Diversified Integrated Sports Clinic (“DISC”) are a group of clinics launched in September 2014 in the Dubai Healthcare City free zone, United Arab Emirates. As of 2026, DISC has three clinics in Dubai and one in Abu Dhabi. Diversified Integrated Sports Clinic (“us”, “we”, or “our”) operates and is the Data Controller of the www.disc-me.com website and the associated appointment booking platform (the “Service”).
This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used herein have the same meanings as in our Terms and Conditions, accessible from www.disc-me.com.
1. Legal Framework and Data Controller
1.1 Applicable Law. The collection, processing, storage, and transfer of your personal data through our Services is governed by UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”) and its Executive Regulations issued in 2023, and applicable healthcare data regulations issued by the Dubai Health Authority (DHA) and/or the Department of Health Abu Dhabi (DOH). References in this Policy to “Applicable Law” mean UAE PDPL and applicable UAE federal or emirate-level laws.
1.2 Data Controller. Diversified Integrated Sports Clinic is the Data Controller responsible for your personal data. Our Data Protection contact can be reached via the Contact Us page on our website.
1.3 ADHICS Compliance. As a healthcare entity operating in Abu Dhabi, we are subject to the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS). The appointment booking platform is operated in accordance with ADHICS requirements, including data classification, access controls, encryption, and incident response obligations.
2. Information Collected and Use
We collect the following categories of personal data solely for the purpose of facilitating appointment booking and verifying patient identity:
2.1 Personal Identification Data
- Full name
- Date of birth
- Emirates ID number
- Health insurance provider name and policy/membership number
- Mobile phone number
- Email address
2.2 What We Do NOT Collect Through This Platform
Scope Limitation. The appointment booking platform does not collect, store, or process clinical or medical data of any kind, including medical records, diagnoses, prescriptions, treatment notes, allergies, or any other health information. Any medical information related to your care at DISC clinics is held under separate clinical information governance systems and is not part of this platform.
2.3 Usage and Technical Data
We may collect technical data about how the Service is accessed and used, including IP address, browser type, browser version, pages visited, time and date of visit, and device identifiers. This is used for security monitoring, service improvement, and compliance purposes.
2.4 Cookies
We use the following types of cookies:
- Session Cookies: to operate our Service during your active session;
- Preference Cookies: to remember your preferences and settings;
- Security Cookies: to support authentication and protect against fraud.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
3. Legal Basis for Processing
3.1 Consent. We rely on your explicit consent, provided at the point of registration, as the primary legal basis for collecting and processing your personal data. You may withdraw consent at any time by contacting us, though this may affect your ability to use the booking service.
3.2 Contractual Necessity. Processing of your name, contact details, date of birth, and insurance information is necessary to fulfil your appointment booking request.
3.3 Legal Obligation. We may process your data to comply with applicable UAE legal obligations, including requirements under DHA, DOH, or other UAE federal or emirate-level regulatory authorities.
4. One-Time Password (OTP) Delivery
4.1 OTP Channels. We use OTP codes to verify your identity when logging in or confirming bookings. These OTPs are delivered via SMS (through licensed UAE telecommunications operators) or WhatsApp.
4.2 WhatsApp / Meta Processing. If you elect to receive OTPs via WhatsApp, your mobile phone number will be processed by Meta Platforms, Inc. as the operator of WhatsApp. This involves the transfer of your phone number to Meta’s servers, which may be located outside the UAE. By opting to receive OTPs via WhatsApp, you consent to this transfer. You may opt for SMS delivery at any time to avoid this cross-border transfer.
4.3 OTP Retention. OTP codes are ephemeral and are not stored by us beyond the authentication window (typically 5 minutes). We do not retain records of OTP codes after they have been used or expired.
5. Use of Data
We use the collected data for the following purposes:
- To provide and maintain the appointment booking Service;
- To verify your identity before granting access to the Patient Portal;
- To confirm, reschedule, or cancel your appointments;
- To send appointment reminders via SMS, WhatsApp, or email;
- To notify you about changes to our Service;
- To provide customer care and support;
- To monitor the usage and security of the Service;
- To detect, prevent and address technical issues or fraud;
- To comply with applicable legal and regulatory obligations.
6. Data Retention
6.1 Retention Period. We retain your personal data collected through the appointment booking platform for a period of five (5) years from your last interaction with the Service, or for such longer period as required by applicable UAE law (including DHA or DOH healthcare regulatory retention requirements), whichever is longer.
6.2 Deletion and Anonymisation. Upon the expiry of the applicable retention period, or upon receipt of a valid erasure request, your personal data will be securely deleted or anonymised so that it can no longer be attributed to you.
7. Transfer and Storage of Data
7.1 Data Residency. Your personal data is stored on servers located within the United Arab Emirates. We take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy.
7.2 Third-Party Transfers. Your personal data may be transferred to third-party service providers (such as SMS gateways, and cloud hosting providers) who process data on our behalf. All such providers are required to enter into Data Processing Agreements with us and are obligated not to use your data for any purpose other than providing services to us.
7.3 Cross-Border Transfers. Where data is transferred to a country outside the UAE, we will ensure that adequate protections are in place, including contractual clauses equivalent to those required under UAE PDPL. See Section 4.2 regarding WhatsApp/Meta data transfers.
7.4 Legal Disclosure. We will not disclose your personal data except: (a) with your authorisation; (b) as required by law or court order; (c) to protect and defend the rights or property of DISC; (d) to prevent or investigate wrongdoing in connection with the Service; or (e) to protect the personal safety of users or the public.
8. Analytics and Third-Party Services
8.1 Google Analytics. We may use Google Analytics, a web analytics service provided by Google LLC, to monitor and analyse website traffic. Google Analytics may collect your IP address and usage data. Data collected by Google Analytics may be transferred to Google’s servers in the United States. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on available at tools.google.com/dlpage/gaoptout. By continuing to use our website, you consent to analytics data being processed by Google subject to Google’s Privacy Policy. We have configured Google Analytics with IP anonymisation where technically feasible.
9. Security of Data
The security of your data is important to us. We implement appropriate technical and organisational security measures to protect your personal information, including:
- TLS encryption for all data transmitted between your device and our servers;
- Encryption at rest for stored personal identifiers including Emirates ID and insurance information;
- Role-based access controls restricting clinic staff access to booking data;
- Audit logging of data access events;
- Regular security assessments in accordance with ADHICS requirements.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
10. Data Breach Notification
10.1 Internal Response. We maintain an incident response procedure for personal data breaches, in accordance with ADHICS and UAE PDPL requirements.
10.2 Notification to Regulators. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Office within 72 hours of becoming aware of the breach, as required by UAE PDPL.
10.3 Notification to You. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, using the contact details you provided at registration.
11. Your Data Protection Rights
11.1 Your Rights Under UAE PDPL
In accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, you have the right to:
- Be informed about how your personal data is processed;
- Access a copy of the personal data we hold about you;
- Correct inaccurate or incomplete personal data;
- Request erasure of your personal data where there is no legitimate basis to retain it (right to be forgotten);
- Object to or restrict processing of your personal data;
- Withdraw your consent at any time;
- Lodge a complaint with the UAE Data Office.
11.2 How to Exercise Your Rights
To exercise any of the above rights, please contact our Data Protection contact via the Contact Us page on our website. We will respond to all verified requests within 30 calendar days. We may ask you to verify your identity before processing your request.
12. Minors
The appointment booking Service is intended for use by individuals aged 18 and over. Where an appointment is being booked on behalf of a minor or a dependent, the parent or legal guardian must use their own account and confirm they are authorised to act on behalf of that individual. We do not knowingly collect personal data directly from minors under the age of 18 without parental or guardian consent.
13. Links to Other Sites
Our Service may contain links to other sites not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
14. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top of this Privacy Policy. For material changes, we will provide a prominent notice on our Service prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes.
15. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your personal data is handled, please contact us via the Contact Us page on our website.
Consent. By continuing to use our Service, you confirm that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein. If you do not agree to any term or condition of this Privacy Policy, you may not be able to access all features of the Service.