PRIVACY POLICY
Effective date: [19/02/2026]
Last updated: [24/06/2026]
- Introduction
Three Degrees Health FZC LLC (“3 Degrees Health”, “the Company”, “we”, “us”, or “our”) is a company incorporated under the laws of the United Arab Emirates (“UAE”), particularly in the Ajman Free Zone.
3 Degrees Health provides healthcare and wellness consultancy services that facilitate medical tourism by matching clients with suitable medical providers, coordinating
appointments, and delivering end-to-end logistical support for international patients.
At 3 Degrees Health, we value your privacy and are committed to safeguarding your personal information. All Personal Data that you provide us will be protected and kept confidential among our affiliates, representatives, and privies.
This Privacy Policy (“Policy” or “Notice”) explains how we collect, use, share, and protect your Personal Data in connection with your use of our services, platforms, websites, applications, and related solutions (collectively, the “3 Degrees Health Services”). This Policy also sets out your rights and how you may contact us for further information.
You agree to this Privacy Policy by visiting our website https://3degreeshealth.com/ or using any of the 3 Degrees Health Services.
Your use of the 3 Degrees Health Services, and any dispute over privacy, is subject to this Policy and our Terms of Use (available at https://3degreeshealth.com/), including applicable limitations on liability and dispute resolution provisions.
Our platform is hosted and operated from the United Arab Emirates and is subject to the laws of the United Arab Emirates. If you are accessing our Service from other jurisdictions, please be advised that you are transferring your personal information to us in the UAE, and by using our Service, you are agreeing to the transfer and use of your personal information in
accordance with this Privacy Policy. You also agree to abide by the applicable laws of the United Arab Emirates concerning your use of the Service and your agreements with us.
If you have any questions, comments, or requests regarding this Notice, you can contact us via email at info@3degreeshealth.com or through the contact details set out in Section 23 below.
- Definitions
In this Policy, the following terms shall have the meanings ascribed to them below:
|
“Consent” |
means the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they (by a statement or by a clear affirmative action) signify their agreement to the processing of Personal Data relating to them. |
|
“Data Controller” |
means the entity that determines the purposes and means of the processing of Personal Data. |
|
“Data Processor” |
means an entity that processes Personal Data on behalf of the Data Controller. |
|
“Data Subject” |
means a living, identified, or identifiable individual about whom 3 Degrees Health holds Personal Data. |
|
“Data Protection Legislation” |
means all applicable data protection and privacy laws, including, but not limited to, Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), Federal Law No. 2 of 2019 Concerning the Use of the Information and Communications Technology in Health Fields, and any successor legislation. |
|
“Personal Data” |
means any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his or her name, voice, picture, identification number, electronic identifier, geographical location, or one or more physical, physiological, cultural or social characteristics. Personal data includes sensitive personal data and biometric data. |
|
“Personal Data Breach” |
means a breach of security and personal data through unauthorised or unlawful access thereto, such as replication, transmission, distribution, exchange, transfer, circulation or processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed. |
|
“Processing” |
means an operation or set of operations which is performed on personal data using any electronic means including other means, such as collection, storage, recording, structuring, adaptation or alteration, handling, retrieval, exchange, sharing, use, characterisation, disclosure by transmission, dissemination, distribution or otherwise making available, alignment, combination, restriction, erasure, destruction or creation of a model of personal data. |
- Consent
You accept this Privacy Policy when you give consent upon access to our platforms, or use our services, content, features, technologies or functions offered on our website, digital platforms or visit any of our offices for official or non-official purposes.
- Age Restriction
You affirm that you are over the age of majority and have the right to contract in your own name, and that you have read the above authorisation and fully understand its contents.
- Data Protection Principles
The Data Protection Legislation sets out the following principles with which anyone handling Personal Data must comply. We, our employees, agents, contractors, and third-party service providers comply with the following principles when collecting or processing your Personal Data. All Personal Data must be:
processed lawfully, fairly, and in a transparent manner in relation to the data subject;
collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate Personal Data is erased or rectified without delay;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed; and
processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
- Information We Collect
In providing the 3 Degrees Health Service to you, there are three categories of information we collect. We collect a variety of information from our users and visitors to our website. As described below, some information is automatically collected when you visit our website, and some you provide to us when filling out a form or communicating with us.
Information You Provide to Us: When you register for and use the 3 Degrees Health Service, you provide us with personal information, including:
your name, email address, postal address or postal code, and telephone number;
payment method details and transaction information (payment card details are processed by third-party payment processors, and 3 Degrees Health does not directly store or have access to full payment card information);
username and password; unique user IDs assigned to accounts; date of birth; gender; profile photographs (where uploaded); account settings and preferences;
any other information you choose to provide to us or direct us to collect.
Information Collected Automatically: Whenever you use the 3 Degrees Health Service, we and third parties on our behalf automatically collect certain technical and usage information about you and your devices, including:
your activity on or interaction with the 3 Degrees Health Service;
your interactions with our emails, app notifications, push notifications, and online
messaging channels;
details of your interactions with our customer service, such as the date, time, and reason for contacting us, and transcripts of any chat or email conversations;
device IDs or other unique identifiers;
IP address (which may indicate your general geographic location); domain name of your internet service provider; average time spent on our Service; pages viewed; access times; and other relevant statistics; and
information collected via the use of cookies, web beacons, and other technologies,
including information about your interactions with the 3 Degrees Health Service and
advertisements. Please see Section 17 (Use of Cookies) for more details.
Information Collected from Partners and Third-Party Sources: We may collect Personal Data from authorised partners and third-party sources in connection with the provision and improvement of our Services. Such partners may include healthcare providers, pharmacies, diagnostic labs, health insurance companies, payment processors, travel/logistics providers, billing service providers, cloud hosting providers, IT support vendors, and other technology integration partners engaged by 3 Degrees Health. We may also receive information from regulatory authorities or other lawful bodies where required for compliance purposes.
The information obtained from such sources may include service activation details,
transaction confirmations, system integration data, security or fraud-prevention information, and other data necessary for the effective operation, administration, and regulatory
compliance of 3 Degrees Health Services.
- Using Your Personal Data
We primarily collect your Personal Data to ensure that we provide efficient, secure, and reliable Services to you, to monitor and improve our platforms, and for other legitimate business purposes. Your information will be used and disclosed for the following purposes:
Service Access and Account Management: to provide access to our platforms; to create and manage user accounts; to authenticate authorised users; and to provide operational dashboards and related functionalities;
Business Operations and Fulfilment: to coordinate requests with third party health
providers and logistics providers, manage appointments, verify user eligibility, track
payment status, etc.;
Customer Relationship Management: to respond to inquiries; to provide technical and customer support; to notify users of updates, system changes, or service-related
information; and to manage ongoing client relationships;
Analytics and Service Improvement: to monitor platform performance; to analyse usage trends; to improve system functionality and user experience; and to develop new features, services, or solutions; and
Legal and Regulatory Compliance: to comply with obligations under UAE PDPL, financial and commercial regulations, and lawful requests from governmental or regulatory
authorities.
Employees, agents, contractors, and other authorised parties working on behalf of 3 Degrees Health shall process Personal Data only to the extent necessary for the performance of their duties and in accordance with this Policy.
- Data Accuracy
Your Personal Data must be accurate and kept up to date. In this regard, 3 Degrees Health shall ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to you; make efforts to keep your Personal Data updated where reasonable and applicable; and make timely efforts to correct or erase your Personal Data when inaccuracies are discovered.
You are responsible for ensuring that the information you provide to us is accurate, complete, and up to date. You can update your account information at any time by contacting us at info@3degreeshealth.com.
- Data Retention
3 Degrees Health shall not keep Personal Data for any longer than is necessary in light of the purpose or purposes for which that Personal Data was originally collected, held, and processed.
We will generally retain Personal Data for as long as required to provide our Services, maintain active client or user accounts, fulfil contractual obligations, resolve disputes, enforce our agreements, and comply with applicable legal and regulatory requirements.
Where accounts are deactivated or contractual relationships terminate, we may retain relevant Personal Data for a limited period thereafter for audit, accounting, tax, legal, regulatory, fraud prevention, and risk management purposes.
We may retain your Personal Data for a longer period than specified above in the event of a complaint, dispute, or if we reasonably believe there is a prospect of legal proceedings; where we are aware of pending or ongoing legal proceedings involving you or relating to our Service; where applicable law, regulation, or regulatory authority requires us to retain data for a longer period; or where retention is necessary for the establishment, exercise, or defence of legal claims.
- Other Information We Collect
We may collect additional information through cookies, system logs, analytics tools, surveys, feedback forms, or other communications in connection with the use of our website and platforms. Further details regarding our use of cookies and similar technologies are set out in Section 17 (Use of Cookies).
We may also collect supplemental information from authorised third parties where necessary to verify identity, prevent fraud, enhance system security, or support service delivery, to the extent permitted by applicable law. Such information may be combined with data collected directly from you in order to improve the efficiency, reliability, and security of our Services.
- Data Confidentiality
Your Personal Data is treated as confidential and will not be disclosed to third parties except as permitted under this Policy, required by law, or necessary for the provision of our Services.
3 Degrees Health implements appropriate administrative, technical, and organisational safeguards to protect Personal Data against unauthorised access, disclosure, alteration, or destruction. Access to Personal Data is restricted to authorised personnel, agents, contractors, and service providers who require such access for legitimate business purposes and who are subject to confidentiality obligations.
While we take reasonable steps to safeguard Personal Data entrusted to us, you also play a role in protecting your information, including maintaining the confidentiality of login credentials and using secure communication channels when interacting with our platforms.
- Disclosures
We will not sell, publish, or disclose your Personal Data to third parties except as necessary to provide our Services or as otherwise set out in this Policy.
We may share your Personal Data with our affiliates, authorised service providers, contractors, professional advisers, and technology partners who assist us in delivering our Services, including cloud hosting providers, IT support vendors, cybersecurity providers, payment processors, and customer relationship management service providers. Such third parties are contractually obligated to process Personal Data only in accordance with our instructions and in compliance with applicable Data Protection Legislation.
We may disclose Personal Data where required to comply with applicable laws, regulations, lawful governmental or regulatory requests, court orders, or to protect the rights, property, or safety of 3 Degrees Health, our clients, users, or the public.
We may also disclose Personal Data in connection with a merger, acquisition, restructuring, financing transaction, asset sale, or other corporate transaction, provided that appropriate safeguards are in place.
To the extent legally permitted, we will take reasonable steps to notify you prior to any such disclosure where it materially affects your rights.
We will notify you as soon as we become aware of a harmful data breach which may result in a risk to your rights and freedom.
- Transfer of Personal Data
Third Party Processors
3 Degrees Health may engage third-party service providers to process Personal Data on our behalf. Such processing shall be governed by written agreements that require the third party to implement appropriate technical and organisational measures to protect Personal Data and to comply with applicable Data Protection Legislation.
International Transfers
Your Personal Data may be transferred to, and processed in, countries outside the UAE where our service providers or infrastructure are located. Where such transfers occur, 3 Degrees Health shall ensure that appropriate safeguards are implemented in accordance with the UAE PDPL.
We will only transfer Personal Data outside the UAE, including to countries where we operate or engage healthcare providers, partners, or other service providers, where one of the following applies: the recipient country has been recognised as providing an adequate level of data protection; appropriate contractual safeguards are in place; the transfer is necessary for the performance of a contract; the transfer is required for public interest reasons; the transfer is necessary for the establishment, exercise, or defence of legal claims; or you have provided explicit consent.
We shall take reasonable steps to ensure that any international transfer of Personal Data is carried out securely and in compliance with applicable legal requirements.
- Your Rights
Subject to certain limitations and exceptions, you are entitled to the following principal rights under the Data Protection Legislation:
You have the right to be notified if we are transferring your personal information, where and to the extent required by law.
You have the right to request access to the Personal Data we hold about you and certain information about our processing, including with whom we have shared or disclosed your data.
You have the right to request correction of the personal information that we hold about you. This enables you to have incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide.
You have the right to request an erasure of your Personal Data at any time, subject to any legal obligations we may have to retain such data.
You may request at any time that we halt further dissemination of your data or cease to use your personal information.
You have the right to request restriction of processing of your personal information in certain circumstances, including where you want us to establish the data’s accuracy;
where our use of the data is unlawful but you do not want us to erase it; or where you need us to hold the data even if we no longer require it for establishing, exercising, or defending legal claims.
Where applicable under the Data Protection Legislation (and subject to lawful limitations), you may request to receive certain Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit it to another controller where technically feasible.
Where we rely on your Consent as our lawful basis, you may withdraw your Consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
In addition to any statutory portability rights, where legally permissible and practicable, you may request an export of your data before account termination or closure.
To exercise any of the rights above, please contact us at info@3degreeshealth.com. We may request additional information to verify your identity and/or authority. If we deny your request, you may appeal our decision by contacting us at the address set out in Section 23 (Contact Us) below. We will not discriminate against you for exercising any of these rights.
- Security
3 Degrees Health is committed to ensuring that your Personal Data is secure. We implement reasonable administrative, technical, logical, and physical safeguards designed to protect Personal Data against unauthorised access, disclosure, alteration, destruction, or loss.
Such measures may include encryption, access controls, authentication procedures, network security controls, secure data hosting environments, and periodic security assessments. Access to Personal Data is limited to authorised personnel who require such access for legitimate business purposes.
While we take reasonable steps to protect Personal Data, no method of transmission over the internet or electronic storage system is completely secure. Accordingly, we cannot guarantee absolute security, but we will continue to maintain and improve our security measures in line with industry standards and regulatory expectations.
- Training
3 Degrees Health shall ensure that employees, agents, and authorised personnel who collect or process Personal Data receive appropriate training in data privacy and protection. Such training is designed to ensure awareness of legal obligations, data security responsibilities, and best practices for safeguarding Personal Data.
We shall periodically review and update our data protection training programmes to ensure continued compliance with applicable Data Protection Legislation.
- Use of Cookies
3 Degrees Health uses cookies and similar technologies on our website and platforms to enhance user experience, analyse usage patterns, improve performance, and maintain security.
Cookies may be used to remember user preferences, maintain session information, measure website traffic, and support analytics tools that help us understand how users interact with our platforms.
You may adjust your browser settings to refuse or disable cookies. However, disabling cookies may affect the functionality of certain features of our website or platforms.
Where required by applicable law, we will obtain your consent prior to deploying non-essential cookies.
If you have any other queries about our use of cookies, you can contact us at the address set out in Section 23 (Contact Us) below.
- The Data We Retain
We will retain your information for as long as needed to provide you with the 3 Degrees Health Service, comply with our legal and statutory obligations, or verify your information with a financial institution.
We are statutorily obligated to retain the data you provide us with in order to process
transactions, ensure settlements, make refunds, identify fraud, and in compliance with laws and regulatory guidelines applicable to us.
Please refer to Section 9 (Data Retention) above for full details of our retention policy.
- Data Breach Management Procedure
In the event where there is any accidental or unlawful destruction, processing, loss, alteration, unauthorised disclosure of, or access to your Personal Data, we shall:
notify you within 72 (seventy-two) hours of the occurrence of the data breach (or within such shorter period as may be required under applicable law);
properly investigate the breach and take the necessary steps to mitigate such breach; identify remediation requirements and track the resolution of such breach; and
notify the UAE Data Office or any other relevant regulatory authority, where necessary.
- Links to Third-Party Websites and Platforms
Our website or platforms may contain links to third-party websites or services that are not operated by 3 Degrees Health. We do not control and are not responsible for the privacy practices or content of such third-party websites or services.
We encourage you to review the privacy policies of any third-party websites or services you access through our platforms.
- Limitation of Liability
We exercise reasonable efforts to safeguard the security and confidentiality of your Personal Data; however, we will not be liable for unauthorised disclosure of Personal Data that occurs through no fault of ours.
- Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Where changes are made, we will publish the updated version on our website and indicate the effective date of the revision.
Your continued use of our Services following any updates constitutes acknowledgement of the revised Policy.
You may access the previous version of this Privacy Policy by writing to us at
info@3degreeshealth.com or through the contact details in Section 23 below.
- Contact Us
If you would like more information, or have any comments or questions about our Privacy Policy, please contact us using the details below:
Data Protection Officer
Three Degrees Health FZC LLC
26th Floor, Amber Gem Tower, Ajman, United Arab Emirates
Email: info@3degreeshealth.com
General Customer Support: info@3degreeshealth.com
Please note that if you contact us for assistance, we may need to authenticate your identity before fulfilling your request, for your safety and our own.
This Policy is effective as of 24/06/26.