HomeServices
    About
    About UsOur TeamPatient Experience
    BlogContactPatient Portal
    +971 50 301 3005
    Fri - Wed: 9AM - 8PM

    Privacy Policy

    Physio Cure Medical Center - FZCO

    Last updated: 7 February 2026

    1. Introduction & Scope

    This Privacy Policy explains how Physio Cure Medical Center - FZCO ("we", "our", "the Clinic"), located at Office 1510, SIT Tower, Dubai Silicon Oasis, Dubai, United Arab Emirates, collects, uses, stores, shares, and protects your personal data and health information.

    This policy applies to all individuals who interact with us through our website (physiocuredubai.com), our patient portal Physio Cure Connect (connect.physiocuredubai.com), in-clinic visits, telephone or WhatsApp communications, and any other channels through which we collect personal data.

    2. Regulatory Framework

    We process personal data in compliance with the following laws and regulations:

    • UAE Federal Law No. (2) of 2019 β€” Concerning the Use of Information and Communication Technology (ICT) in Health Fields (the "Health Data Law")
    • UAE Federal Decree Law No. (45) of 2021 β€” Concerning the Protection of Personal Data (the "PDPL")
    • UAE Federal Law No. (4) of 2016 β€” Concerning Medical Liability
    • Dubai Health Authority (DHA) regulations, standards, and guidelines
    • Dubai Silicon Oasis Authority (DSOA) regulations applicable to FZCO entities
    • UAE Federal Decree Law No. (34) of 2021 β€” Concerning Combatting Rumours and Cybercrimes (as it relates to data protection)

    3. Data We Collect

    3.1 Personal Identification Data

    • Full name, date of birth, gender, nationality
    • Emirates ID or passport details (for identity verification and medical records)
    • Contact details: phone number, email address, residential address
    • Emergency contact information
    • Photographs (for ID verification and clinical documentation where necessary)

    3.2 Health & Medical Data

    • Medical history, current conditions, and presenting symptoms
    • Diagnostic assessment results and clinical examination findings
    • Treatment plans, clinical notes (including SOAP notes), and progress records
    • Pain levels, functional scores, and outcome measurements
    • Imaging reports and referral letters from other healthcare providers
    • Session audio recordings (with explicit consent) for clinical note generation
    • Session feedback including pain improvement ratings and treatment satisfaction

    3.3 Financial & Transaction Data

    • Session package purchases, payment history, and invoice records
    • Insurance provider details for reimbursement documentation
    • Payment method details (processed securely; we do not store full card numbers)
    • Tabby installment plan information
    • Loyalty program memberships (Fazaa, Alsaada, GEMS Rewards, Homat Al Watan)

    3.4 Booking & Consultation Data

    • Appointment dates, times, and therapist assignments
    • Free consultation booking details and preliminary condition description
    • Cancellation, rescheduling, and attendance records
    • Patient portal (Physio Cure Connect) account and activity data

    3.5 Website & Digital Data

    • IP address, browser type, device information, and operating system
    • Pages visited, time spent, referral sources, and click behaviour
    • Google Ads tracking identifiers (GCLID, GBRAID, WBRAID) and UTM parameters
    • Cookies and similar tracking technologies (see Section 12)

    4. How We Use Your Data

    • Clinical Care: Providing physiotherapy assessment, diagnosis, treatment planning, and ongoing rehabilitation
    • Appointment Management: Scheduling, confirming, rescheduling, and sending reminders via WhatsApp and email
    • Patient Portal: Enabling access to Physio Cure Connect for appointment booking, progress tracking, treatment notes, and session package management
    • Payment Processing: Processing session payments, generating invoices, and facilitating insurance reimbursement documentation
    • Communication: Responding to enquiries, sending treatment-related updates, and providing clinical follow-up instructions
    • Quality Improvement: Analysing session feedback, patient satisfaction surveys, and treatment outcomes to enhance care quality
    • Legal & Regulatory Compliance: Meeting DHA reporting requirements, maintaining medical records as required by UAE law, and responding to lawful data requests
    • Clinical Research: Using anonymised, aggregated data for clinical research and service improvement (identifiable data is never used without explicit consent)
    • Marketing: Sending promotional communications only with your explicit opt-in consent

    5. Legal Basis for Processing

    • Consent: You provide explicit consent for the collection and processing of your health data when you sign our consent form
    • Contractual Necessity: Processing is necessary for the performance of our healthcare service agreement with you
    • Legal Obligation: We are required by UAE healthcare laws to maintain medical records and report certain information to the DHA
    • Vital Interests: In emergency situations, we may process data to protect your vital interests
    • Legitimate Interests: For operational efficiency, service improvement, and fraud prevention

    6. Health Data Protection

    Health data is classified as sensitive personal data under both the PDPL and the Health Data Law. We implement enhanced protections:

    • Health data is collected and processed only with your explicit written consent
    • Access to health records is restricted to authorised clinical staff directly involved in your treatment
    • All clinical notes, treatment records, and health assessments are stored in encrypted databases with role-based access controls
    • Session audio recordings are encrypted at rest and in transit, processed only for clinical documentation purposes
    • Health data is never used for marketing purposes without separate, explicit consent

    7. Data Sharing & Disclosure

    We do not sell, rent, or trade your personal data. We may share your data in the following circumstances:

    • Clinical Team: Your assigned physiotherapist(s) and the Medical Director access your health records to deliver coordinated care
    • Regulatory Authorities: We provide data to the DHA and other UAE authorities when required by law
    • Insurance Companies: We provide invoices and medical reports to your insurance provider only upon your request for reimbursement claims
    • Payment Processors: Transaction data is shared with our PCI-DSS compliant payment gateway and, where applicable, with Tabby
    • Technology Providers: Our patient portal, communication systems, and cloud infrastructure providers process data under strict data processing agreements
    • Referring Physicians: Medical records may be shared with referring healthcare providers only with your written permission
    • Legal Proceedings: We may disclose data when required by court order or legal process

    8. Data Retention

    • Medical Records: Retained for a minimum of 25 years from the date of the last treatment, in accordance with UAE healthcare regulations and DHA requirements
    • Financial Records: Retained for 5 years in accordance with UAE commercial and tax regulations
    • Consent Forms: Retained for 25 years alongside associated medical records
    • Website Analytics Data: Retained for up to 26 months
    • Marketing Consent Records: Retained for the duration of consent plus 3 years
    • Session Audio Recordings: Retained for the same period as the associated clinical notes (25 years)
    • Session Package Data: Purchase dates, expiry dates (180 days from purchase), and payment history are retained in accordance with financial record requirements

    When retention periods expire, data is securely deleted or anonymised.

    9. Cross-Border Data Transfer

    In accordance with Article 5 of the Health Data Law and Article 22 of the PDPL, your personal data is primarily stored and processed within the United Arab Emirates. Where cross-border transfer is necessary, we ensure:

    • The receiving jurisdiction provides an adequate level of data protection
    • Appropriate safeguards are in place, including Standard Contractual Clauses and data processing agreements
    • Data is encrypted during transfer using industry-standard encryption protocols (TLS 1.2 or higher)
    • Health data transfers comply with the specific requirements of the Health Data Law

    10. Your Rights

    Under UAE data protection laws, you have the following rights:

    • Right of Access: Request a copy of the personal data we hold about you
    • Right to Rectification: Request correction of inaccurate or incomplete data
    • Right to Erasure: Request deletion of your data, subject to legal retention requirements (medical records must be retained for 25 years)
    • Right to Restrict Processing: Request limitation of how we use your data in certain circumstances
    • Right to Data Portability: Receive your data in a structured, machine-readable format
    • Right to Withdraw Consent: Withdraw previously given consent at any time
    • Right to Object: Object to processing based on legitimate interests
    • Right to Lodge a Complaint: File a complaint with the UAE Data Office

    To exercise any of these rights, contact us at wecare@physiocuredubai.com or call +971 50 301 3005. We will respond within 30 days.

    11. Data Security

    • Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
    • Access Controls: Role-based access ensures only authorised personnel access relevant data
    • Authentication: Multi-factor authentication for administrative and clinical system access
    • Audit Logging: All access to patient records is logged and monitored
    • Staff Training: All staff undergo mandatory data protection and confidentiality training
    • Incident Response: Documented data breach response procedure, including notification within 72 hours where required
    • Regular Assessments: Periodic security assessments and penetration testing
    • Confidentiality Agreements: All staff and contractors are bound by strict confidentiality obligations

    12. Cookies & Website Analytics

    • Essential Cookies: Required for website functionality (session management, security)
    • Analytics Cookies: Google Analytics to understand website usage patterns
    • Advertising Cookies: Google Ads conversion tracking and remarketing
    • Functional Cookies: Language preferences and user interface settings

    You can manage cookie preferences through your browser settings. We respect Do Not Track (DNT) browser signals where technically feasible.

    13. Children's Privacy

    We provide pediatric physiotherapy services. When treating patients under 18:

    • Written parental or legal guardian consent is obtained before collecting any personal or health data
    • Parents/guardians have the right to access, review, and request deletion of their child's data
    • We collect only the minimum data necessary for clinical care
    • Children's data receives the same enhanced protections as all health data

    14. Third-Party Links

    Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

    15. Changes to This Policy

    We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Significant changes will be communicated through our website, patient portal, or direct communication. Continued use of our services after any update constitutes acceptance of the revised policy.

    16. Contact Information

    For privacy-related enquiries, data access requests, or complaints:

    • Entity: Physio Cure Medical Center - FZCO
    • Email: wecare@physiocuredubai.com
    • Phone / WhatsApp: +971 50 301 3005
    • Address: Office 1510, SIT Tower, Dubai Silicon Oasis, Dubai, UAE
    • Working Hours: Friday to Wednesday, 9:00 AM to 8:00 PM (Closed on Thursdays)

    If you are not satisfied with our response, you have the right to lodge a complaint with the UAE Data Office established under Federal Decree Law No. (45) of 2021.