Privacy Policy

This Privacy Policy explains how Sahara Healthcare City — operating the Geneticlab HPV & STD testing program from Lab 606, Sharjah, United Arab Emirates — collects, uses, stores, shares and protects personal and health information when you book an appointment, order a home-collection kit, submit a sample, or use our patient portal.

It applies to every visitor, patient and registered account holder, whether you interact with us in the clinic, by phone, through our courier, or on this website.

Sahara Healthcare City is the data controller responsible for your information. Our laboratory is licensed and operates under the regulations of the UAE Ministry of Health & Prevention (MOHAP) and the relevant Sharjah health authority. Our clinical staff and laboratory personnel are bound by UAE medical-confidentiality law and our internal patient confidentiality policy.

We collect only the information needed to deliver safe, accurate testing and to meet UAE healthcare record-keeping requirements:

• Identification: full name, date of birth, gender, Emirates ID number, nationality.
• Contact details: mobile number, email address, delivery address (for home kits).
• Clinical information: reason for testing, relevant exposure or symptom history you choose to share, tests requested, sample type, sample barcode, collection time and location.
• Results: laboratory results, genotyping data (for HPV), clinician notes and any follow-up actions.
• Payment data: card transactions are processed by our PCI-DSS-compliant payment provider — we never store full card numbers on our own systems.
• Technical data on this website: IP address, browser type and pages viewed, used only to keep the site secure and to measure aggregate traffic.

We do not collect social-media identifiers, contacts, location history or behavioural advertising profiles. We do not knowingly collect data from anyone under 18 without a parent or legal guardian present.

Your data is used strictly for the following purposes:

• Performing and reporting the tests you have requested.
• Verifying your identity at collection and result release.
• Contacting you about appointment confirmations, sample tracking, result availability and clinically necessary follow-up.
• Issuing invoices, receipts and (on request) insurance-claim documentation.
• Meeting our legal obligations under UAE healthcare and laboratory regulations, including mandatory notifications to public-health authorities for specific reportable infections.
• Improving the quality of our service through anonymised, aggregated audits.

We do not use your data for behavioural advertising. We never sell your data.

Before any sample is processed you sign a digital consent form covering the specific tests requested, the way results will be delivered, and the optional services (e.g. anonymous partner notification) you wish to enable.

You may withdraw consent at any time. Withdrawing consent stops any further use of your identifiable data for new purposes, but it does not undo processing that was lawfully carried out before withdrawal, and it does not override records we are legally required to keep.

Your identifiable data is shared only in the following limited circumstances:

• With clinicians inside our team who are directly involved in your care.
• With a specialist of your choice, only when you explicitly authorise a referral.
• With our temperature-controlled courier partner, who handles the sealed sample package but does not access the result.
• With UAE public-health authorities where mandatory disease notification applies (for example, certain notifiable infections), in line with the law.
• With law enforcement or courts only when compelled by a valid written court order issued in the UAE.
• With trusted service providers (secure cloud hosting, SMS gateway, payment processor) that act on our written instructions and are contractually bound to confidentiality and data-protection obligations.

We do not share results with employers, insurers, family members or partners without your specific, written consent.

All identifiable patient records and laboratory results are stored on UAE-based servers, under the regulatory regime of MOHAP and the Sharjah health authority. Backups are encrypted and held within the UAE.

Data in transit is encrypted using industry-standard TLS. Data at rest is encrypted at the database and backup layers. The patient portal requires two-factor authentication before any result is shown or downloaded.

Identifiable laboratory records are retained for the period required by UAE healthcare regulations — currently seven (7) years from the date of testing. After this period, identifying details are permanently removed and only fully anonymised statistical data may be retained for quality and research purposes.

Booking enquiries that do not lead to a test are deleted within 12 months. Marketing preferences (if any) are kept until you opt out.

As a patient, you have the right to:

• Access the personal data we hold about you and receive a copy.
• Ask us to correct information that is inaccurate or incomplete.
• Withdraw consent for any optional processing (for example, marketing messages or partner notification).
• Request deletion of identifying data, subject to the legal retention period above.
• Receive a portable copy of your results in a common, machine-readable format.
• Lodge a complaint with the relevant UAE health regulator if you believe your data has been mishandled.

Requests are handled at no cost and answered within 30 days. We will ask you to verify your identity before releasing or changing any record.

This website uses a small number of strictly necessary cookies to keep your session secure and remember your language preference. We use privacy-respecting, aggregated analytics to understand which pages are visited — this data does not identify individual users and is not shared with advertising networks.

We do not place third-party advertising or social-media tracking cookies. You can clear cookies at any time through your browser settings.

We operate technical and organisational safeguards proportionate to the sensitivity of medical data, including: encrypted storage and transit, role-based access controls, audit logging of every result view, hardware MFA for laboratory staff, regular penetration testing, and an incident-response plan that includes patient notification where required by law.

No system can be guaranteed 100% secure. If a security incident ever affects your data, we will inform you and the relevant authority as required.

Testing for patients under 18 requires the presence and written consent of a parent or legal guardian. Results for minors are released to the parent or guardian on record, in line with UAE law.

We may update this Privacy Policy from time to time to reflect changes in our services or regulatory requirements. The version date below indicates when it was last revised. Material changes will be highlighted at the top of this page for at least 30 days.

For any privacy question, access request or complaint, please ask for the Data Protection Officer at Sahara Healthcare City, Lab 606, Sharjah, United Arab Emirates, during clinic hours (Sat–Thu, 8:00–20:00). You can also raise your request at any reception desk during your next visit and we will follow up in writing.