Privacy Policy

How 7DMC collects, uses and protects your personal data across our website, mobile app, clinic and marketing channels.

Last updated: 11 July 2026

Contents

  1. 1. Introduction & Scope
  2. 2. Who We Are
  3. 3. Our Data Protection Contact
  4. 4. Personal Data We Collect
  5. 5. How and Why We Use Your Data
  6. 6. Cookies & Similar Technologies
  7. 7. Marketing & Advertising Platforms
  8. 8. Mobile Application
  9. 9. Who We Share Your Data With
  10. 10. International Data Transfers
  11. 11. Data Retention
  12. 12. Data Security
  13. 13. Your Rights
  14. 14. Children’s Data
  15. 15. Changes to This Policy
  16. 16. Contact Us

1. Introduction & Scope

Seven Dimensions Medical Centre, trading as 7 Dimensions Medical Centre and 7DMC (“7DMC”, “we”, “us”, “our”), operates a multi-speciality outpatient medical centre in Dubai, United Arab Emirates, under Dubai Health Authority (DHA) License No. 3339141 and Ministry of Health and Prevention website approval No. UX12361.

This Privacy Policy explains how we collect, use, store, share and protect personal data across every channel through which we interact with you, including:

A separate, more detailed EMR & Patient Health Data Policy governs clinical/medical record data specifically and should be read together with this Policy. Where the two documents differ on the treatment of health data, the EMR & Patient Health Data Policy applies.

2. Who We Are

Item Detail
Legal entity Seven Dimensions Medical Centre
Trading name 7 Dimensions Medical Centre (7DMC)
DHA License No. 3339141
MOH website approval UX12361
Registered address Diamond Business Centre A, 1st Floor, Arjan, near Dubai Miracle Garden, Al Barsha, Dubai, UAE
General enquiries info@7dmc.ae  |  (04) 2434 777

3. Our Data Protection Contact

7DMC has designated the following contact for privacy queries and data subject requests:

Role Detail
Data Protection Contact Altaf Hussein
Email marketing@7dmc.ae

4. Personal Data We Collect

The categories of personal data we collect depend on how you interact with us:

Category Examples Typical source
Identity & contact data Name, Emirates ID/passport details, date of birth, gender, nationality, phone, email, address Booking forms, reception, app
Appointment & booking data Requested department/doctor, appointment date/time, insurance provider Website form, WhatsApp, phone, app
Health / medical data Medical history, diagnosis, treatment notes, prescriptions, lab/imaging results EMR at point of care — see EMR & Patient Health Data Policy
Insurance & billing data Insurance provider and policy details, claims data, payment records Reception, insurance partner (Nextcare, Al Madallah, MSH), Tabby
Communications data WhatsApp, SMS and email correspondence relating to appointments and reminders Our messaging and email service providers
Marketing & behavioural data Pages viewed, campaign source, ad interactions, email opens/clicks Website cookies, Meta Pixel, Google Ads/Analytics, email marketing platform
Technical data IP address, device/browser type, app device identifiers Website, mobile app

We only ask for the minimum data needed for the purpose in question. Appointment reminders sent by WhatsApp, SMS and email contain scheduling details only — for example, confirmation of a date and time — and do not include diagnosis, treatment notes or other clinical content.

5. How and Why We Use Your Data

Purpose Categories used Legal basis
Booking and managing appointments Identity, contact, appointment data Performance of a contract / your request
Providing medical care and maintaining your medical record Health data Explicit consent and legal basis under Federal Law No. 2 of 2019 — see EMR & Patient Health Data Policy
Processing insurance claims and billing Identity, insurance, billing data Performance of a contract, legal obligation
Sending appointment confirmations and reminders Contact, appointment data Legitimate interest / your consent
Marketing communications and advertising Contact, marketing/behavioural data Your consent (opt-out available at any time)
Legal, regulatory and licensing compliance As required Legal obligation (DHA, MOH, UAE Data Office)

This Policy is prepared with reference to Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) for general personal data, and Federal Law No. 2 of 2019 concerning the use of Information and Communications Technology in the Health Fields for health data.

6. Cookies and Similar Technologies

Our website uses cookies and similar technologies, including Google Analytics, Google Ads and Meta Pixel, to understand site usage and measure the performance of our marketing campaigns. You can control non-essential cookies through your browser settings. We are working on adding a dedicated cookie consent tool to give you more granular control over non-essential cookies directly on the website.

7. Marketing & Advertising Platforms

We use the following third-party platforms to run our marketing and to communicate with you. These platforms process contact and behavioural data only — never clinical/medical record data:

Platform Purpose Data processed
Meta (Facebook/Instagram) Ads & Pixel Advertising and campaign measurement Contact and behavioural data
Google Ads & Analytics Advertising and website analytics Technical and behavioural data
Email marketing platform Email marketing campaigns Name, email, marketing preferences
WhatsApp Business Platform Appointment reminders Contact and appointment data only
SMS gateway Appointment reminders Contact and appointment data only

Some of these providers process data outside the UAE as part of their standard global infrastructure. We only share the minimum data necessary for the service in question, and we never send clinical/medical record data to any marketing or advertising platform.

8. Mobile Application

7DMC is developing a mobile application, built on Flutter and connected to our Odoo business platform, which will allow patients to book appointments and receive notifications. Once launched, the app will be governed by this Policy and by an app-specific notice covering any device permissions requested (for example, notifications or camera access), published before the app becomes available for download.

9. Who We Share Your Data With

Recipient Reason Data shared
TenderCare FZE Provides and hosts Capsule, our current electronic medical record (EMR) system Your clinical/medical record data
Ci CORP Digital Our technology partner — develops and maintains our Odoo platform, website and app, manages our cloud infrastructure, and is leading our planned migration of EMR hosting to AWS, under confidentiality obligations As required for the systems it maintains
Amazon Web Services (AWS) Cloud hosting for our Odoo platform (our EMR is hosted separately by TenderCare — see above) Hosted, not accessed, by AWS in the ordinary course
Nextcare, Al Madallah, MSH Insurance claims processing for patients covered by these providers Relevant clinical and billing data for the claim
Tabby Buy-now-pay-later payment processing Payment and billing data
Regulatory authorities (DHA, MOH, UAE Data Office) Legal and licensing obligations As legally required

We do not sell personal data to any third party.

10. International Data Transfers

Your medical record is currently held in Capsule, our clinic’s electronic medical record (EMR) system, provided and hosted by TenderCare FZE, a Dubai-based healthcare technology company, on TenderCare’s own hosting infrastructure within the UAE — in line with the UAE’s data localisation requirement for health data under Federal Law No. 2 of 2019. 7DMC is planning to migrate EMR hosting to Amazon Web Services within the UAE (AWS me-central-1) as part of our ongoing digital transformation programme with Ci CORP Digital; this Policy will be updated once that migration is complete.

Our Odoo platform, which holds business and enquiry data (not clinical records), is separately hosted on AWS within the UAE. Appointment confirmations and reminders sent by SMS, WhatsApp and email are limited to scheduling information, such as your appointment date and time, and never include diagnosis, treatment notes or other clinical content.

Non-health marketing and communications data may be processed outside the UAE by our marketing platform providers (Meta, Google, and our email marketing platform) as part of their standard international infrastructure. These providers maintain their own data protection safeguards and certifications.

11. Data Retention

Data category Retention period
Medical/clinical records (EMR) Minimum 25 years from the date of the last health procedure, per Federal Law No. 2 of 2019 — see EMR & Patient Health Data Policy
Enquiry/marketing data where no appointment is booked 2 years from last contact, then deleted or anonymised
Billing and insurance records Retained in line with applicable UAE financial record-keeping requirements

12. Data Security

We apply technical and organisational safeguards appropriate to the sensitivity of the data involved, including:

No system is completely secure. If we become aware of a data breach affecting your personal data, we will assess the risk and notify the UAE Data Office, DHA and affected individuals as required by law.

13. Your Rights

Subject to applicable law, you may have the right to:

To exercise any of these rights, contact our data protection contact at marketing@7dmc.ae.

14. Children’s Data

Some of our services (for example, paediatric dentistry) involve minors. Where we collect data relating to a minor, we do so with the consent and involvement of a parent or legal guardian.

15. Changes to This Policy

We may update this Policy from time to time. The “Last updated” date at the top of this page indicates the latest revision. Material changes will be reflected on this page before they take effect.

16. Contact Us

For any question about this Policy or how we handle your data, contact:

Seven Dimensions Medical Centre (7DMC)
Diamond Business Centre A, 1st Floor, Arjan, Al Barsha, Dubai, UAE
Email: marketing@7dmc.ae  |  Phone: (04) 2434 777

BOOK NOW