Privacy Policy

1. Who we are. CityDental Clinic LLC, registered in Dubai under trade licence DED-721834, with clinics at Building 23 Al Wasl Road Jumeirah 1 (DHA PROF-CL-1011243) and Marina Plaza Tower 2, Office 1402 (DHA PROF-CL-1041896). The data controller is Layla Mansour, Director of Operations, reachable at privacy@citydental.ae.

2. What we collect and why. We collect (a) basic contact details — name, mobile, email, Emirates ID for the patient record; (b) clinical information — medical history, current medications, allergies, dental history, treatment notes, X-rays, scans, photographs taken with consent; (c) insurance information — insurer name, policy number, plan tier, claim history; (d) payment information — card last-four (full numbers held only by our PCI-compliant payment processor) and bank transfer references; (e) appointment metadata — bookings, cancellations, no-shows.

3. Legal basis. For clinical care: the contract for dental services. For appointment reminders: legitimate interest. For marketing communications: explicit opt-in consent (which you can withdraw at any time). For insurance billing: contractual necessity. For regulatory record-keeping: legal obligation under DHA rules and the UAE PDPL (Federal Decree-Law 45/2021).

4. Who we share your data with. Your insurer (for direct billing or pre-authorisation, only with your consent at the visit). Specialist colleagues outside CityDental when we refer onward (only with your consent). Our laboratory partners (Modern Dental, Ivoclar) for prosthetic work (limited to the impression scan and shade reference, no patient identifiers). Our payment processor (Network International) for card transactions. The DHA where required by regulation. We do not sell or share your data with marketing networks or data brokers.

5. AI assistant disclosure. When you call us or use the chat widget on this site, your message may be processed by “Mira”, our automated reception assistant powered by Google Gemini. Conversations are retained for 30 days for quality review and then deleted. Mira does not access your clinical record. Any booking, insurance lookup, or escalation Mira creates is reviewed by a human team member before action.

6. Retention. Clinical records: 25 years from last visit (DHA requirement). Appointment metadata: 7 years. Payment records: 5 years (UAE Commercial Companies Law). Marketing consents: until you withdraw or 24 months of inactivity, whichever first. Voice recordings of phone calls (where retained for training): 90 days.

7. International transfers. Your clinical record is hosted on UAE-based servers (Microsoft Azure UAE Central). Mira’s conversational data is processed by Google Cloud (EU and US) under appropriate transfer mechanisms. Insurance billing data may be transferred to the insurer’s headquarters where this is outside the UAE — disclosed at the time of consent.

8. Your rights. Under the UAE PDPL you have the right to: be informed about our processing (this notice); access your personal data; correct or update it; restrict or object to processing; withdraw consent for marketing; and lodge a complaint with the UAE Data Office. To exercise any right, email privacy@citydental.ae — we respond within 30 days.

9. Cookies. Our website uses strictly necessary cookies for the booking session and a single first-party analytics cookie (Plausible) which does not track you across sites. We do not use third-party advertising cookies.

10. Changes. Material changes to this policy will be communicated by email at least 30 days before they take effect.