 2021 Regarding the Protection of Personal Data, Federal Law No. 2 of 2019 on Health Data, and applicable regulations of the Ministry of Health and Prevention (MOHAP) and/or Dubai Health Authority (DHA).

1. Definitions and Scope

  • Personal Data (PD): Any data relating to an identified or identifiable natural person.
  • Protected Health Information (PHI): Personal Data related to an individual’s physical or mental health, including details of health services provided, results, laboratory findings, consultation, diagnosis, and treatment data.
  • Scope: This policy applies to all users accessing our educational platform and submitting inquiries or information related to health status or diagnostic tests while targeting the UAE market.

2. Information We Collect

We collect information directly from you, and this data falls into two main categories:

A. Non-Sensitive Information

This information does not directly reveal your identity or health status.

  • Contact Information: Name, email address, phone number.
  • Inquiry Details: Non-medical questions about service access, pricing, or administrative processes.
  • Technical Data: IP address, browser type, device information, and usage statistics (e.g., pages visited, time spent).

B. Protected Health Information (PHI)

This data is highly sensitive and subject to strict UAE regulations. PHI may include:

  • Health Status Indicators: Results of diagnostic tests (e.g., Blood Count parameters).
  • Interest in Specific Tests/Conditions: Information submitted regarding your interest in certain tests or health concerns.
  • Patient Identifiers: Any unique identifiers related to your health records.

3. Basis and Purpose for Processing

We process your data only for legitimate, transparent, and defined purposes (Purpose Limitation).

Type of Information

Primary Purpose of Processing

Legal Basis (UAE Law)

Non-Sensitive PD

Responding to administrative inquiries, providing requested informational materials, and improving website functionality.

Legitimate interest and contractual necessity.

Protected Health Information (PHI)

Providing the specific health-related service or educational material requested (e.g., delivering test results or related health insights).

Explicit consent of the patient/data subject, as required by law.

All Data

Ensuring compliance with UAE Federal Laws and preventing fraud.

Legal obligation.

Crucial Limitation on Use: PHI will only be used for the provision of the health service or informational purpose for which it was originally obtained. Any alternative use of PHI (e.g., for research, marketing, or statistical analysis) requires your separate, explicit, and prior consent.2

4. Consent for Protected Health Information (PHI)

By utilizing services that involve the processing of PHI (such as submitting an inquiry about test results or providing health details), you agree to the terms of this Privacy Policy.

Explicit Opt-in Requirement: We will seek your explicit and verifiable consent, via an unselected checkbox or similar clear mechanism, before collecting or processing any sensitive PHI. This ensures your voluntary and informed agreement to the processing of your health data.

You have the right to withdraw your consent at any time. Withdrawal of consent may affect our ability to provide certain services to you.

5. Disclosure and Sharing of Information

We will not disclose your PHI to any third party without your prior, explicit consent, except in specific, legally mandated circumstances (Disclosure Restrictions).

A. Permitted Disclosures Without Consent:

Your PHI may be disclosed without your prior consent only when required by law, including:

  • Responding to a request from a competent judicial authority.
  • Addressing a request from the relevant health authority for public health purposes or preventive measures.
  • Assisting insurance companies with the verification of financial claims (if applicable).

B. Sharing with Third-Party Processors:

We may share your data with trusted third-party service providers (e.g., IT support, cloud storage) to perform functions on our behalf, provided that:

  • We have informed you about the disclosure and the intended purpose.
  • These third parties are contractually bound to maintain confidentiality and adhere to the security and privacy standards established by UAE law and this policy.

6. Data Security and Storage

We implement robust security measures to protect your PHI against unauthorized access, modification, damage, deletion, or loss.

  • Security Standards: We apply appropriate technical and organizational security controls (including encryption where necessary) to maintain the confidentiality, integrity, and availability of your data.
  • Data Location: Your data is primarily stored on secure servers located within the UAE.
  • Cross-Border Transfer: If your data must be transferred or stored outside the UAE, we will first obtain your explicit consent for this transfer and ensure the destination country provides an adequate level of data protection, as determined by the UAE regulatory bodies.

7. Your Rights as a Data Subject

Under UAE data protection laws, you, as the data subject, have the right to:

  1. Access: Request access to your Personal Data and PHI.
  2. Correction: Request correction or amendment of inaccurate or unreliable data.
  3. Withdrawal of Consent: Withdraw your consent for the processing of your PHI at any time.
  4. Limitation of Processing: Request restriction or cessation of the processing of your data.

To exercise any of these rights, please contact us using the information provided in the Contact Us section.

8. Updates to this Policy

We reserve the right to update or change our Privacy Policy at any time to reflect new legal or operational requirements. The updated policy will be posted on this page with a revised effective date.

9. Contact Us

If you have any questions about this Privacy Policy or our data handling practices, please contact us at:

Email:

Privacy policy