Super App Privacy Policy

1. About this Privacy Policy

• 1.1. This privacy policy (the “Privacy Policy”) describes how M42 Ltd accesses, receives, collects, shares, and uses data and information including Personal Data and Non-Personal Data (as defined below). 
• 1.2. In this Privacy Policy, the words “we’’, “our’’ and “us’’ refer to M42 Ltd (“M42’’), “Personal Data” refers to any information or combination of information that relates to you and can be used to identify you and “Non-Personal Data” refers to any information that relates to you but which cannot be used to identify you.
• 1.3. Under data protection laws, we are required to provide you with certain information about who we are, how we process your Personal Data and for what purposes, and your rights in relation to your Personal Data.
• 1.4. This Privacy Policy is important for you to understand so please read this Privacy Policy carefully so that you can make an informed decision about whether to use or continue using our services.
• 1.5. By using our services, you consent and agree that M42 may access, receive, collect, share, use, and disclose (including transfer) your Personal Data in accordance with this Privacy Policy. 
• 1.6. If you do not agree with any of the terms included in this Privacy Policy, please refrain from using our services and DO NOT provide us with any Personal Data.
• 1.7. This Privacy Policy applies to the M42 mobile application only and any updates and supplements to it (the “App’’) that are developed, owned, or made available to you by us. The use of the App is governed by the terms and conditions located in the App (the “Terms’’). This Privacy Policy must be read in conjunction with the Terms. If you choose to use the App, you consent to collection, use and disclosure of your Personal Data and Non-Personal Data in accordance with this Privacy Policy.
• 1.8. We may amend this Privacy Policy from time to time and will make the updated Privacy Policy available in the App and on our website.  We reserve the right to update or modify this Privacy Policy, or any other of M42 policies or practices, at any time with or without notice. However, M42 will not use your Personal Data in a way that is materially different than the uses described in this Privacy Policy without giving you an opportunity to opt-out of such differing uses. The updated Privacy Policy will supersede earlier versions and will apply to any Personal Data provided to us previously. Each time you use the App and any updates, upgrades, new versions, and content or transact with us, you acknowledge and agree that the latest version of this Privacy Policy will apply.
• 1.9. It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during our relationship with you. We also have the right to request for documentation and carry out the necessary checks to verify your Personal Data provided as may be required by law.
• 1.10. If, at any time, you want to access or update any of your Personal Data on the App, you may do so by clicking “Your Account”, and then review/change your information as required.
• 1.11. UAE laws dictate how we can use and share your Personal Data and describe your rights with respect of your Personal Data. This Privacy Policy supplements these laws and regulations. In case of any inconsistencies or conflict between this Privacy Policy and UAE laws, the UAE laws will prevail but only to the extent of such inconsistencies or conflict.
• 1.12. For purposes of the applicable UAE data protection laws, M42 is the “data controller”. This means that M42 determines the purposes for which, and the way in which your Personal Data is processed.
• 1.13. If you provide us with any Personal Data belonging to and/or relating to a third party (e.g. information about your child), by submitting such information to us, you represent to us that you have obtained the relevant consent, or have the right to consent on behalf of any such third party, to provide us with their Personal Data, and you agree and acknowledge that such disclosure of their Personal Data will be governed by this Privacy Policy (as amended from time to time).

2. What Personal Data we collect

• 2.1. We may collect, use and disclose Personal Data received from or in relation to you, which may include some or all the information described in Section 2.1.1 – 2.1.13 of this Privacy Policy. Much of this information enables us to comply with our legal obligations or fulfil our contractual arrangements with you and other parties, and sharing this information may be necessary for us to provide our services:
  
  • 2.1.1. Information you give us. We may also ask you to provide certain Personal Data, such as your contact details (including but not limited to your full name, email address, mobile phone number, address, date of birth, age, gender, country of domicile, Emirates Identification number, passport details, insurance details, determination status and medical record number);
  • 2.1.2. Payment information, such as credit card details;
  • 2.1.3. Personal health information, including, but not limited to, information about your weight, height, health and lifestyle (including exercise frequency and habits, alcohol consumption, blood pressure, and other similar metrics), medical history, medical condition, diagnosis, treatments, allergies, medications, immunizations, surgeries, email or phone call communication relating to your medical records from your current, past or future health providers, general health information, fitness information, including various activities identified through apps or any devices used in conjunction with the App such as fitness trackers or health apps;
  • 2.1.4. Health insurance information related to your health insurance coverage, health insurance policy numbers, claims information and health insurance coverage dates;
  • 2.1.5. Personal laboratory and test results, including blood tests, x-rays and other diagnostic procedures and tests;
  • 2.1.6. Billing and payment information related to medical bills and financial transactions associated with healthcare services;
  • 2.1.7. Personal communications including any correspondence or communication related to a person’s health, including emails, medical notes and voicemails;
  • 2.1.8. Personal biometric data such as fingerprints, retinal scans, or any other biometric data for personal identification purposes; 
  • 2.1.9. Information we collect about your device, your use of the App, your device’s internet protocol (IP) addresses, device and advertising identifiers (including device IDs and platform information), browser type, operating system, internet service provider, pages you visit before and after using the App or any associated services and/or similar data;
  • 2.1.10. Location data, which is any information that M42 collects regarding your location (when you use a location-enabled service), including:
    
    • 2.1.10.1. location when you use M42 services, such as from your mobile device;
    • 2.1.10.2. IP address of the personal computer or other electronic or mobile device you use to access M42 services; 
    • 2.1.10.3. information made available by you or others that gives an indication as to where you are or have been located; 
    • 2.1.10.4. approximate location data to determine the country from which you are using the App. We may also collect your exact location information (e.g. GPS data) 
  • 2.1.11. Information we receive from other sources including third parties, publicly available sources, add-on services you opt for, and/or any connected devices or software which you permit to share information with us;
  • 2.1.12. Log data, which is technical data and information that is automatically collected by M42 when you use M42 services, including:
    
    • 2.1.12.1. technical data and information, such as your mobile carrier, configuration information made available by your web browser or other programs you use to access M42 services, your IP address and your personal computer or other electronic or mobile device’s version and identification number;
    • 2.1.12.2. information about what you have searched for and looked at while using M42 services, such as search terms used, pages visited, and details of other information and content accessed or requested by you in using M42 services; and
    • 2.1.12.3. metadata, which means information related to items you have made available through M42 services, such as the date, time, or location that information was entered or uploaded; and
  • 2.1.13. Any other information you may consent to provide to us.
• 2.2. When you use the App, we may monitor your usage of the App. We may use, collect, and share non-personally identifiable information which means information not associated with an identifiable individual.
• 2.3. We may use Cookies (as defined below) and/or other tracking technologies to distinguish you from other users of the App and to remember your preferences. Provided you agree to their use, one or more small files known as “Cookies” will be added to your personal computer or other electronic mobile device. Cookies help us provide you with a better experience and they are stored in the browser to enable us to: (a) remember information so that you will not have to re-enter it during your visit or the next time you use M42 services; (b) analyse your preferences and patterns to provide customized and personalized content and information; and (c) monitor your entries, submissions, pages viewed, etc. All of these purposes are intended to improve and personalize your experience with M42. M42 uses several types of Cookies, including Cookies that may remain after you close your browser or turn off your personal computer or other electronic or mobile device. There are a number of ways to remove Cookies and you can adjust your settings to refuse all Cookies or to indicate when a Cookie is being sent. However, M42 services may not be available or function properly if the ability to accept Cookies is disabled. To the extent that we have third-party advertisements on our website or App, those third parties may also place, set, and access Cookies on your computer. They do this to track how many unique users have seen a particular advertisement and to provide advertisements that are more relevant to a given user’s interests. 
• 2.4. We may also collect for each access to the App, the following information: details about web browser, IP address, time zone and location. 
• 2.5. We also use Google Analytics to help us understand our users better and provide you with a good experience when you use the App. If you prefer not to be tracked by Google Analytics, you can opt out of their advertising tracking cookie or use a browser plugin to disable all Google Analytics tracking software.

3. Use of Personal Data

• 3.1. We collect and use the Personal Data we collect in a manner that is consistent with this Privacy Policy, and applicable UAE privacy laws. We will only use your Personal Data when UAE laws allow us to do so. Most commonly, we will use your Personal Data in the following circumstances:
  
  • 3.1.1. Where you have consented prior to the relevant use, collection or processing, after having been adequately informed about the processing purposes;
  • 3.1.2. Where we need to perform a contract we are about to enter or have entered with you, including, but not limited to the Terms;
  • 3.1.3. Where it is necessary for our legitimate interests (and those of a third party) including but not limited to the improvement of, and communication about, our services and products, determining business strategy, carrying out internal audits, preventing and investigating fraud and/or breach of our codes and policies, and your interest and fundamental rights do not override those interests; or
  • 3.1.4. Where we need to comply with a legal or regulatory obligation, including court orders, legal process, law enforcement requests, statutory requirements, legal claims or government inquiries.
• 3.2. We may use information collected from you for one or more of the following purposes:
  
  • 3.2.1. If you provide Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, setting up your account with us and managing your access to the App or if you contact us by e- mail, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came;
  • 3.2.2. Providing you and other users with the services or functions of the App including without limitation to maintain your general health records, test results and health screenings, to make or review appointments with any specialist outpatient clinics or to order medicines;
  • 3.2.3. Accessing personal information collected by third party applications such as Apple’s HealthKit, Apple Health Google Fit or any other applications that are integrated on your mobile device or with the App. If you choose to connect a device or add-on service to the App, we may collect Personal Data that you have allowed such devices or services to share with us. For example, if you connect a sleep tracking device to the App, we may collect sleep measurements from that device;
  • 3.2.4. Operating and providing the App and any associated services and promotional activity for health services that may be relevant to your needs;
  • 3.2.5. Enabling you to view and pay any outstanding bills including but not limited to medical bills, teleconsultation and medicine bills through the App;
  • 3.2.6. Managing your relationship with us and fulfilling your requests for products, services, and any information available through the App;
  • 3.2.7. Transferring to and from your computer systems operated or managed by third parties, including any governmental authorities to provide you with the services and functions of the App;
  • 3.2.8. Sending you information about other health or clinical services or general wellness from us or on behalf of our affiliates;
  • 3.2.9. Assisting you with enquiries and obtaining feedback;
  • 3.2.10. Accounting, risk management and record keeping;
  • 3.2.11. Informing you and performing network or service enhancements, updates or upgrades;
  • 3.2.12. Carrying out research (academic and/or commercial with approved external research partners), planning and statistical analysis, including satisfaction surveys to improve or personalise our services and recommending content related to the App, our services, and your health;
  • 3.2.13. Offering you rewards and loyalty programs;
  • 3.2.14. Devising, organising and implementing programmes and other activities for or related to health education and prevention or detection of diseases; 
  • 3.2.15. Generating analytical data based on the Personal Data we collect from or in relation to you including data generated from your use or interactions with the App and/or connected devices; 
  • 3.2.16. Automatic processing of your Personal Data, including profiling of your data, in accordance to rules defined by our third party service providers and partners (see Section 4 below for more details). In undertaking such activities, we will ensure that our third-party service providers do not receive your information without your permission;
  • 3.2.17. Generating non-personalized and structured statistics of your data for comparison or wellness purposes. We will not use any data that identifies you or any individual users when undertaking such activities; 
  • 3.2.18 We may use your Personal Data for internal business purposes, including without limitation, to help us improve the content and functionality of our services, to better understand our users, to improve the services, security, fraud detection, provide you with customer service, and to generally manage our services and our business, as well as for analysing the services provided by our partners; and
  • 3.2.19. Purposes which are reasonably related to the aforesaid or any other purposes disclosed to you at the time we collect your information or pursuant to your consent. We may use any Personal Data in any manner that is not consistent with this Privacy Policy, such as to better understand how you access and use our services or to help M42 develop new services and improve existing services.
• 3.3. We may use your Personal Data for our marketing and advertising purposes, including (without limitation) by email, SMS marketing, WhatsApp, display media, and targeting other devices (such as tablets and mobile devices). We do this in order to inform you about services or events we believe might be of interest to you, develop promotional or marketing materials and display M42 or event-related content and advertising on or about our services that we believe might be of interest to you.
  You may see advertisements for our services on third party websites, including on social media platforms. Where you see an advertisement on a third party website or social media platform, this may be because we engaged the third party or social media platform to show this advertisement to you, or to others who have similar attributes to you. In some cases, this involves sharing your email address or other contact details with the third party or social media platform so that they can identify you as a user of our services, or identify other individuals with similar attributes to you in order to show them advertisements for our services. We will only send you direct marketing communications by email or text if we have your consent. You have the right to withdraw your consent to such communications at any time by contacting us or simply opting out by updating the marketing preferences on your user profile.
• 3.4. You also consent to us de-identifying your Personal Data and sharing the same in a non-identifiable data format for the purposes of: (i) education; (ii) research; (iii) assessing our quality standards and performance; and (iv) our internal business processes. In an ongoing effort to understand and serve our users better, we often conduct research on our customer demographics, interests and behaviour based on Personal Data and other information that we have collected. This research is typically conducted on an aggregate basis only that does not identify you. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

4. Authorised third-party vendors and service providers.

• 4.1. When you consent to providing us with your Personal Data, we also ask you for your consent to share your Personal Data with the following third parties:
  
  • 4.1.1. Third-party vendors and service providers that help us with specialised services, including but not limited to billing, payment processing, providing medical advice for telemedicine services, management and hosting telemedicine services, customer service, IoT technology, IT services, email deployment, direct mail, business and data analytics, marketing (including but not limited to advertising, performance monitoring, hosting, and data processing, marketing, delivery services and payment processing); 
  • 4.1.2. A third party authorised to provide services on our behalf;
  • 4.1.3. A third party who is our consultant or professional adviser, including but not limited to, lawyers, accountants and auditors;
  • 4.1.4. A third party with whom we collaborate or partner to devise, organise, or to provide support or assistance to any third parties in devising, organising and implementing for example, any fitness or health challenges, or programmes or activities and other initiatives; and
  • 4.1.6. A third party to whom we may choose to sell, transfer or merge parts of our business or our assets.
• 4.2. Third party vendors and service providers described in Section 4.1 may not use your Personal Data for purposes other than those related to the App and any associated services.
• 4.3. We reserve the right to change our third parties. Your continued use of the App therefore represents your agreement to the disclosure to, and use of your data where applicable, by third parties that we have service agreements with or are in collaboration with.

5. Sharing Of Information

• We may share the information we collect under specific circumstances. Your data, including  sensitive health information, may be shared with our group companies, affiliates, and trusted partners to ensure the continuation and coordination of your healthcare. We prioritize the security of your data and take measures to protect it when shared electronically via email or other means. You have the right to request copies of your medical records and can trust that we handle your information responsibly and in accordance with applicable laws and regulations.

6. Security

• 6.1. To safeguard your Personal Data, we have implemented a range of technical and organisational measures to protect your data from unlawful or unauthorised destructions, loss, change, disclosure, acquisition or access. We use measures to protect your personal identifiable information and data from loss, theft, misuse, and unauthorised access, disclosure, alteration, and destruction in accordance with the applicable UAE laws. Your data will be stored in our secure cloud in accordance with all applicable UAE laws and regulations. M42 cannot guarantee or warrant that data or information may not be accessed, altered, destroyed, or disclosed by a breach of any of M42 safeguards because no data storage system or method of transmission of data over the Internet or any public network can be guaranteed to be 100 per cent secure. Any data, information, or content that you transmit while using M42 services is done at your own risk. Using unsecured Wi-Fi or other unprotected networks is never recommended.
• 6.2. Due to the nature of the App, there is an inherent risk of wrongful, illegal, or unauthorised access by third parties to your account(s) and/or handheld/mobile devices(s). You hereby acknowledge and agree to accept the risk of such wrongful, illegal, or unauthorised access and hereby agree that we shall not be liable for any loss or damage howsoever arising from such wrongful, illegal, or unauthorised access.

7. Retention of Personal Data

• 7.1. Subject to applicable laws and regulations, M42 will only use your Personal Data for so long as is necessary to fulfil the purposes as set out under this Privacy Policy or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period of time for legal, tax, or regulatory reasons or for legitimate and lawful business purposes.
• 7.2. Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.
• 7.3. However, it is important to note that using M42’s services may put your Personal Data in the hands of third parties that M42 cannot control, such as hosting companies and data centers. If you would like to update or amend your Personal Data you may do so by contacting M42 at patientsupport@m42.ae or updating your profile in the App. In some cases, M42 may not be able to update, amend or remove your Personal Data, in which case M42 will let you know why M42 are unable to do so.

8. Children /Minors

• We do not knowingly collect Personal Data from children under the age of eighteen (18). If you are under the age of eighteen (18), please do not submit any Personal Data through the App. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data through the App or our website without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Data to us, please contact us at patientsupport@m42.ae and we will endeavor to delete that information.

9. Your choices and legal rights

• 9.1. M42 is committed to protecting the privacy and security of your Personal Data. If you have a question or complaint about how your Personal Data is handled, these should be directed to the contacts below. We will comply with the relevant data protection law(s), which generally say that Personal Data must be:
  
  • 9.1.1. used lawfully, fairly and in a transparent way;
  • 9.1.2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • 9.1.3. relevant to the purposes we have told you about and limited only to those purposes; 
  • 9.1.4. accurate and kept up to date;
  • 9.1.5. kept only as long as necessary for the purposes we have told you about; and
  • 9.1.6. kept securely.
• 9.2. Under certain circumstances you have the following rights under data protection laws in relation to your Personal Data.
• 9.3. You have the right to: (i) request access to your Personal Data; (ii) request correction, restriction of processing, transfer, or erasure, of your Personal Data; (iii) ask not to continue to process your Personal Data for marketing purposes; and (iv) withdraw your consent.
• 9.4. You can exercise any of these rights at any time by contacting us at patientsupport@m42.ae. 
• 9.5. You can also contact us at patientsupport@m42.ae if you: (i) have any enquiries or feedback on this Privacy Policy; or (ii) need more information on or access to data which you have previously provided us with.

10. Third-party links

• The App may contain links to other websites and applications whose data protection and privacy practices may differ from ours. Clicking on any of these links will direct you to an independent, third-party website with its own privacy policy and which may place its own third-party cookies on your device. We are not responsible for the content and privacy practices of these websites or applications and encourage you to review the privacy policies or notices of those websites or applications. You may adjust your communication and cookie preferences under the third party application settings.

11. Questions

• If you have any questions about this Privacy Policy, please email us at patientsupport@m42.ae and we will get back to you as soon as possible.