Effective Date: 3rd December 2024

Teletabeb (the “App”), operated by Dracode in collaboration with Pioneers Innovations (the “Company”), is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, store, and protect your data when you use the App and its Services. It also outlines your rights regarding your personal data and how you can exercise them. By using the App, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the App immediately.

This Privacy Policy is compliant with UAE privacy laws, the General Data Protection Regulation (GDPR), and other applicable international regulations.

1. Introduction

1.1 This Privacy Policy applies to all users of the App, including patients, doctors, and healthcare institutions. It governs the collection, processing, storage, and sharing of personal data obtained through the App or any associated websites or services.

1.2 The purpose of this Privacy Policy is to provide transparency about how your data is handled, ensuring compliance with privacy regulations and fostering trust between you and the Company.

1.3 The Company is dedicated to ensuring that your data is handled securely, confidentially, and in compliance with all applicable laws, including GDPR and UAE federal regulations.

1.4 By using the App, you consent to the practices described in this Privacy Policy. If you do not agree with any aspect of this policy, you must stop using the App and its Services.

2. Definitions

2.1 Personal Data: Refers to any information that relates to an identified or identifiable individual, such as name, contact details, medical information, or location data.

2.2 Processing: Refers to any operation performed on personal data, such as collection, storage, use, sharing, or deletion.

2.3 User: Refers to any individual or entity using the App, including patients, doctors, and healthcare institutions.

2.4 Doctor: Refers to licensed medical professionals registered on the App to provide consultations and advice to patients.

2.5 Healthcare Institution: Refers to hospitals, clinics, or other healthcare providers registered on the App.

2.6 Cookies: Refers to small files stored on your device that enable the App to recognize your preferences and improve your user experience.

2.7 Third-Party Services: Refers to external entities or organizations engaged by the Company to assist in providing the App’s Services (e.g., analytics providers or cloud storage services).

2.8 Data Controller: Refers to the entity responsible for determining the purposes and means of processing personal data. For the purposes of this policy, the Data Controller is Dracode in collaboration with Pioneers Innovations.

3. Data Controller Information

3.1 The Data Controller for the App is Dracode in collaboration with Pioneers Innovations. As the Data Controller, the Company is responsible for ensuring that your personal data is processed in compliance with applicable laws and regulations.

3.2 For any privacy-related questions, concerns, or requests, you can contact us using the following details:

Email: support@teletabeb.com

3.3 If you are a resident of the European Union or the United Kingdom and believe your rights under the GDPR or UK privacy laws have been violated, you may contact our designated Data Protection Officer (DPO) at support@teletabeb.com.

4. Data Collection Scope and Purpose

4.1 Data Collected from Users: The App collects personal data from Users to provide and improve the Services. Categories of data collected include:

Personal Information: Name, email address, phone number, and date of birth.
Medical Data: Health history, consultation records, and other health-related information provided by Users or doctors.
Verification Documents: Medical licenses for doctors, institutional credentials for healthcare institutions, and other documents required during onboarding.
Location Data: Real-time location data to enable features such as maps and directions to healthcare facilities.
Communication Data: Chat messages, feedback, and Q&A submissions between Users and doctors.

4.2 Purposes of Data Collection: The data is collected and processed for the following purposes:

Facilitating consultations and interactions between doctors, patients, and healthcare institutions.
Verifying the identity and credentials of doctors and institutions.
Providing location-based Services (e.g., maps of healthcare facilities).
Ensuring compliance with legal and regulatory requirements.
Enhancing the functionality and user experience of the App.

4.3 The Company only collects data that is necessary for the provision of its Services and ensures that data collection is conducted lawfully and transparently.

5. Legal Basis for Data Processing

5.1 The App processes personal data based on the following legal grounds under GDPR and UAE laws:

Consent: Personal data is processed with the explicit consent of Users, obtained during registration or when required for specific activities (e.g., cookies, analytics).
Contractual Necessity: Certain data is processed to fulfill contractual obligations, such as enabling consultations and ensuring proper operation of the Services.
Legal Obligation: Data may be processed to comply with legal or regulatory requirements, including health and safety regulations in the UAE.
Legitimate Interests: Data may be processed for legitimate business purposes, such as improving the App’s functionality or ensuring platform security, provided such interests do not override Users’ rights and freedoms.

5.2 Users have the right to withdraw consent at any time, subject to applicable laws. However, withdrawal of consent may affect the availability of certain Services.

6. User Consent

6.1 Obtaining Consent: The App requires Users to provide explicit consent during the registration process for the collection and processing of their personal data. Users are informed about the scope of data collection and the purposes of processing before consent is obtained.

6.2 Scope of Consent: By using the App, Users consent to the collection, use, and sharing of their data as described in this Privacy Policy, including:

Enabling consultations and communications.
Collecting location data for map services.
Using cookies for analytics and performance enhancement.

6.3 Right to Withdraw Consent: Users may withdraw their consent at any time by contacting the Company. Withdrawal of consent may limit or terminate access to certain Services, but it will not affect the lawfulness of data processing conducted prior to withdrawal.

6.4 Parental Consent: For Users under the age of 18, parental or guardian consent must be provided for the collection and use of personal data.

7. Personal Data Collected

7.1 The App collects and processes the following types of personal data from Users:

Personal Details: Name, email address, phone number, age, and gender.
Health Information: Medical history, consultation notes, symptoms, and other health-related data provided by Users or generated during consultations.
Chat Messages: Communication logs between Users and doctors, which are encrypted for privacy and used solely for consultation purposes.
Verification Documents: For doctors and healthcare institutions, data such as medical licenses, certifications, and business credentials are collected and manually verified.
Location Data: Real-time location data to enable map services and help Users locate nearby healthcare providers.
Technical Data: Device information, IP address, and usage data, which may be used for security and analytics purposes.

7.2 Sensitive Data: The App collects sensitive data, such as health-related information, to provide healthcare Services. This data is handled with the highest level of security and is only accessible to authorized personnel or professionals.

7.3 Anonymous Data: Certain non-identifiable data (e.g., aggregated usage statistics) may be collected to improve the App’s functionality and user experience. This data is not linked to individual Users.

8. Use of Collected Data

8.1 Purpose of Data Usage: The data collected through the App is used for the following purposes:

Facilitating Healthcare Services: Enabling consultations, communications, and interactions between Users, doctors, and healthcare institutions.
Verification: Ensuring the credentials and qualifications of doctors and healthcare institutions to maintain the integrity of the platform.
Enhancing User Experience: Improving App functionality, tailoring content, and providing personalized features such as location-based services.
Compliance: Meeting legal and regulatory obligations under UAE laws, GDPR, and other applicable standards.
Security: Monitoring and preventing fraudulent or unauthorized use of the App.
Analytics: Using aggregated data to analyze trends, usage patterns, and performance metrics to optimize the App and its Services.

8.2 No Unintended Uses: Collected data is not used for any purposes other than those explicitly stated in this Privacy Policy unless additional consent is obtained from the User.

9. Data Storage and Security

9.1 Data Storage: All data collected is stored on secure servers that are fully compliant with UAE regulations, GDPR, and international data protection standards.

9.2 Encryption: Personal data, including sensitive information like medical history and chat communications, is encrypted both in transit and at rest using industry-standard encryption protocols.

9.3 Access Control: Access to personal data is strictly limited to authorized personnel, such as licensed healthcare professionals or employees of the Company who require access to perform specific duties.

9.4 Retention Periods:

User Data: Personal data is retained as long as the User maintains an active account or as required for the provision of Services.
Consultation Records: Medical records and chat logs are retained for a minimum period as required under UAE healthcare laws and GDPR (if applicable), or longer if mandated by law.
Inactive Accounts: For inactive accounts, personal data will be securely deleted or anonymized after a set period, unless retention is required by law.

9.5 Breach Prevention: Regular security audits, intrusion detection systems, and monitoring protocols are in place to safeguard data from unauthorized access, breaches, or loss.

10. Sharing Data with Third Parties

10.1 Third-Party Processors: Certain data is shared with trusted third-party service providers who assist in delivering the App’s Services, including:

Analytics Providers: To gather insights into user behavior and improve platform performance.
Cloud Storage Providers: For secure data storage.

10.2 Compliance Assurance: All third-party processors are required to adhere to strict privacy and data protection standards, including GDPR and UAE laws.

10.3 No Data Selling: Teletabeb does not sell, rent, or trade Users’ personal data to third parties for marketing or any other purposes.

10.4 Disclosure Requirements: Personal data may be disclosed to legal or regulatory authorities if required to comply with UAE laws, court orders, or other legal obligations.

10.5 Aggregated Data: Non-identifiable, aggregated data may be shared with third parties for research, analytics, or business purposes, but it will not include any information that can personally identify Users.

11. Cookies and Tracking Technologies

Please refer to our Cookie Policy for more information.

12. User Rights

12.1 Right to Access: Users have the right to request a copy of the personal data that the Company holds about them. This includes details of how their data is being used and shared.

12.2 Right to Rectification: Users can request corrections to any inaccurate or incomplete data held by the Company.

12.3 Right to Deletion: Users can request the deletion of their personal data ("right to be forgotten") under certain circumstances, such as when the data is no longer necessary for the purposes it was collected.

12.4 Right to Restrict Processing: Users can request that their data not be used for certain processing activities while the accuracy or legality of the data is being verified.

12.5 Right to Object: Users can object to the processing of their data for purposes such as analytics or marketing, even if such processing is based on the Company’s legitimate interests.

12.6 Right to Data Portability: Users have the right to request their data in a structured, commonly used format to transfer it to another service provider.

12.7 Exercising Rights: Users can exercise these rights by contacting the Company via [Insert Contact Email]. Requests will be handled in compliance with applicable regulations, and a response will be provided within 30 days.

13. Data Deletion Requests

13.1 Request Process: Users can request the deletion of their personal data by submitting a written request via the App’s support feature or contacting [Insert Email Address].

13.2 Verification of Identity: For security reasons, Users may be required to verify their identity before their data deletion request can be processed.

13.3 Response Time: The Company will respond to data deletion requests within 30 days, in accordance with GDPR and UAE data protection laws.

13.4 Exceptions: Certain data may not be deleted in the following cases:

To comply with legal or regulatory obligations (e.g., retention of medical records as required by UAE healthcare laws).
If the data is necessary for resolving disputes, enforcing agreements, or protecting the Company’s legitimate interests.

14. Compliance with Privacy Laws

14.1 UAE Compliance: Teletabeb complies with the UAE Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Healthcare, as well as other applicable data protection laws.

14.2 GDPR Compliance: For users in the European Union and the United Kingdom, the App adheres to the General Data Protection Regulation (GDPR), ensuring that all data processing activities are lawful, transparent, and limited to necessary purposes.

14.3 Best Practices: The Company regularly reviews its data protection practices, conducts internal audits, and provides employee training to ensure ongoing compliance with applicable laws and regulations.

15. Children’s Privacy

15.1 Age Restrictions: The App is not intended for use by individuals under the age of 18 without verifiable parental or guardian consent.

15.2 Parental Consent: For Users under 18, personal data will only be collected and processed with explicit parental or guardian consent. This includes verifying the identity and authority of the consenting adult.

15.3 Data Minimization: The Company limits the collection of personal data from minors to only what is necessary for providing Services.

15.4 Parental Rights: Parents or guardians have the right to access, modify, or delete their child’s data by contacting the Company.

16. Data Breach Notification

16.1 Immediate Action: In the event of a data breach that poses a risk to Users’ personal data, the Company will take immediate steps to contain the breach and assess its impact.

16.2 User Notification: Affected Users will be notified promptly if their personal data has been compromised. Notifications will include details of the breach, potential risks, and steps Users can take to protect themselves.

16.3 Regulatory Notification: The Company will notify relevant data protection authorities within 72 hours of becoming aware of a breach, as required under GDPR and UAE regulations.

16.4 Remediation Measures: The Company will implement corrective measures to address vulnerabilities and prevent future breaches, including system upgrades and revised security protocols.

17. International Data Transfers

17.1 Data Transfer Outside the UAE: Personal data collected through the App may be transferred and stored in countries outside the UAE to enable Services or utilize third-party tools and platforms (e.g., cloud storage or analytics).

17.2 GDPR Compliance for International Transfers: For users in the European Union and United Kingdom, any international data transfer will comply with GDPR requirements. This includes the use of appropriate safeguards such as:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Binding corporate rules for cross-border data transfers within the Company’s network.

17.3 Adequate Protection: The Company ensures that data transferred to third-party processors in non-UAE jurisdictions meets the same level of protection required by UAE privacy laws, GDPR, and UK regulations.

17.4 User Rights for International Transfers: Users may request information about the safeguards in place for international transfers by contacting the Company via [Insert Contact Email].

18. Updates to the Privacy Policy

18.1 Right to Update: The Company reserves the right to modify or update this Privacy Policy at any time to reflect changes in laws, business practices, or the App’s Services.

18.2 Notification of Changes: Any significant changes to the Privacy Policy will be communicated to Users via:

Email notifications to the address provided during registration.
In-app notifications or prompts.

18.3 Effective Date of Updates: Updates will become effective immediately upon posting, unless otherwise specified. Users are encouraged to review the Privacy Policy regularly to stay informed about how their data is handled.

18.4 Continued Use: Continued use of the App following any updates constitutes acceptance of the revised Privacy Policy. If a User does not agree to the changes, they must stop using the App and may request the deletion of their account and data.

19. Third-Party Websites and Services

19.1 External Links: The App may include links to third-party websites, platforms, or services for informational purposes or convenience. These third-party services are not operated by the Company and have their own privacy policies.

19.2 User Discretion: The Company is not responsible for the content, privacy practices, or data collection activities of third-party websites or services. Users are encouraged to review the privacy policies of any external platforms they interact with.

19.3 Third-Party Tools: Certain features of the App may rely on third-party tools (e.g., Google Maps for location services or analytics platforms). These providers are required to comply with privacy regulations but may collect data independently.

19.4 No Liability: The Company disclaims any liability for damages or privacy issues arising from User interactions with third-party websites or services.

20. Contact Information and Complaints

20.1 Privacy Inquiries: For questions or concerns regarding this Privacy Policy or the processing of your personal data, Users may contact the Company using the following details:

Email: [Insert Contact Email]
Phone: [Insert Contact Number]
Mailing Address: [Insert Address]

20.2 Complaints: If Users believe their data rights have been violated or are dissatisfied with the Company’s response, they may file a complaint with their local data protection authority.

For UAE Users: Complaints can be directed to the UAE Telecommunications and Digital Government Regulatory Authority (TDRA).
For EU/UK Users: Complaints can be submitted to the relevant GDPR supervisory authority in their region.

20.3 Response Timeline: The Company is committed to responding to all privacy inquiries and complaints within 30 days of receipt, in accordance with applicable regulations.

21. Data Protection Officer (DPO)

21.1 Appointment of a DPO: In compliance with GDPR and UAE laws, the Company has designated a Data Protection Officer (DPO) responsible for overseeing data protection compliance and addressing privacy-related concerns.

21.2 DPO Contact Information: Users can contact the DPO for issues related to personal data processing, exercising their rights, or reporting a potential breach.

Email: [Insert DPO Email Address]
Phone: [Insert DPO Phone Number]

21.3 Scope of DPO Responsibilities: The DPO is responsible for:

Ensuring the Company’s compliance with GDPR, UAE privacy laws, and other applicable regulations.
Monitoring data protection practices and conducting periodic audits.
Serving as the main point of contact for data protection authorities.

22. Limitation of Liability

22.1 No Liability for User Actions: The Company is not liable for any unauthorized access, disclosure, or misuse of personal data caused by User negligence (e.g., failure to protect login credentials).

22.2 Third-Party Liability: While the Company ensures that third-party service providers comply with privacy laws, it is not responsible for breaches or misuse caused by those providers.

22.3 Force Majeure: The Company is not responsible for data breaches or privacy issues resulting from events beyond its reasonable control, including but not limited to cyberattacks, technical failures, or natural disasters.

22.4 Extent of Liability: To the extent permitted by law, the Company’s liability for any privacy-related claims is limited to the amount paid by the User for Services (if applicable) during the 12 months preceding the claim.

23. Miscellaneous Provisions

23.1 Entire Agreement: This Privacy Policy, together with the App’s Terms and Conditions, constitutes the entire agreement between the User and the Company regarding the processing of personal data.

23.2 Severability: If any provision of this Privacy Policy is found to be unlawful or unenforceable, the remaining provisions shall remain valid and in full effect.

23.3 Language Preference: In the event of a discrepancy between the English version of this Privacy Policy and any translated version, the English version shall prevail.

23.4 Governing Law: This Privacy Policy shall be governed by the laws of the United Arab Emirates, with exclusive jurisdiction vested in the UAE courts.