BridgesCare Dubai ("we," "us," or "our") is a multidisciplinary therapy and rehabilitation center licensed and regulated by the Dubai Health Authority (DHA) and the Community Development Authority (CDA). We operate two clinics within the Emirate of Dubai, providing speech therapy, occupational therapy, physiotherapy, clinical psychology, ABA therapy, and related healthcare services for children and adults.
This Privacy Policy explains how we collect, use, store, share, and protect the personal data and protected health information (PHI) of our patients, their families, and visitors to our website. We are committed to ensuring that your information is handled with the highest standards of confidentiality and security in accordance with:
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
Dubai Health Authority (DHA) regulations on patient data privacy and electronic health records
Dubai Healthcare City (DHCC) data protection guidelines
International best practices aligned with HIPAA-equivalent standards for healthcare data
By accessing our services or website, you acknowledge that you have read and understood this Privacy Policy.
Information We Collect
We collect the following categories of information to deliver quality healthcare services:
Personal Identification Data
Full name, date of birth, gender, and nationality
Emirates ID number and/or passport details
Residential address within the UAE or abroad
Contact information including phone numbers and email addresses
Emergency contact details
Health and Medical Records
Medical history, diagnostic reports, and assessment results
Therapy session notes, treatment plans, and progress reports
Referral letters from physicians or educational institutions
Developmental and behavioral assessments
Photographs or videos taken during therapy sessions (with explicit consent only)
Financial and Insurance Information
Insurance policy details and member identification numbers
Payment information for service fees
Billing and invoice records
Website Usage Data
IP address, browser type, device information, and operating system
Pages visited, time spent on pages, and referring URLs
Form submissions made through our website (appointment requests, enquiries)
Cookie identifiers and analytics data
How We Collect Information
We obtain your personal data through the following channels:
Directly From You
When you register as a patient, complete intake forms, schedule appointments, sign consent forms, make enquiries via phone, email, WhatsApp, or our website contact form, or provide feedback about our services.
From Healthcare Providers and Institutions
When referring physicians, hospitals, schools, or other therapists share relevant medical or developmental information to facilitate your care, with appropriate authorization.
Through Automated Technologies
When you visit our website, we automatically collect certain technical data through cookies, web analytics tools (such as Google Analytics), and server logs. This data helps us understand how visitors use our site and improve the user experience.
How We Use Your Information
We process your personal data strictly for the following purposes:
Clinical Treatment and Care: To assess, diagnose, plan, and deliver therapy services, track progress, and coordinate multi-disciplinary care across our team of therapists.
Appointment Scheduling: To manage bookings, send reminders via SMS, WhatsApp, or email, and handle rescheduling or cancellations.
Communication: To respond to your enquiries, provide updates about your or your child's therapy, and share educational resources relevant to your treatment plan.
Billing and Insurance: To process payments, generate invoices, submit insurance claims, and manage outstanding balances.
Quality Improvement: To evaluate and improve our clinical outcomes, conduct internal audits, train our staff, and enhance patient satisfaction.
Regulatory Compliance: To fulfil our obligations to the DHA, CDA, and other regulatory bodies, including mandatory reporting and licence renewals.
Website Improvement: To analyse website traffic, optimise content, and ensure our digital platforms function correctly.
We will never use your health information for marketing purposes without your explicit, written consent.
Legal Basis for Processing
Under UAE data protection law, we rely on the following legal grounds to process your personal data:
Consent: You provide informed consent when you sign our patient registration and consent forms. For certain activities, such as recording therapy sessions or sharing progress with third parties, we obtain separate explicit consent.
Contractual Necessity: Processing is necessary to fulfil our agreement to provide healthcare services to you or your child upon registration.
Legal Obligations: We are required to maintain medical records, report certain conditions to the DHA, and comply with UAE healthcare legislation, including the UAE Federal Law No. 2 of 2019 on the Use of Information and Communication Technology in Healthcare.
Legitimate Interests: We may process data for quality improvement, fraud prevention, and operational efficiency, provided these interests do not override your rights and freedoms.
Vital Interests: In emergency situations, we may process data to protect your health or safety without prior consent, as permitted by law.
Data Sharing & Third Parties
We may share your personal data with the following parties, only to the extent necessary and with appropriate safeguards:
Insurance Providers: To process and settle claims for therapy services covered under your insurance plan. Only the minimum information required for claims processing is shared.
Referring Physicians and Specialists: To coordinate care, share assessment outcomes, and provide progress updates to the healthcare professionals involved in your treatment, with your consent.
Dubai Health Authority (DHA): To comply with mandatory reporting obligations, licence inspections, and electronic health record (Nabidh/Riayati) integration requirements.
Community Development Authority (CDA): For programmes and services delivered under CDA-registered activities.
Schools and Educational Institutions: With parental or guardian consent, we may share progress reports or recommendations with schools to support inclusion planning.
IT and Technology Service Providers: Third-party vendors who host our systems, manage our electronic medical records, or provide analytics services. All vendors are contractually bound to maintain strict data protection standards.
We never sell, rent, or trade your personal data or health information to any third party for marketing, advertising, or commercial purposes.
Data Security Measures
Protecting your information is a top priority. We implement comprehensive technical, administrative, and physical security measures, including:
Technical Safeguards
Industry-standard encryption (TLS/SSL) for all data transmitted between your device and our servers
Encryption of stored health records and sensitive personal data at rest
Firewalls, intrusion detection systems, and regular vulnerability assessments
Secure, role-based access controls ensuring only authorised staff can view patient information
Multi-factor authentication for systems containing protected health information
Administrative Safeguards
Mandatory data privacy and security training for all staff members upon hiring and annually thereafter
Confidentiality agreements signed by all employees, contractors, and third-party vendors
Regular internal audits and compliance reviews aligned with DHA standards
Documented incident response procedures for potential data breaches
Physical Safeguards
Restricted access to areas where physical patient records and servers are stored
CCTV monitoring and visitor log controls at clinic premises
Secure disposal of physical documents containing personal data through confidential shredding
Your Rights
Under UAE data protection law, you have the following rights regarding your personal data:
Right of Access: You may request a copy of the personal data we hold about you or your child. We will respond within 30 days of receiving a verified request.
Right to Rectification: You may request corrections to any inaccurate or incomplete personal data. We will update our records promptly upon verification.
Right to Erasure: You may request deletion of your personal data where there is no compelling legal or clinical reason for its continued retention. Please note that certain medical records must be retained as required by UAE law.
Right to Data Portability: You may request a structured, machine-readable copy of your data to transfer to another healthcare provider.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to Object: You may object to the processing of your personal data for specific purposes, such as direct marketing or research.
Right to File a Complaint: If you believe your privacy rights have been violated, you may lodge a complaint with the UAE Data Office or the Dubai Health Authority.
To exercise any of these rights, please contact our Data Protection Officer using the details provided at the end of this policy.
Children's Privacy
A significant portion of our patient population consists of children and minors. We take additional precautions to protect their data:
All personal and health data relating to minors (under 18 years of age) is collected and processed with the explicit consent of a parent or legal guardian.
Parents and guardians have full access to their child's records and may exercise all data rights on their child's behalf.
Photographs, videos, or recordings of minors during therapy sessions are taken only with prior written parental consent and are stored securely with restricted access.
We do not knowingly collect personal data from minors through our website without parental consent. If we become aware that data has been collected from a child without proper consent, we will delete it promptly.
Sharing of a minor's information with schools, other therapists, or external parties requires specific parental authorization for each instance.
Cookies & Website Analytics
Our website uses cookies and similar technologies to enhance your browsing experience. The types of cookies we use include:
Essential Cookies: Required for the basic functionality of our website, such as session management and security. These cannot be disabled.
Analytics Cookies: We use Google Analytics to understand how visitors interact with our website. These cookies collect anonymised data about page views, session duration, and user demographics. Google Analytics data is processed in accordance with Google's privacy policy.
Functional Cookies: These remember your preferences, such as language settings or previously completed form fields, to improve your experience on future visits.
Marketing Cookies: With your consent, we may use cookies from platforms such as Meta (Facebook) and Google Ads to deliver relevant advertisements and measure campaign effectiveness.
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may affect your ability to use certain features of our website.
Data Retention Periods
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
Patient Medical Records: Retained for a minimum of 25 years from the date of the last clinical encounter, in compliance with DHA medical records retention requirements for paediatric cases. For adult records, the minimum retention period is 10 years.
Financial and Billing Records: Retained for 5 years from the date of the transaction, in accordance with UAE commercial law.
Insurance Claim Records: Retained for 5 years after the final settlement of the claim.
Website Analytics Data: Retained for up to 26 months, after which it is automatically anonymised or deleted.
Enquiry and Communication Records: Retained for 2 years from the date of the last communication, unless the enquiry leads to an active patient relationship.
CCTV Footage: Retained for up to 90 days, unless required for an ongoing investigation.
When retention periods expire, data is securely deleted or anonymised so that it can no longer be associated with any individual.
International Data Transfers
Your personal data is primarily stored and processed within the United Arab Emirates. However, in limited circumstances, data may be transferred outside the UAE:
When using cloud-based services or IT infrastructure operated by international providers, whose servers may be located in other jurisdictions.
When coordinating care with healthcare providers or specialists located outside the UAE, with your explicit consent.
When required by international insurance providers for claims processing.
In all cases where data is transferred internationally, we ensure that appropriate safeguards are in place, including contractual data protection clauses and verification that the receiving jurisdiction provides an adequate level of data protection as recognized by UAE authorities.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes:
The updated policy will be published on this page with a revised "Last Updated" date.
For significant changes that affect how we process health information, we will notify active patients via email or during their next visit.
Continued use of our services or website after the effective date of any changes constitutes your acceptance of the updated policy.
We encourage you to review this page periodically to stay informed about how we protect your data.
Contact Information
If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:
R 03 European Business Center, Ground floor, next to DIP Metro Station, Dubai Investment Park
SZR Clinic
803, 8th Floor, Aspin Commercial Tower, near Financial Metro Station, Sheikh Zayed Road
We aim to respond to all data protection enquiries within 14 business days. For urgent privacy matters or suspected data breaches, please call us directly at +971-42620201.
