Medic Privacy Policy
This Privacy Policy describes how personal information is collected, used and stored through use of our clinic management platform and through use of our websites and web-based resources. We refer to our platform, websites and web-based resources as the “Services”.
In this Policy, we use the word “Subscriber” to refer to anyone who has subscribed to and paid for use of our clinic management platform (for example, a health clinic or health practitioner). We use the word “you” to refer to any individual user of our Services, such as a practitioner or staff member of a Subscriber, or an individual browsing or using our websites and web-based resources.
Notice to Patients
If you are a patient of one of our subscribers, your clinic or practitioner controls your personal information, including your contact information, billing details and medical records. Please contact your clinic or practitioner for any questions about your patient information. See the section titled Patient Data below for further information.
Why MEDIC Collects Personal Information?
Information MEDIC Collects from You
We collect your contact information, such as your name, email address and organization, when you fill out our online forms or set up your user account for our Services. We use your contact information to activate your user account, give you access to the Services, and to send you notices about your user account. We may also use your contact information for marketing purposes, such as promotional emails, direct mail and sales contacts. You can opt-out of our marketing communications at any time by unsubscribing or contacting us atsupport@freit.io. MEDIC also collects and manages the contact information of patients to enable marketing and/or other communications between a Subscriber and its patients.
Billing Information:
When a Subscriber subscribes to our Services, we may also collect credit/debit card information to process payment. Credit card information is provided directly to our payment processor and is processed in a PCI-compliant manner. We do not keep your credit card information. Note that when credit card information is referred to as being “stored”, this means we have a “token”. The token replaces sensitive information and acts as a non-sensitive placeholder that can be used by the payment processor to reference your credit card information when payments need to be processed.
Log and Device Information:
Log and Device Information. When you access and browse our Services, we collect information about how you are accessing our Services, such as your internet or mobile network connection, your browser or the type of mobile device you are using (if applicable). We use this log and device information to identify how our Services are being accessed and used so we can optimize them for the types of connections, browsers and devices being used. This information is not used to market or send promotions at an individual user level.
Patient Data
Patient Data. Subscribers use our clinic management platform to collect personal information from their patients and create patient records. These records may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data (“Patient Data”). This information is sometimes referred to as “personal health information”, “protected health information”, “data concerning health” or “sensitive data” depending on the location of the Subscribers and the privacy laws applicable to them. If you are a patient, Patient Data is collected from you when you visit your Subscriber clinic or practitioner.
Subscriber’s Role. Subscribers retain sole control over Patient Data and may be referred to as a “health information custodian”, a “covered entity” or a “controller” depending on their location and the privacy laws applicable to them.
Subscribers determine:
- DHA & MOH Compliant – Integrated with Nabidh, Riayati & DHPO
- All-in-One EMR Solution – Appointments, Billing, Insurance & Claims in one place
- Fast & Intuitive – User-friendly interface with minimal training required
- Cloud-Based & Secure – HIPAA-grade security with real-time data access
- Built for UAE Clinics – Localized features & compliance-ready
MEDIC’s Role. MEDIC is a service provider to Subscribers and may be referred to as an “agent”, “business associate” or “processor” of the Subscriber. MEDIC stores Patient Data in its secure data centers and makes it available to Subscribers and their users through our clinic management platform. MEDIC otherwise has no control over Patient Data. MEDIC will only access Patient Data on the instructions of the Subscriber or its practitioners or staff or, in rare cases, where needed in order to prevent or address technical problems or if required by law or court order.
Subscribers determine:
Patient Data is stored in the storage provided by third parties (cloud vendors), though this may change from time to time. Please note that we use regional service providers for appointment reminders sent by email or SMS and, therefore, Patient Data contained in appointment reminders will go through and may be stored temporarily with these regional providers of sms services. All our data centres and service providers maintain a high level of security and are compliant with applicable privacy laws.
Patient Rights
Patients have certain rights with respect to their Patient Data, which may include knowing what information your Subscriber clinic has about you, correcting any inaccurate Patient Data, obtaining a record of your Patient Data and, in certain circumstances, deleting or removing your Patient Data. Please note that Subscribers have strict legal and regulatory obligations around Patient Data and may not always be permitted to delete or remove Patient Data.
Questions about Patient Data
If you have any questions about your Patient Data or wish to exercise any of your patient rights, please contact your Subscriber clinic or practitioner. If your Subscriber clinic or practitioner has any questions about the management of Patient Data in the Services, they may contact us and we will support them as needed to respond to your request. Please note that, in order to maintain strict security of your Patient Data, we can only access Patient Data upon instruction from the Subscriber.
Security
We protect your personal information, including Patient Data stored in our platform, by:
Using industry standard security controls such as encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server. Using state-of-the-art data centres with appropriate security and compliance certifications, such SOC 2 and EU-US Privacy Shield that are HIPAA compliant.
Having our personnel sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process, and only accessing your account when you request assistance from us.
Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via the email address or mobile phone number you use for the Services.
While we employ industry standard measures to protect your information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your username and password confidential.
Storage Period
We retain personal information only for as long as necessary to achieve our stated purposes, or as required by applicable law. For example, Contact and Billing information is kept for as long as a Subscriber account is active and for a reasonable period after it has been deactivated in the event you or your Subscriber wish to re-activate the account. User account information may also be retained as necessary to comply with our legal obligations, resolve disputes or maintain our relationship with your Subscriber organization. Credit card information is never kept or stored by us.
If you are a patient of one of our Subscriber clinics, please contact your clinic or practitioner for information regarding the storage period for your Patient Data.
International Transfers
Personal information may be transferred to and processed in the United Arab Emirates. Before transferring your personal information, we ensure that appropriate safeguards are in place and that your privacy rights are protected and preserved. Such safeguards may include the existence of an EU adequacy decision, certification and adherence to EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, the Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other legal mechanisms to safeguard the personal information being transferred.
Your Rights
Individuals have certain rights with respect to their personal information. These rights are set out below. If you are a patient of one of our Subscriber clinics, please contact your clinic or practitioner to exercise any of these rights with respect to your Patient Data.
Correction and Deletion:
We will make reasonable efforts to ensure that the personal information we collect from you is accurate and complete. You may update, correct or delete your account information at any time by logging into your user account and modifying your personal information, including your preferences to receive messages from us. You may also update, correct or delete your personal information by contacting us as noted below.
Withdrawing Consent:
Where we have relied on your consent to use your personal information, you have the right to withdraw that consent at any time by contacting us as noted below. In addition, all our marketing email messages contain the ability to automatically “opt-out” or unsubscribe from our mailing lists and marketing messages.
Access and Portability:
You have the right to request a record of the personal information that we have collected about you and to ask that the information be provided in a structured, used electronic format (where applicable and technically feasible). There may be some cases where we cannot provide you with certain information about you if it would mean disclosure of personal information of another person or other confidential information, or if it would compromise our security systems.
Restriction and Objection:
In certain limited circumstances, individuals in the EU may request that we restrict our use of their personal information and, where we rely on legitimate interests as the legal basis for using your personal information, you have the right to object to such use. In these cases, we can be required to no longer use your personal information; however, this may mean that certain components of our Services cannot be made available to you. If you wish to exercise your right to restrict or object, please Contact Us.
Complaints:
You have the right to lodge a complaint with a supervisory authority (i.e., the independent public authority responsible for monitoring data protection laws in your country).
Medic Powering digital transformation in UAE healthcare. Medic Built for UAE clinics. NABIDH, Riayati & DHPO compliant. Care Your secure connection to UAE healthcare, anytime, anywhere.
Useful Links
Contact Info
- Sharjah Research Technology and Innovation Park (SRTIP), UAE
- +971-50-1364096
- sales@freit.io