Privacy Policy

LabTestUAE ("we," "our," or "us") operates the website testuae.com and related services. We are committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data when you use our lab test booking platform, home sample collection services, and associated digital tools.

By accessing or using our services, you agree to the collection and use of information as described in this policy. If you do not agree with these terms, please do not use our services.

1. Information We Collect

1.1 Personal Information

When you create an account, book a test, or contact us, we may collect the following personal information:

• Full name, date of birth, and gender
• Email address and phone number
• Residential address and preferred sample collection location
• Emirates ID number or passport details (when required for identification during sample collection)
• Payment information (processed securely through Stripe; we do not store your full card details)

1.2 Health and Medical Data

As a medical lab test booking platform, we handle sensitive health-related data, including:

• Lab test orders and booking history
• Test results and diagnostic reports provided by our partner laboratories
• Medical notes or special instructions you provide during the booking process
• Health conditions or symptoms you voluntarily share when using our condition guides or AI assistant

We treat all health data as sensitive personal data and apply additional safeguards in accordance with UAE data protection regulations.

1.3 Device and Usage Data

We automatically collect certain technical information when you access our website, including:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device type (desktop, mobile, tablet) and screen resolution
• Pages visited, time spent on pages, and navigation paths
• Referring website or search terms that led you to our platform

1.4 Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to enhance your browsing experience, remember your preferences, and analyze website traffic. These include essential cookies required for site functionality, analytics cookies (such as Google Analytics) to understand usage patterns, and preference cookies that remember your language and display settings. You can manage your cookie preferences through your browser settings at any time.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing Our Services: To process your lab test bookings, coordinate home sample collection appointments, deliver test results, and manage your account.
• Communications: To send booking confirmations, appointment reminders, test result notifications, and respond to your customer support inquiries. We may also send promotional communications about new tests or health tips, which you can opt out of at any time.
• Payment Processing: To process payments securely through our payment partners (Stripe) and manage billing records for cash-on-delivery transactions.
• Analytics and Improvement: To analyze usage patterns, improve our website performance, develop new features, and enhance the overall user experience.
• Safety and Security: To detect and prevent fraud, unauthorized access, and other malicious activities, and to maintain the security and integrity of our platform.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests within the United Arab Emirates.

3. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of third parties only as necessary to provide our services:

• Partner Laboratories: We share your personal and booking information with our accredited partner labs (including but not limited to laboratories licensed by the UAE Ministry of Health and Prevention) so they can process your samples, conduct tests, and generate results.
• Payment Processors: Stripe processes your online payments. Their handling of your payment data is governed by their own privacy policy. For cash-on-delivery orders, our collection agents handle payment on-site.
• Service Providers: We work with trusted third-party providers for hosting (Netlify), database services (Supabase), email delivery, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal Requirements: We may disclose your information if required to do so by law, in response to valid requests by public authorities (such as a court order or government agency), or when necessary to protect our rights, privacy, safety, or property, or that of our users or the public.

4. Data Security

We implement industry-standard technical and organizational measures to protect your personal and health data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest within our database systems
• Role-based access controls limiting data access to authorized personnel only
• Regular security audits and vulnerability assessments
• Secure authentication mechanisms including password hashing and session management

While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. UAE Data Protection Compliance

LabTestUAE is committed to complying with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE Data Protection Law") and its implementing regulations. In accordance with this law:

• We process your personal data based on legitimate legal grounds, including your consent, the performance of a contract (your booking), and our legitimate business interests.
• Health data is treated as sensitive personal data and is processed with explicit consent and additional safeguards as required by the law.
• We ensure that any cross-border transfer of personal data is conducted in compliance with the requirements set forth by the UAE Data Office, including ensuring adequate levels of data protection in the receiving jurisdiction.
• We maintain records of our data processing activities and have appointed a designated point of contact for data protection matters.

If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the UAE Data Office.

6. Cookie Policy

Our website uses the following types of cookies:

• Essential Cookies: Required for basic site functionality such as user authentication, session management, shopping cart operations, and security features. These cookies cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use Google Analytics to track page views, session duration, and user flows. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Preference Cookies: Remember your settings and preferences, such as language selection and display preferences, to provide a more personalized experience.

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods include:

• Account Data: Retained for the duration of your active account and for up to 24 months after account closure, unless a longer retention period is required by law.
• Booking and Transaction Records: Retained for a minimum of 5 years to comply with UAE commercial and tax regulations.
• Health and Lab Test Data: Retained for a minimum of 10 years in accordance with UAE healthcare record retention requirements, or longer if required by applicable regulations.
• Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for statistical and research purposes.
• Communication Records: Customer support correspondence is retained for up to 36 months to ensure service quality and resolve any ongoing issues.

When data is no longer needed, we securely delete or anonymize it so that it can no longer be associated with you.

8. Your Rights

Under UAE data protection law, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to Correction: You may request that we correct any inaccurate or incomplete personal data. You can also update much of your information directly through your account settings.
• Right to Deletion: You may request the deletion of your personal data, subject to our legal retention obligations (particularly for health records and financial transactions).
• Right to Data Portability: You may request a machine-readable copy of your personal data to transfer to another service provider.
• Right to Restrict Processing: You may request that we limit the processing of your data in certain circumstances, such as when you contest the accuracy of your data.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Object: You may object to the processing of your personal data for direct marketing purposes at any time.

To exercise any of these rights, please contact us at support@testuae.com. We will respond to your request within 30 days.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. Lab tests for minors must be booked by a parent or legal guardian, who assumes responsibility for providing the minor's data and consenting to its processing. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly. If you believe your child has provided us with personal data without your consent, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page with a revised "Last updated" date. For significant changes that materially affect how we handle your personal data, we will provide additional notice through email or a prominent banner on our website. We encourage you to review this policy periodically to stay informed about how we protect your data.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: