1) OVERVIEW OF POLICY
By accessing ZenDXB.com and/or using our Services, you hereby consent to how we process your data as described in this Policy. If you do not consent to how we process your data, you may not access ZenDXB.com or use our Services.
This Policy explains the following:
- i.The methods through which we collect personal data;
- ii.The types of personal data we collect;
- iii.How we use the personal data we collect;
- iv.How we safeguard your data;
- v.Your data rights; and
- vi.Other processing activities.
This Policy and our Services are compliant with the privacy and applicable laws in the UAE, including Federal law No. 2 of 2019 (Health Data Law), the Federal law No. 3 of 1987 (The Penal Code) and the Federal law No. 1 of 2006 (Electronic Transactions and Commerce Law).
2) DEFINITION OF TERMS
Under this Policy, the following terms have the meanings ascribed to them:
“personal data” refers to any data (or information) relating to an identifiable person, which is able to identify such a person, whether directly or indirectly.
“ZenDXB” or “we” or “us” or “our” refer to Zen Diagnostics Laboratories and any affiliated persons, including its employees, directors, shareholders and agents.
“you” or “your” or “user” refer to anyone accessing ZenDXB.com and/or using it to enjoy the Services provided through it. This may be either the third-party doctor providing medical prescriptions or the end-user looking to get tested or get prescriptions.
“processing” or “process” refers to such activities carried out on your personal data by ZenDXB, including but not limited to data collection, usage, storage, marketing, security, transfer and deletion.
“ZenDXB.com” refers to all associated platforms operated by Zen Diagnostics Laboratories in relation to its Services, including the website, mobile application and other associated tools, features and media channels.
“Services” refer to the information provided by ZenDXB on ZenDXB.com; the sale of sample collection kits to end-users in order to get tested for STD; referral services to third party medical practitioner; and other services provided by Zen Diagnostics Laboratories through ZenDXB.com and its lab.
3) DATA COLLECTION AND USES
We may collect personal data about you in the following ways:
The Data Submitted Voluntarily By You
You are not under any statutory obligation to provide the below personal data; however, be aware that not providing us with this data may render it impossible to provide you with our Services.
- Personal data: When you use ZenDXB.com and our Services (whether as a third-party medical practitioner or end-user), we may generally collect personal data, such as your name, mobile number, email address, payment method data, billing address, shipping location, health data, age, medical certificate, etc. This data may be collected across different means, such as via forms, user submissions and other means through ZenDXB.com.
- Registration and Form data: When you create a user account or submit data through other forms on ZenDXB.com, we may collect some of the personal data above in order to identify you from other users and create a profile for you. Other forms may include your subscription to our mailing list or your participation in our surveys, sweepstakes and promotions.
- Contact Data: In order to contact you regarding your purchases, test results, marketing, administrative messages, queries and complaints, we may require you to submit your contact data during registration or use of certain Services. Contact data may include your email address and phone number.
- Payment and Billing data: In order to process your payments for the Services, including to process your payments for your purchases or our commission (where applicable), we may ask you to provide your credit card data or any other payment method you wish to attach to ZenDXB.com.
- Shipping and Sample Data: We may collect your shipping/home address so as to deliver the sample collection kit and pick up the urine sample collected for testing. Your urine sample will only be used in our laboratory and shared with our employees on a need-to-know basis. We delete your sample 24 hours after collection.
- Verification Data: In order to provide your services on ZenDXB.com as a third-party medical practitioner, we may collect verification data, including your medical licenses, insurance and certificates. This is to verify your status as a qualified medical practitioner licensed to practice in the UAE.
The Data Collected By Us Automatically
Like other websites, we automatically collect certain personal data through Google Analytics (third-party analytics tools from Google Inc.) when you access ZenDXB.com or use our Services. Google Analytics collects data automatically through certain tracking technologies, such as cookies and beacons. The personal data collected automatically may include the below:
- Log/Analytical Data: Log/analytical data may include data about how you use ZenDXB.com, including the pages you access, your duration of access, how you navigate around ZenDXB.com and other analytical data. We collect log data to analyse trends, identify how you use ZenDXB.com and how we can improve your user experience. Log or analytical data does not reveal personal data about you; however, if we combine any of this data with other data, it may become personal data.
4) COOKIES AND TRACKING TOOLS
To find out more about Google Analytics (analytical tool from Google Inc.), please click here. If you wish to opt-out of Google Analytics tracking, please download the “Google Analytics Opt-out” ad-on on your browser.
5) DATA SHARING
When you submit personal data to us to use our Services, we may share your data in accordance with the circumstances described below. ZenDXB does not engage in the sale or transfer of personal data for profit or personal benefits; therefore, we will only share personal data about you to fulfil our Services or as required by law. We will only share your data with:
- Third-Party Service Providers: ZenDXB engages the services of third-party service providers to provide us with certain services such as marketing, analytics, shipping, mail and SMS sending and payment processing (for example, we hire the services of Twilio to send SMS to your mobile number and PayPal Holdings, Inc. for PayPal payment processing). In order for our third-party service providers to provide their services, they may require access to certain personal data about you. (for example, Twilio requires access to your mobile number to send SMS to you on our behalf). However, we will only share your data with third-party service providers to provide our Services. They do not have our permission to use your data for any other activities.
- Employees and People within ZenDXB: We may also share personal data within ZenDXB, including with our employees, directors, shareholders or branches. This will be on a need-to-know basis only. For example, if we collect your sample, we will deliver it to our laboratory for testing. Any employee working at our lab may have access to your result. However, our employees are under obligation to keep your health data confidential.
- Other Users of ZenDXB.com: We may share personal data about you with other users of ZenDXB.com if it’s necessary to facilitate a service. For example, when we refer an end-user to a third-party medical practitioner who works through ZenDXB.com to prescribe solutions to the end-user, both users will have access to each other’s personal data. This may include their names, contact information, test result, the sample collected and health status.
- The Law: ZenDXB will share personal data about you with government agencies as required by law, in response to lawful requests by public authorities, including without limitation, to meet national security or in relation to report earnings; or to respond to claims and legal processes (including court order, subpoena and other legal summonses); or to respond to government authorities or other third parties carrying out an investigation, where we believe such sharing is necessary to (i) protect a life, property or rights (ii) protect the safety of any person or the public, or (iii) stop any activity we consider to be fraudulent, illegal or unethical.
- Other Companies during a Business Transfer: ZenDXB may partner with other companies in relation to a business sale, merger, acquisition, consolidation or sale of assets. In such circumstances, we are required to share business information, including our customers’ list with the companies involved. We will communicate any activity that is subject to a business transfer, and you can make a decision about withdrawing your consent or not.
- Any Person or Institution with your Consent: In certain situations, you may explicitly direct us to share personal data about you with any person or institution, in which case, we will have no choice but to share it.
- Our Research and Development Partners: ZenDXB may share sample results (anonymously) in our research. We may research with third-party organisations, such as schools, health systems, government institutions or hospitals with a view to developing improved testing and vaccine. In this case, the research will be carried out anonymously without attaching any personal data about you. However, you may still object to this by reaching out to us via our email address at email@example.com.
6) MARKETING COMMUNICATIONS
ZenDXB may communicate with you about products and services we think may match your interest. We may send marketing communications to you in the form of newsletters or customer service emails to your email and push notifications to your ZenDXB mobile app. However, we have mechanisms put in place in case you do not want to keep receiving any marketing communications from us.
To opt-out of marketing communications through newsletters and customer service emails, please use the “unsubscribe” instructions provided at the bottom of any newsletter sent to you by ZenDXB. Please, be aware that unsubscribing from newsletters does not prevent us from sending administrative messages such as updates to our terms and policies or our Services.
To opt-out of marketing communications via push notifications, go to your ZenDXB mobile app notification settings and toggle the notification off or adjust the necessary settings.
7) DATA SECURITY
ZenDXB cares about your privacy, and the security of your personal data is paramount to us. We employ all measures possible in protecting personal data about you from unauthorised access or use. We employ both physical and technical means in ensuring personal data about you in our database is protected. Not only do we not engage in the sale or renting of personal data about you to third parties for their marketing purposes, but we also employ physical means such as a 2-factor authentication SMS to your mobile whenever you are signing into your user account or interacting with the sensitive parts of ZenDXB.com. Your user account is protected by a password that only you know. Furthermore, we only share personal data about you with employees on a need-to-know basis, and they are under obligation, through a Non-Disclosure Agreement to always keep personal data confidential.
However, we can only do so much in trying to secure your data; we cannot guarantee you that personal data about you will be totally secure despite the measures we have in place to protect it. We do not guarantee you that unauthorised persons will not access your data through special technologies and tactics. Unless it is as a result of negligence from us, we will not be liable to you for any third-party breach of your data.
You also have a duty to keep your login data confidential. You are expected not to share or transfer your account login data with anyone, including your family. Also, you are expected to immediately notify us at firstname.lastname@example.org if you believe someone else has access to your user account.
8) DATA RIGHTS
In addition to any rights and choices described under this Policy regarding your personal data, you have the following rights:
- Right to Access, Edit and Correct any Inaccurate Data: Part of our duty is ensuring that the data we have about you is accurate and complete at all times. If you believe any personal data we hold about you is inaccurate, obsolete or incomplete, you may request to edit or correct it at any time (for example, if the email address you submit to us during your user account registration is no more valid, and you placed an order for a sample collection kit, you may request to edit it). To access and correct any data we hold about you, please see your profile management section and edit it. You may also message us at email@example.com for further enquiries regarding data access and control.
- Right to Delete Certain Data about you: Under applicable privacy laws, we are required to delete any personal data in our database upon your request. This request is actionable to the extent permitted by law. For example, we are not permitted to delete certain data about you, such as transactional data, in order to keep records as required by applicable law. To request the deletion of personal data about you or your account, send your request to us at firstname.lastname@example.org. We will delete your data if applicable law permits it. Meanwhile, even if you request the deletion of your data, we may not be able to delete the copies we have shared with third parties, including copies shared with our third-party service providers.
9) DATA RETENTION
Under applicable law, we are required to keep/retain your data for no more than the duration it is needed to provide our Services. Unless you send a request to us to delete your user account or certain data, your personal data will remain with us in perpetuity. For samples collected from you: we will keep them with us until the purpose for which it was collected – which is for testing – is achieved. This usually takes 24 hours approximately.
10) INTERNATIONAL TRANSFER OF DATA
We may engage the services of third-party service providers in locations outside the UAE, and the personal data we share with them may be used in accordance with their privacy laws. For example, we may share phone number with Twilio in San Francisco, USA in order for Twilio to send you SMS on our behalf.
When we transfer personal data to third-party service providers outside the UAE, we will ensure your data is processed in accordance with this Policy. By submitting personal data to us, you agree to the international transfer of data as described herein.
11) CHILDREN POLICY AND GEOGRAPHIC RESTRICTION
The Services and access of ZenDXB.com is restricted to any person that is 18 years of age or older and is based within Dubai or Abu Dhabi in the UAE. If you are below 18 years of age, you may not submit personal data to us or use the Services without the supervision of at least a parent or legal guardian. If you are submitting personal data to us about your child, you hereby take responsibility for the security and accuracy of the data.
Likewise, if you are located outside of the above-mentioned locations, our Services are not targeted at you. If, however, you transfer personal data to us from locations outside the UAE, you are aware that you are transferring personal data to us in the UAE, and we will process it according to the privacy laws prevalent in the UAE.
12) THIRD-PARTY SERVICES AND LINKS
The third-party service providers that ZenDXB use have their specific privacy policies that govern how they use the personal data we share with them in accordance with relevant privacy laws. We advise you to read these third-party service providers’ privacy policies carefully to understand how they use your data. You understand that even if ZenDXB deletes your personal data from our database, it may still be available in our third-party service providers’ databases. ZenDXB is not liable or responsible for how our third-party service providers collect, use, store, share or protect the data we share with them in relation to the services they provide for us.
Parts of ZenDXB.com may contain products, services or links from third parties. These third-parties have separate privacy policies. ZenDXB is not responsible or liable for the content and activities of such third parties or their platforms. We encourage you to read their privacy policies carefully before you submit personal data to them. If you submit any personal data to any third-party website through ZenDXB.com, you bear the consequences therefrom.
13) UPDATES TO THIS POLICY
We reserve the right to review, update and change certain parts of this Policy for certain reasons in our sole discretion, including for reasons applicable to changes in relevant privacy laws or certain features on ZenDXB.com. We may, in our sole discretion, notify you of changes to this Policy via any applicable communication channel, including your email address, account dashboard, website interface or other media. Regardless of whether we notify you or not, you are required to review this page for changes to this Policy. Any changes will be reflected by changing the Effective Date above. If you continue to use ZenDXB.com and our Services after any changes to this Policy, we will deem it as your agreement to be bound by such changes.
14) REACH OUT TO US
For any enquiries or complaints regarding this Policy and how we handle your personal data, please contact us using this link or reach out to us directly via email@example.com: