How 7DMC collects, uses and protects your personal data across our website, mobile app, clinic and marketing channels.
Last updated: 11 July 2026
Contents
Seven Dimensions Medical Centre, trading as 7 Dimensions Medical Centre and 7DMC (“7DMC”, “we”, “us”, “our”), operates a multi-speciality outpatient medical centre in Dubai, United Arab Emirates, under Dubai Health Authority (DHA) License No. 3339141 and Ministry of Health and Prevention website approval No. UX12361.
This Privacy Policy explains how we collect, use, store, share and protect personal data across every channel through which we interact with you, including:
A separate, more detailed EMR & Patient Health Data Policy governs clinical/medical record data specifically and should be read together with this Policy. Where the two documents differ on the treatment of health data, the EMR & Patient Health Data Policy applies.
| Item | Detail |
|---|---|
| Legal entity | Seven Dimensions Medical Centre |
| Trading name | 7 Dimensions Medical Centre (7DMC) |
| DHA License No. | 3339141 |
| MOH website approval | UX12361 |
| Registered address | Diamond Business Centre A, 1st Floor, Arjan, near Dubai Miracle Garden, Al Barsha, Dubai, UAE |
| General enquiries | info@7dmc.ae | (04) 2434 777 |
7DMC has designated the following contact for privacy queries and data subject requests:
| Role | Detail |
|---|---|
| Data Protection Contact | Altaf Hussein |
| marketing@7dmc.ae |
The categories of personal data we collect depend on how you interact with us:
| Category | Examples | Typical source |
|---|---|---|
| Identity & contact data | Name, Emirates ID/passport details, date of birth, gender, nationality, phone, email, address | Booking forms, reception, app |
| Appointment & booking data | Requested department/doctor, appointment date/time, insurance provider | Website form, WhatsApp, phone, app |
| Health / medical data | Medical history, diagnosis, treatment notes, prescriptions, lab/imaging results | EMR at point of care — see EMR & Patient Health Data Policy |
| Insurance & billing data | Insurance provider and policy details, claims data, payment records | Reception, insurance partner (Nextcare, Al Madallah, MSH), Tabby |
| Communications data | WhatsApp, SMS and email correspondence relating to appointments and reminders | Our messaging and email service providers |
| Marketing & behavioural data | Pages viewed, campaign source, ad interactions, email opens/clicks | Website cookies, Meta Pixel, Google Ads/Analytics, email marketing platform |
| Technical data | IP address, device/browser type, app device identifiers | Website, mobile app |
We only ask for the minimum data needed for the purpose in question. Appointment reminders sent by WhatsApp, SMS and email contain scheduling details only — for example, confirmation of a date and time — and do not include diagnosis, treatment notes or other clinical content.
| Purpose | Categories used | Legal basis |
|---|---|---|
| Booking and managing appointments | Identity, contact, appointment data | Performance of a contract / your request |
| Providing medical care and maintaining your medical record | Health data | Explicit consent and legal basis under Federal Law No. 2 of 2019 — see EMR & Patient Health Data Policy |
| Processing insurance claims and billing | Identity, insurance, billing data | Performance of a contract, legal obligation |
| Sending appointment confirmations and reminders | Contact, appointment data | Legitimate interest / your consent |
| Marketing communications and advertising | Contact, marketing/behavioural data | Your consent (opt-out available at any time) |
| Legal, regulatory and licensing compliance | As required | Legal obligation (DHA, MOH, UAE Data Office) |
This Policy is prepared with reference to Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) for general personal data, and Federal Law No. 2 of 2019 concerning the use of Information and Communications Technology in the Health Fields for health data.
We use the following third-party platforms to run our marketing and to communicate with you. These platforms process contact and behavioural data only — never clinical/medical record data:
| Platform | Purpose | Data processed |
|---|---|---|
| Meta (Facebook/Instagram) Ads & Pixel | Advertising and campaign measurement | Contact and behavioural data |
| Google Ads & Analytics | Advertising and website analytics | Technical and behavioural data |
| Email marketing platform | Email marketing campaigns | Name, email, marketing preferences |
| WhatsApp Business Platform | Appointment reminders | Contact and appointment data only |
| SMS gateway | Appointment reminders | Contact and appointment data only |
Some of these providers process data outside the UAE as part of their standard global infrastructure. We only share the minimum data necessary for the service in question, and we never send clinical/medical record data to any marketing or advertising platform.
7DMC is developing a mobile application, built on Flutter and connected to our Odoo business platform, which will allow patients to book appointments and receive notifications. Once launched, the app will be governed by this Policy and by an app-specific notice covering any device permissions requested (for example, notifications or camera access), published before the app becomes available for download.
Your medical record is currently held in Capsule, our clinic’s electronic medical record (EMR) system, provided and hosted by TenderCare FZE, a Dubai-based healthcare technology company, on TenderCare’s own hosting infrastructure within the UAE — in line with the UAE’s data localisation requirement for health data under Federal Law No. 2 of 2019. 7DMC is planning to migrate EMR hosting to Amazon Web Services within the UAE (AWS me-central-1) as part of our ongoing digital transformation programme with Ci CORP Digital; this Policy will be updated once that migration is complete.
Our Odoo platform, which holds business and enquiry data (not clinical records), is separately hosted on AWS within the UAE. Appointment confirmations and reminders sent by SMS, WhatsApp and email are limited to scheduling information, such as your appointment date and time, and never include diagnosis, treatment notes or other clinical content.
Non-health marketing and communications data may be processed outside the UAE by our marketing platform providers (Meta, Google, and our email marketing platform) as part of their standard international infrastructure. These providers maintain their own data protection safeguards and certifications.
| Data category | Retention period |
|---|---|
| Medical/clinical records (EMR) | Minimum 25 years from the date of the last health procedure, per Federal Law No. 2 of 2019 — see EMR & Patient Health Data Policy |
| Enquiry/marketing data where no appointment is booked | 2 years from last contact, then deleted or anonymised |
| Billing and insurance records | Retained in line with applicable UAE financial record-keeping requirements |
We apply technical and organisational safeguards appropriate to the sensitivity of the data involved, including:
No system is completely secure. If we become aware of a data breach affecting your personal data, we will assess the risk and notify the UAE Data Office, DHA and affected individuals as required by law.
Subject to applicable law, you may have the right to:
To exercise any of these rights, contact our data protection contact at marketing@7dmc.ae.
Some of our services (for example, paediatric dentistry) involve minors. Where we collect data relating to a minor, we do so with the consent and involvement of a parent or legal guardian.
We may update this Policy from time to time. The “Last updated” date at the top of this page indicates the latest revision. Material changes will be reflected on this page before they take effect.
For any question about this Policy or how we handle your data, contact:
Seven Dimensions Medical Centre (7DMC)
Diamond Business Centre A, 1st Floor, Arjan, Al Barsha, Dubai, UAE
Email: marketing@7dmc.ae | Phone: (04) 2434 777