Skip to main content
DNA Labs UAE Logo

Privacy Policy

Privacy & Data Protection Policy

Effective Date: May 2026 Document ID: DLI-PDPL-2026-V1

At DNA Labs UAE (operated by DLI Genetic DNA Lab Fz-LLC), we recognize that genomic, biometric, and clinical health data represent the most sensitive categories of personal information. This Privacy & Data Protection Policy outlines our rigid architecture for collecting, processing, securing, and localizing your personal and clinical data.

1. Regulatory Compliance Framework

Our data governance infrastructure and clinical laboratory operations strictly adhere to the following statutory instruments of the United Arab Emirates:

  • Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL): Governing the processing of sensitive personal data.
  • Federal Decree-Law No. 41 of 2024 (Art. 87): Mandating clinical precision, data security, and operational standards for medical testing and pathology inside the UAE.
  • UAE CDS Law 2026 (Child Data Safety Framework): Dictating strict verification protocols for minor and dependent consent.
  • ISO 9001:2015 Certification: Operating under global quality management systems (Registration Certificate No: INT/EGQ/2509DA/3139).

2. Scope of Information Collected

To execute high-complexity molecular and diagnostic analysis, we must process the following categories of information:

  • Patient Identifiers: Name, Emirates ID, passport copy, phone number, physical address, and billing details required for chain-of-custody documentation.
  • Clinical Specifications: Referring physician data, medical prescriptions, clinical history, and symptom checklists provided by B2B hospital partners or directly via our Satwa branch.
  • Genomic and Biomarker Profiles: Raw sequence data (NGS/Sanger), genetic variant classifications, phenotypic correlations, and blood pathology markers generated during laboratory validation.

3. Minor Consent & Vulnerable Groups

In strict compliance with the UAE CDS Law 2026, DNA Labs UAE does not purposefully market to or process genomic materials of individuals under the age of legal majority without express parental or legal guardian authorization.

Before any sample collection occurs for a minor at our Satwa Suite or via mobile phlebotomy, a verified electronic or physical Consent and Relationship Validation Form must be executed by the authorized guardian.

4. Data Localization & Zero-Knowledge Architecture

Unlike global retail diagnostic platforms that offshore biological profiles, DNA Labs UAE prioritizes national data sovereignty:

  • Onshore Storage: All patient files, health histories, and genomic data are securely hosted on localized, encrypted servers physically situated within the sovereign borders of the United Arab Emirates.
  • Encryption Standards: Data is secured using advanced AES-256 protocols at rest and TLS 1.3 protocols in transit.
  • Anonymized Workflow: Laboratory processing personnel at our Dubai Healthcare City processing center work exclusively with barcoded, de-identified clinical identifiers. Names and personal identities are separated from genetic sequence files throughout the analytical workflow.

5. Retention, Destruction, & Patient Rights

Medical and diagnostic files are legally preserved for mandatory retention durations specified by the Dubai Health Authority (DHA) and Dubai Healthcare City Authority (DHCA) guidelines.

Under the UAE PDPL, patients and authorized medical referrers maintain specific rights regarding their digital footprints:

  • The right to request a secure copy of all processed personal records.
  • The right to correct or update demographic or billing inaccuracies.
  • The right to request data restriction or destruction, provided it does not conflict with statutory statutory medical retention laws governed by DHA.

6. Secure Third-Party Disclosure

DNA Labs UAE will never lease, sell, or commercially distribute your genetic or personal information to third-party entities. Data sharing is limited to:

  • The referring medical clinician, hospital partner, or institutional healthcare network explicitly indicated on your laboratory intake or insurance pre-authorization portal.
  • Statutory regulatory bodies (DHA/MOHAP) where mandated by federal public health reporting frameworks.
Security Notification: While we enforce multi-layered defense frameworks across our Laravel infrastructure, no digital environment is completely infallible. Patients are urged to protect their private patient portal logins and immediately notify our legal team if unauthorized access is suspected.