Privacy Policy
Version: Version 1.0
Effective Date: 1 April 2025
1. Introduction
Skai Health ("Skai", "we", "our", or "us") is committed to protecting the privacy and confidentiality of the Personal Data we collect. This Privacy Policy outlines how we collect, use, store, share, and protect the Personal Data and Sensitive Personal Data of individuals, including Members, website users, suppliers, business partners, and third-party service providers.
Our data practices are aligned with applicable UAE laws, including Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL) and Federal Law No. (2) of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields (collectively referred to as “Data Protection Laws”).
2. Definitions
Controller: Skai Health, which determines the purposes and means of processing Personal Data.
Data Subject: Any individual whose Personal Data is collected and processed by Skai Health, including Members, patients, employees, contractors, suppliers, and website users.
DHA: The Dubai Health Authority, the government regulatory body responsible for healthcare services and licensing in the Emirate of Dubai.
Member: An individual subscribing to Skai Health’s services under a valid membership agreement.
MOHAP: The Ministry of Health and Prevention of the United Arab Emirates, the federal authority overseeing public health policy and regulation across the UAE.
Personal Data: Any information relating to an identified or identifiable natural person, whether directly or indirectly, including but not limited to name, contact details, identification numbers, electronic identifiers, location data, or any combination of data that can lead to the identification of a person.
Processor: Any third party engaged by Skai Health to process data on its behalf in accordance with contractual or legal obligations.
Sensitive Personal Data: A category of Personal Data that includes health or medical information, biometric data, genetic data, religious beliefs, criminal record, or any other data classified as sensitive under the Data Protection Laws.
Services: The healthcare, wellness, subscription, and administrative services provided by Skai Health, including membership offerings, consultations, diagnostics, primary care support, healthcare optimisation, and related support services, as outlined in Skai Health’s materials or agreements. Clinical services are delivered by Skai Health Dubai LLC or licensed Third-Party Providers.
Third-Party Provider: Any external healthcare, technology, administrative, or professional service provider engaged by Skai Health to deliver or support its Services. This includes diagnostic labs, wearable and connected health device platforms, health information exchanges, data hosting services, IT vendors, payment processors and affiliated healthcare professionals.
3. Information we collect
We may collect and process the following types of Personal Data and Sensitive Personal Data, depending on your relationship with Skai Health:
Identity Data: Name, date of birth, Emirates ID or passport number.
Contact Information: Email address, phone number, and residential address.
Health and Medical Information (for Members): Health and Medical Information (for Members): Medical history, consultation records, broad diagnostic results (such as imaging, blood work, genetic testing), biomarker and genomic data, and preventive care assessments.
Connected Health Data: Data transmitted from wearables or connected health devices (e.g. Apple Health, smartwatches, fitness trackers, or remote diagnostics), either directly or via integrated platforms. This may include location-based data (such as GPS-enabled fitness tracking or movement patterns), depending on your device settings and privacy preferences. These platforms are governed by their own privacy terms and are not controlled by Skai Health.
Payment & Financial Information:
For Members: Payment processing is handled via an authorised third-party payment processor; Skai Health does not directly store full card or banking details.
For suppliers and contractors: Bank account or billing information, to enable payment for services rendered.
Professional or Commercial Data: Information relating to your commercial relationship with Skai Health, including vendor, supplier, or business partner details, as well as records of services used, products purchased through Skai, subscription tier and status, billing history, and related transactional activity.
Technical & Usage Data: Data collected via website or platform usage, including IP address, browser type, cookies, and device identifiers.
4. How we use your data
We use Personal Data and Sensitive Personal Data to:
Provide healthcare, primary care support, wellness, and optimisation services to Members, including scheduling, coordination, and support.
Deliver clinical services through Skai Health Dubai LLC or Third-Party Providers (where applicable).
Facilitate remote consultations, referrals, diagnostics, and related service fulfilment.
Manage subscriptions, payments, billing, and account preferences.
Communicate with Members, website users, vendors, contractors, and suppliers.
Operate, secure, and improve our website, digital platforms, and user experience.
Analyse anonymised data to enhance service quality, inform clinical research, and improve member health outcomes.
Comply with legal, regulatory, clinical, and contractual obligations.
We only process data for purposes that are lawful, necessary, and proportionate.
5. Consent
Where required under applicable Data Protection Laws, we obtain your explicit consent before collecting or processing your Sensitive Personal Data (e.g., health records, diagnostics, or genetic data).
You may withdraw your consent at any time by contacting us at the details provided below. Please note that withdrawal of consent may affect our ability to provide certain healthcare, membership, or support services, particularly where such data is essential to fulfilling your membership or delivering clinical care.
6. Data sharing
We may share your Personal Data and Sensitive Personal Data with the following parties, where necessary to deliver our Services or comply with legal obligations:
Third-Party Providers, including healthcare professionals and diagnostic partners, to support consultations, referrals, and the delivery of care.
Authorised payment processors to process membership fees or service-related payments.
Professional services providers, including IT support, legal advisors, and compliance consultants.
Regulatory or government authorities, if required to meet legal, clinical, or statutory obligations.
All Third-Party Providers and partners are contractually required to comply with applicable Data Protection Laws and Skai Health’s data protection standards.
Skai Health may generate, use, and share anonymised or aggregated data sets derived from Personal Data or Sensitive Personal Data for research, academic, clinical, or commercial purposes. These data sets do not identify individual Members and are not subject to the same restrictions as identifiable data. Where appropriate, such anonymised data may be shared with external research institutions, commercial partners, or third parties, including for the development of healthcare insights, product development, or service improvements.
We may also receive or transmit Personal Data and Sensitive Personal Data via connected third-party platforms or wearable technologies (e.g. Apple Health, Technogym, Purview, MyMetTest) to support health optimisation and continuity of care. These platforms operate independently and are governed by their own privacy policies. Skai Health does not control or accept responsibility for the data-handling practices of these external providers. We strongly encourage you to review the relevant third-party privacy policies to understand how your data may be used, stored, or shared. Use of these platforms is entirely optional and subject to the privacy terms and user agreements of the respective providers.
7. Data storage and security
Skai Health stores Personal Data and Sensitive Personal Data securely in accordance with UAE data localisation laws and applicable Data Protection Laws.
We implement appropriate technical, administrative, and organisational safeguards to protect data from unauthorised access, disclosure, alteration, or loss.
Data is stored using encrypted systems and secure servers, and access is restricted to authorised personnel only.
We periodically review and update our data protection protocols to maintain high standards of privacy and information security.
8. Data retention
Medical and health-related records are retained for a minimum of 25 years from the date of the last documented clinical interaction in accordance with UAE healthcare regulations.
Other categories of Personal Data and Sensitive Personal Data are retained only for as long as necessary to fulfil the purpose for which they were collected or as required by legal, regulatory, or contractual obligations.
Once the applicable retention period has expired, data will be securely deleted, anonymised, or archived following Skai Health’s data governance protocols.
9. Your rights
As a Data Subject, you have the following rights under applicable Data Protection Laws:
To access and request a copy of the Personal Data we hold about you;
To request correction or update of inaccurate, incomplete, or outdated data;
To request deletion of your Personal Data, subject to legal, regulatory, or clinical retention requirements;
To withdraw consent for data processing, where consent is the legal basis for processing;
To object to the use of your Personal Data for purposes not required for the delivery of services or legal compliance.
To exercise these rights, please contact our Data Protection Officer (DPO) at: privacy@skai-health.com
10. International transfers
Skai Health may transfer, store, or access your Personal Data and Sensitive Personal Data outside the United Arab Emirates, including jurisdictions such as the United Kingdom and the United States, where Skai Health, its affiliated clinics, or authorised third-party vendors and partners, or technology providers operate or are located.
All cross-border transfers are conducted in compliance with applicable UAE Data Protection Laws and are supported by appropriate safeguards, which may include:
Contractual data protection clauses;
Due diligence to confirm that the recipient implements adequate security measures; and/or
Transfers to jurisdictions officially recognised as having adequate levels of data protection.
By using Skai Health’s services, you acknowledge and consent to such international transfers, subject to the safeguards outlined above.
11. Cookies, digital platforms and website usage
Skai Health’s website and mobile applications use cookies and similar technologies to enhance your browsing experience, analyse traffic, and support the functionality of our digital platforms. These tools help us understand user behaviour, personalise your experience, and improve our Services.
Members may also access and share their own health-related information via Skai Health’s secure online portal or app, including diagnostic results, care plans, and other membership-related data. These platforms are designed with privacy and security in mind and are governed by the same standards outlined in this Privacy Policy.
You may manage or disable cookies through your browser or device settings. However, disabling certain cookies or platform features may affect the functionality and performance of the website or app.
12. Policy updates
Skai Health may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service offerings.
Where material changes are made, we will notify you via our website or by email. The most current version of the Privacy Policy will always be accessible on our website and will include the effective date at the top of the page.
13. Contact us
If you have any questions, concerns, or requests regarding your Personal Data or this Privacy Policy, please contact:
Skai Health – Data Protection Officer
Email: privacy@skai-health.com
We will respond to all legitimate requests in accordance with applicable Data Protection Laws.