Browse

Want to chat?

Call us 054 5488731

Social

Privacy Policy

Privacy Policy – DNA Labs UAE (Clinical Genetic Laboratory)

Effective Date: April 14, 2026
Version: 2.0 – UAE PDPL Compliant
Jurisdiction: Dubai & Abu Dhabi, United Arab Emirates

At DNA Labs UAE, we operate exclusively as a clinical genetic laboratory under the regulatory oversight of the Dubai Health Authority (DHA) and the Ministry of Health and Prevention (MOHAP). This Privacy Policy governs the collection, use, storage, and disclosure of genetic and personal health data obtained from Patients in the UAE.

Scope of UAE Clinical Operations

DNA Labs UAE provides diagnostic and clinical genetic testing services only within the United Arab Emirates. All operations, data processing activities, and laboratory workflows are physically performed in Dubai and Abu Dhabi.

  • No data transfer of sensitive health or genetic information occurs outside the UAE’s digital borders unless explicitly permitted by UAE health data regulations and patient consent.

  • This policy supersedes any previous versions and is governed exclusively by UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law – PDPL) and relevant DHA/MOHAP Health Data Privacy Standards.

Types of Genetic & Personal Data Collected

As a clinical laboratory, we collect the following categories of data for medical purposes only:

Genetic & Biological Data

  • DNA samples (blood, saliva, or tissue)

  • Genomic sequencing results, variants, and mutation reports

  • Family history data relevant to the clinical indication

Personal & Health Identifiers

  • Full name, Emirates ID / Unified Number (URN)

  • Date of birth, nationality, and contact details

  • Referring physician’s name and license details

  • Clinical diagnosis codes (ICD-10) and medical necessity justification

No “customer” or e‑commerce data (e.g., browsing habits, payment card details unrelated to clinical billing) is collected for marketing purposes.

Purpose of Collection – Clinical Diagnosis & Medical Necessity

Your genetic and personal data is collected solely for clinical diagnostic purposes, including:

  • Confirming or ruling out a suspected genetic disorder

  • Guiding treatment decisions (pharmacogenomics, hereditary cancer syndromes, prenatal diagnosis)

  • Providing risk assessment for inherited conditions

Data is not used for research, commercial data mining, or secondary purposes without separate, explicit consent approved by a DHA/MOHAP ethics committee.

Patient Consent & Physician Referral Requirement

In compliance with UAE medical regulations, all diagnostic genetic tests require a valid physician’s referral (prescription or lab request form).

  • Before sample collection, you will sign a specific consent form for genetic testing, acknowledging:

    • The nature of the test and its clinical implications

    • Potential incidental findings

    • Your rights under UAE PDPL

  • Withdrawal of consent is possible before the analysis phase. After analysis, data is anonymised or archived as required by law.

Data Sovereignty – Storage Within UAE Digital Borders

All medical and genetic data is stored on secure servers located within the United Arab Emirates.

  • DNA Labs UAE does not use cloud providers that replicate or backup data outside UAE territory.

  • We maintain physical and logical separation of health data from any non‑UAE entity.

  • Our infrastructure adheres to DHA’s Health Data Storage & Security Standard (HDSS) and MOHAP’s National Backbone for Health Data requirements.

Data Sovereignty Commitment: Your genetic information never leaves the UAE’s jurisdiction except where explicitly required by UAE law (e.g., international public health reporting with all identifiers removed).

Third-Party Disclosure – Restricted to Clinical Partners & Health Authorities

We do not sell, rent, or trade patient data. Disclosure to third parties occurs only in the following limited scenarios:

Clinical Partners

  • Referral physicians or hospitals for continuity of care

  • Accredited reference laboratories (within UAE) for confirmatory testing, under strict data processing agreements

UAE Health Authorities

  • DHA, MOHAP, or Abu Dhabi Public Health Centre (ADPHC) for legally mandated disease surveillance or quality audits

  • No disclosure to law enforcement without a binding UAE court order

Excluded Entities

  • We do not share data with insurance companies for underwriting purposes without your explicit, separate consent.

  • No third‑party marketing or analytics platforms (e.g., Google Analytics, Facebook Pixel) receive personal or genetic data.

Sample Retention, Archiving & Destruction

Retention Period

  • Genetic samples and raw data are retained for 10 years from the date of the final report, as required by DHA Clinical Laboratory Standards.

  • Archived data is stored in encrypted, access‑controlled systems.

Destruction Method

  • After the retention period (or upon patient request after legal minimum is met), physical samples are chemically denatured and incinerated.

  • Electronic data is cryptographically erased (NIST 800‑88 compliant) to prevent reconstruction.

You may request earlier destruction of your biological sample (but not the clinical report) by submitting a written request to our Data Protection Officer (DPO) – see contact details below.

Your Rights Under UAE PDPL – Erasure & Data Portability

As a Patient, you have the following enforceable rights:

Right to Access

Receive a copy of all genetic and personal data we hold about you, in a human‑readable format.

Right to Rectification

Correct any inaccurate or incomplete personal or clinical data.

Right to Erasure (“Right to be Forgotten”)

Request deletion of your personal data unless retention is required by:

  • DHA/MOHAP record‑keeping laws (minimum 10 years for diagnostic reports)

  • Ongoing medical liability or legal proceedings

After the mandatory retention period, we will honour erasure requests within 30 days.

Right to Data Portability

Receive your genetic data (e.g., VCF, FASTQ, or PDF report) in a structured, machine‑readable format (HL7/FHIR or plain text) to transmit to another clinical laboratory of your choice.

To exercise any right, email: dpo@dnalabsuae.com (UAE‑hosted, monitored by our compliance team).

Security Measures & Breach Notification

  • Encryption: AES‑256 at rest, TLS 1.3 in transit.

  • Access control: Role‑based, with biometric/MFA for laboratory staff.

  • Audit logging: All access to genetic data is logged and reviewed monthly.

In the event of a data breach affecting genetic or health data, we will notify:

  1. DHA/MOHAP within 72 hours

  2. Affected patients directly (via registered phone/email) without undue delay

Contact Information & Data Protection Officer

DNA Labs UAE – Clinical Compliance Office
📍 123 Al Wasl Road, Dubai Healthcare City, Dubai, UAE
📞 +971 4 123 4567
✉️ dpo@dnalabsuae.com (for privacy/consent matters)

Regulatory references:

  • UAE Federal Decree-Law No. 45 of 2021 (PDPL)

  • DHA Health Data Privacy Standard (HDPS) – Version 3.2

  • MOHAP Clinical Laboratory Regulation – Cabinet Resolution No. 54 of 2021

Changes to This Privacy Policy

We will update this policy only after prior approval from our internal compliance committee and DHA (if materially affecting patient rights). The latest version will always be available at /privacy on dnalabsuae.com.

Compliance reviewed and approved by Dr. PRABHAKAR REDDY (DHA: 61713011), Data Protection Officer, DNA Labs UAE. Last updated: April 14, 2026.

Home Sample Collection

Sample Collection at Home

100% Accuarte results

Each sample is tested twice

DNA Labs UAE is ISO Accrediated Lab

Get Tested from certified labs

Trusted Lab by Doctors

We are experts in genetic and DNA Tests