1. Introduction

Tham Oralcare (“we”, “us”, “our”) operates the website tham.ae and provides dental healthcare services at our clinic located at TwoFour54, Yas Island, Abu Dhabi, United Arab Emirates.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, book an appointment, or receive treatment at our clinic. We are committed to safeguarding your privacy in accordance with:

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
• Abu Dhabi Healthcare Information and Cyber Security (ADHICS) standards
• Department of Health – Abu Dhabi (DOH) patient data regulations
• Health Insurance Law and applicable UAE federal and local health regulations

2. Data Controller

The data controller responsible for your personal data is:

Tham Oralcare

TwoFour54, Yas Island, Abu Dhabi, UAE

Email: hello@tham.ae  |  Phone: 02 586 7859

3. Information We Collect

3.1 Information You Provide Directly

• Full name, email address, and phone number (via our website contact/booking form)
• Preferred specialist or doctor selection
• Messages or inquiries submitted through the website
• Patient registration details (name, date of birth, Emirates ID/passport, contact information)
• Medical and dental history, treatment records, X-rays, and diagnostic images
• Insurance information and billing details
• Emergency contact information
• Consent forms and signed documents

3.2 Information Collected Automatically

• IP address, browser type, device information, and operating system
• Pages visited, time spent on the website, and referring URLs
• Cookies and similar tracking technologies (see Section 9)

3.3 Sensitive / Special Category Data

As a healthcare provider, we process health-related personal data that is classified as sensitive under UAE law. This data is collected and processed solely for the purpose of providing you with dental care and is subject to enhanced protection measures.

4. How We Use Your Information

We use your personal information for the following purposes:

• Appointment Management — Scheduling, confirming, and managing your dental appointments
• Treatment & Care — Providing dental diagnosis, treatment, and follow-up care
• Communication — Responding to your inquiries, sending appointment reminders, and post-treatment instructions
• Legal & Regulatory — Complying with DOH, DHA, ADHICS, and other regulatory reporting requirements
• Insurance & Billing — Processing insurance claims, payments, and invoicing
• Quality & Safety — Internal audits, quality improvement, and patient safety monitoring
• Website Operation — Maintaining and improving our website, analysing usage patterns

5. Legal Basis for Processing

We process your personal data on the following legal grounds under the UAE PDPL:

• Consent — where you voluntarily provide information (e.g., booking form submissions)
• Contractual necessity — to fulfil our obligations in providing dental services to you
• Legal obligation — to comply with healthcare regulations, DOH requirements, and applicable UAE laws
• Vital interests — in emergency dental or medical situations
• Legitimate interests — for internal administration, fraud prevention, and service improvement, provided these do not override your rights

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

• Insurance providers — to process your claims and verify coverage
• Regulatory authorities — Department of Health Abu Dhabi, HAAD, or other bodies as required by law
• Laboratory and referral partners — when your treatment requires external diagnostics or specialist referral
• IT and software service providers — who support our clinic management and website systems, under strict confidentiality agreements
• Legal authorities — where required by court order or applicable law

All third parties who receive your data are contractually bound to protect it and use it only for the specified purpose.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, and in accordance with:

• UAE healthcare record retention requirements (minimum 5 years from the date of last treatment, or longer as required by DOH)
• Applicable statute of limitations for legal claims
• Website inquiry data is retained for up to 24 months unless you request earlier deletion

When your data is no longer required, it will be securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted data transmission (SSL/TLS) on our website
• Access controls limiting data access to authorised personnel only
• Secure storage of electronic health records in compliance with ADHICS standards
• Regular security assessments and staff training on data protection

While we take all reasonable precautions, no method of transmission or storage is 100% secure. If you become aware of any security concern, please contact us immediately.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Ensure the website functions correctly (essential cookies)
• Analyse website traffic and usage patterns (analytics cookies)
• Remember your preferences for future visits (functional cookies)

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

10. Your Rights

Under the UAE PDPL, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your data where it is no longer necessary (subject to legal retention obligations)
• Restriction — Request restriction of processing in certain circumstances
• Data Portability — Receive your data in a structured, commonly used format
• Withdraw Consent — Withdraw your consent at any time (this does not affect the lawfulness of processing before withdrawal)
• Object — Object to processing based on legitimate interests

To exercise any of these rights, please contact us at hello@tham.ae. We will respond within 14 days.

11. Children’s Privacy

We provide pediatric dental services. Personal data of minors (under 18) is collected and processed with the consent of a parent or legal guardian. Parents and guardians may exercise data rights on behalf of their children by contacting us directly.

12. International Data Transfers

Your personal data is primarily stored and processed within the UAE. If any transfer outside the UAE is necessary (e.g., cloud-hosted systems), we ensure adequate safeguards are in place in accordance with the UAE PDPL, including contractual protections and data processing agreements.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated version will be posted on our website with the revised effective date. We encourage you to review this page periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Tham Oralcare

TwoFour54, Yas Island, Abu Dhabi, UAE

Email: hello@tham.ae

Phone: 02 586 7859

Website: www.tham.ae