Privacy Policy

01Introduction

Doctrix Medical Laboratory (“Doctrix”, “we”, “us”, or “our”) is a DHA-certified clinical pathology laboratory located at 23rd Floor, Donna Towers, Dubai Silicon Oasis, Dubai, United Arab Emirates.

This Privacy Policy applies to the personal information we collect through our websites (doctrixlab.com and doctrixlabs.com), our WhatsApp and telephone channels, and our in-laboratory and home-collection services. It is intended to align with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and applicable Dubai Health Authority (DHA) requirements.

02Information we collect

• Identity & contact details — your name, phone number, email address, and similar details you provide when booking or making an enquiry.
• Health & medical information — the tests you request, samples you provide, your test results and reports, and any clinical information you or a referring clinician share with us. This is sensitive personal data, and we handle it with additional care.
• Appointment & service information — booking details, preferred times, your home-collection address, and our communication history with you.
• Payment information — the details needed to process payment for our services. We do not store full card details; payments are handled by our payment providers.
• Technical & usage data — when you visit our websites we automatically collect information such as your IP address, device and browser type, pages viewed, and how you interact with the site, through cookies and similar technologies (see Section 5).

03How we collect your information

We collect information in three main ways:

• Directly from you — when you contact us by WhatsApp, phone, email, or our website, book an appointment, or attend the lab or a home visit.
• Automatically — through cookies and analytics tools when you use our websites.
• From third parties — such as a referring physician or clinic, or a family member booking on your behalf, where this is permitted.

04How and why we use your information

We use your information to:

• provide laboratory and diagnostic services, including collecting samples, performing tests, and delivering results;
• schedule appointments and arrange home collection;
• communicate with you about your bookings, results, and enquiries (including via WhatsApp, phone, SMS, and email);
• process payments and maintain proper records;
• comply with our legal, regulatory, and DHA obligations, including health record-keeping requirements;
• improve our services and websites; and
• where you have consented, send you information about our services and health packages, and measure the effectiveness of our advertising.

Under the PDPL, we rely on one or more of the following legal bases: your consent; the performance of a service you have requested; compliance with a legal obligation; the protection of vital interests (for example, in a medical emergency); and our legitimate interests in operating and improving our laboratory, where these are not overridden by your rights. We process sensitive health data only where permitted — typically for the provision of healthcare, with your consent, or to meet a legal or regulatory requirement.

05Cookies, analytics & advertising

Our websites use cookies and similar technologies to function properly, understand how visitors use the site, and measure our advertising. These include:

• Google Analytics (GA4) — to understand website traffic and usage.
• Google Ads — to measure the performance of our advertising and, where applicable, show relevant ads.
• Google Tag Manager — to manage these tags.

These tools may set cookies and process data such as device identifiers and usage patterns; some of this data may be processed by Google. You can control or delete cookies through your browser settings, opt out of Google Analytics using Google’s available opt-out tools, and adjust ad personalisation in your Google account settings. We use website analytics in aggregate to improve our service and advertising and do not use it to identify you personally for marketing without your consent.

06How we share your information

We may share your information with:

• referring physicians or clinics involved in your care, where appropriate;
• regulatory and government authorities, including the Dubai Health Authority, where required by law;
• trusted service providers who process data on our behalf (for example IT, communications, and payment providers), under appropriate confidentiality and data-processing obligations; and
• legal or law-enforcement authorities where we are required to do so by law.

We do not sell your personal information.

07International transfers

Some of our service providers (for example, analytics and communications platforms) may process data on servers located outside the UAE. Where personal data is transferred outside the UAE, we take steps to ensure it remains protected in line with the PDPL, including appropriate contractual safeguards.

08Data security

We apply appropriate technical and organisational measures to protect your information against unauthorised access, loss, or misuse — including access controls, secure systems, and staff confidentiality obligations. While no method of transmission or storage is completely secure, we work to safeguard your data and to limit access to those who need it to provide your care.

09Data retention

We keep your personal and medical information only for as long as necessary to provide our services and to meet our legal, regulatory, and DHA record-keeping obligations, after which it is securely deleted or anonymised.

10Your rights

Subject to the PDPL, you have the right to:

• access the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your data in certain circumstances;
• restrict or object to certain processing;
• withdraw consent at any time, without affecting the lawfulness of processing before withdrawal;
• request a copy of certain data you have provided to us; and
• lodge a complaint with the UAE Data Office.

To exercise any of these rights, please contact us using the details in Section 14. Please note that some health records must be retained for regulatory reasons even where you request deletion.

11Children’s privacy

We provide services to children and minors only with the consent and involvement of a parent or legal guardian. Where we collect a minor’s information, we do so to provide the requested healthcare service and handle it with the same care as all sensitive data.

12Third-party links

Our websites and messages may contain links to third-party services (for example, WhatsApp or mapping services). We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

13Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with an updated “Last updated” date. Where changes are significant, we will communicate them as appropriate.

14Contact us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: