Request a Demo

Privacy Policy

Primary Data Controller: Medilink360 LLC-FZ Role: Data Controller under UAE Federal Decree-Law No. 45 of 2021 (PDPL) and Federal Law No. 2 of 2019 (ICT Health Data Law) Contact: info@medilink360.ai

1. Purpose of the Platform

MediLink360 provides a digital health platform that helps Users identify suitable healthcare departments, facilities, or services based on information they voluntarily submit.
The Platform offers informational and navigational guidance only. It does not provide medical diagnosis, triage, treatment, or any form of clinical decision-making, nor does it substitute professional medical judgment.

2. Nature of AI Based Recommendations

All outputs (including symptom interpretation and department suggestions) are automatically generated using algorithms and AI models based solely on User-provided inputs.
These outputs:

  • Do not constitute medical advice
  • Do not replace consultation with a licensed clinician
  • Must not be relied upon for diagnosis or emergency decision-making

Users may request human review of automated decisions by contacting: info@medilink360.ai

3. Data Controller Identity & Contact Details

MediLink360 LLC-FZ is the Data Controller, responsible for determining the purposes and means of processing personal and health data.
Data Protection Contact / Privacy Officer:
info@medilink360.ai

4. Categories of Data We Collect

We collect and process only the data required to deliver our services, including:

A. Patient Data

  • Full name
  • Date of birth
  • Emirates ID number (optional where applicable)
  • Insurance eligibility information
  • Contact information (email, phone)
  • Submitted health concerns or descriptions
  • Uploaded medical reports or records
  • Medication information
  • Allergies
  • Appointment history
  • Account and profile details


B. Healthcare Provider Data

  • Professional name & credentials
  • Facility information
  • Work email address
  • User or provider ID
  • Role/assessor


C. Technical, Log, and Analytics Data (Collected Automatically)

  • IP address
  • Device type, operating system, and browser
  • Unique device identifiers
  • Usage logs and session duration
  • Crash reports and performance metrics
  • App interaction events (e.g., buttons clicked, screens visited)
  • This data enhances platform safety, reliability, and performance.

Users may manage cookie preferences through their browser or in-app settings where applicable

5. Legal Bases for Data Processing MediLink360 LLC-FZ

We are committed to processing your personal and health data lawfully, fairly, and transparently in accordance with the UAE Federal Decree-Law No. 45 of 2021 (PDPL) and the Federal Law No. 2 of 2019 regarding the Use of ICT in Health Fields.
Our processing activities are strictly based on the following legal grounds:

  • Explicit Consent: Where you have provided clear and explicit consent for specific processing activities (in accordance with PDPL Article 6).
  • Performance of a Contract: Processing is necessary for the fulfilment of our service agreement with you (e.g., providing healthcare services or managing appointments).
  • Compliance with UAE Health Laws: Processing of health data is conducted in strict compliance with the security and retention standards mandated by the Federal Law No. 2 of 2019 (ICT Health Law).
  • Public Interest or Legal Requirements: Where processing is required by UAE laws or requested by health authorities.
  • Legitimate Interest (security, fraud prevention, analytics—excluding health data)
    Where consent is withdrawn, processing will cease unless another legal basis applies (e.g., legal obligation or compliance with mandatory retention requirements).

6. Explicit Consent Requirement (Health Data)

By checking the consent box, Users provide:

  • Separate and explicit consent for processing health data
  • Consent for AI-generated interpretations
  • Consent for use of data to provide platform services

Consent can be withdrawn at any time (see section 13).

7. Processing Purposes

We process data only for the following purposes:

  • AI-based symptom collector
  • Matching users to appropriate departments
  • Appointment booking and management
  • Insurance eligibility checks
  • User account creation and authentication
  • Communication and service notifications MediLink360 LLC-FZ
  • Platform analytics, optimization, and fraud prevention
  • Compliance with the ICT Health Law and other UAE regulations

8. User Rights Under UAE PDPL

Users are informed of their rights under Articles 13–18 of the PDPL, including:

  • Right of access – obtain a copy of their personal data.
  • Right to correction – rectify inaccurate or outdated information.
  • Right to deletion – request erasure of data, unless retention is required under UAE health regulations.
  • Right to restrict processing – limit certain types of processing.
  • Right to object – object to processing in specific circumstances.
  • Right to data portability – request their data in a structured digital format.
  • Right to object to automated decisions – Users may request human review if an automated decision significantly affects them.

Requests may be submitted to info@medilink360.ai.

9. Minors’ Data

  • The Platform is not intended for independent use by individuals under 18 years.
  • If minors’ data is processed, parental/guardian consent is required.
  • Where healthcare laws mandate guardian involvement, compliance will be strictly followed.

10. AI/Algorithm Transparency Statement

Recommendations provided by the Platform (including health concern interpretation and department suggestions) are generated by AI algorithms based solely on User-submitted inputs.

These outputs do not constitute medical judgment, diagnosis, or clinical triage.

Users may request human review of any automated output by contacting: info@medilink360.ai.

11. Third-Party / Sub-Processor Disclosure

MediLink360 may engage both UAE-based and international third-party service providers (“sub processors”) to support the operation of the Platform, including for cloud hosting, payments processing, notifications, authentication, analytics, and AI-based processing.

Where personal or health data is transferred outside the United Arab Emirates, such transfers occur only with appropriate safeguards in place, including explicit user consent where required, contractual data protection obligations, and approved cross-border transfer mechanisms in accordance with the UAE Personal Data Protection Law (PDPL).

Sub-processors are contractually restricted to processing data solely for the purpose of providing services to MediLink360 and may not use such data for their own purposes.

All sub-processors are engaged under written agreements containing data-protection obligations consistent with the UAE Personal Data Protection Law.

12. Data Security and Retention

All User data is encrypted and stored within secure UAE-based infrastructure.

Retention Period:

Personal data is retained in accordance with applicable legal, contractual, and operational requirements, typically up to 7 years. Medical records are retained in accordance with UAE Health Data Law, typically up to 25 years. Logs and analytics data are retained for shorter periods, generally between 12 and 24 months

Where personal or health data is transferred outside the UAE, such transfers are carried out only in accordance with the UAE Personal Data Protection Law (PDPL), using appropriate safeguards such as explicit user consent, contractual protections, and approved transfer mechanisms.

Health data forming part of the medical record is stored within UAE-based infrastructure in accordance with Federal Law No. 2 of 2019, except where the user has explicitly consented to cross-border processing for specific services

13. Data Breach Notification

In the event of a data breach involving the User’s personal or health information, MediLink360 will notify Users in accordance with PDPL Article 9 and the ICT Health Data Law, including required notification to relevant UAE authorities.

Notifications will be made without undue delay and within timelines prescribed by applicable UAE laws, based on the severity and risk of the incident.

14. Withdrawal of Consent

Users may withdraw consent or request deletion of their data at any time by contacting
info@medilink360.ai. However, please note that:

  • Certain data may need to be retained if required by UAE health regulations or for legal compliance (e.g., mandatory retention of medical records) MediLink360 LLC-FZ
  • Withdrawal may limit a ccess to certain Platform features or prevent the delivery of services.
  • Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

15. Acceptance

☐ I confirm that I have read and understood the above terms and give my explicit consent to the processing of my data.
☐ I acknowledge that MediLink360 provides informational guidance only and does not offer medical diagnosis or treatment.

Request a Demo

By submitting this form, you agree to our privacy policy.