Privacy Policy for Care by Freit.io
1. Introduction
Welcome to Care by Freit.io!
Care by Freit.io ("we," "us," or "our") is a digital patient portal operated by Freit FZ LLC, a company registered in Sharjah Research Technology and Innovation Park (SRTIP), Sharjah, UAE. We are committed to protecting your privacy and securing your personal and health information in accordance with the highest international standards.
This Privacy Policy explains how we collect, use, store, and protect your personal and medical data when you use our patient portal services. By using Care by Freit.io, you acknowledge that you have read, understood, and agree to this Privacy Policy.
IMPORTANT: Your privacy is our priority. We strictly adhere to UAE federal laws, international data protection standards including GDPR and HIPAA principles, and healthcare-specific regulations to ensure your information remains secure and confidential
2. Information We Collect
2.1 Personal Information
When you register and use Care by Freit.io, we collect the following personal information:
Full name as it appears on your Emirates ID or passport
Date of birth for accurate identification and age verification
Email address for account notifications and communications
Mobile phone number for appointment reminders and SMS notifications
Physical address for service delivery and emergency contact purposes
Emirates ID number for compliance with UAE healthcare regulations
Emergency contact information (optional but recommended)
2.2 Health Information
We collect and process the following health-related data:
Medical history as entered by you or your authorized healthcare providers
Current medications and prescription details
Allergies and medical conditions for safety purposes
Appointment records including dates, times, and provider information
Lab test results and diagnostic reports from authorized healthcare facilities
Insurance details including policy numbers and coverage information
Treatment records and clinical notes from your healthcare providers
Digital health documents you upload or share through our platform
2.3 Technical Information
We automatically collect certain technical information when you use our platform:
Device information including type, operating system, and browser details
IP address and location data for security and service optimization
Usage patterns including pages visited and time spent on the platform
Log files for system maintenance and troubleshooting
Cookies and tracking technologies for enhanced user experience
3. How We Use Your Information
3.1 Primary Healthcare Purposes
We use your information to:
Provide access to your complete healthcare records and medical history
Facilitate appointment booking with healthcare providers across the UAE
Enable lab test scheduling and result delivery from authorized diagnostic centers
Process prescription orders and medication management (coming soon)
Ensure secure communication between you and your healthcare providers
Maintain medical records in compliance with UAE healthcare regulations
Generate health reports and summaries for your healthcare management
3.2 Platform Operations
We use your information to:
Maintain and improve our platform functionality and user experience
Provide customer support and respond to your inquiries
Send appointment reminders and important health-related notifications
Ensure platform security and prevent unauthorized access
Comply with legal obligations and regulatory requirements
Conduct quality assurance and service improvement activities
3.3 What We Do NOT Do
We strictly prohibit the following uses of your information:
Selling, renting, or sharing your personal or health information with third parties for marketing purposes
Using your data for advertising or commercial purposes unrelated to healthcare
Sharing information with unauthorized parties without your explicit consent
Transferring data outside the UAE without proper authorization and safeguards
4. Legal Basis for Processing
Our processing of your personal and health information is based on:
4.1 UAE Federal Laws
Federal Law No. 2 of 2019 (ICT in Health Fields Law) governing healthcare data processing
Federal Decree Law No. 45 of 2021 (Personal Data Protection Law) for general data protection
Dubai Health Authority (DHA) regulations for healthcare service compliance
Ministry of Health and Prevention (MOHAP) guidelines and standards
4.2 Your Consent
Explicit consent for specific uses of your health information
Implied consent for essential healthcare services and platform operations
Withdrawal of consent options where legally permissible
4.3 Legitimate Interests
Healthcare service delivery and patient safety
Platform security and fraud prevention
Regulatory compliance and legal obligations
Quality improvement and service enhancement
5. Data Sharing and Disclosure
5.1 Authorized Healthcare Providers
We share your health information with:
Your selected healthcare providers for appointment bookings and consultations
Authorized diagnostic centers for lab test processing and result delivery
Partner pharmacies for prescription fulfillment (coming soon)
Insurance providers for claims processing and coverage verification
Emergency medical services when necessary for your safety
5.2 Legal Requirements
We may disclose your information when required by:
UAE federal or emirate laws and regulations
Court orders and legal proceedings
Healthcare authorities for public health purposes
Emergency situations to protect your vital interests or those of others
5.3 Business Partners
We work with carefully selected partners who help us deliver services:
NABIDH-compliant healthcare systems integration
Riayati platform connectivity for government healthcare services
DHPO-integrated insurance claims processing
Authorized cloud service providers for secure data storage within the UAE
6. Data Security and Protection
6.1 Technical Safeguards
We implement industry-leading security measures:
End-to-end encryption for all data transmission and storage
Multi-factor authentication for account access
Secure Socket Layer (SSL) technology for web communications
Regular security audits and penetration testing
Automated backup systems with encrypted data storage
Access controls limiting data access to authorized personnel only
6.2 Physical Safeguards
Our data centers and facilities feature:
Controlled access with biometric authentication
24/7 monitoring and surveillance systems
Fire suppression and environmental controls
Secure server rooms with restricted access
Equipment disposal following secure data destruction protocols
6.3 Administrative Safeguards
We maintain comprehensive policies for:
Staff training on data protection and privacy practices
Background checks for all personnel with data access
Incident response procedures for potential security breaches
Regular compliance audits and assessments
Vendor management ensuring third-party security compliance
7. Data Retention and Storage
7.1 Retention Periods
We retain your information according to UAE healthcare regulations:
Health records: Minimum 25 years from the last healthcare procedure, as required by UAE Federal Law No. 2 of 2019
Personal information: As long as necessary for healthcare services and legal compliance
Technical logs: Up to 3 years for security and troubleshooting purposes
Marketing communications: Until you withdraw consent or close your account
7.2 Data Localization
In compliance with UAE healthcare laws:
All health data is stored within UAE borders on secure, certified servers
No health information is transferred outside the UAE without explicit authorization from relevant health authorities
Cloud services are provided by UAE-licensed providers with local data centers
Backup systems maintain multiple copies within UAE jurisdiction
7.3 Data Deletion
We provide mechanisms for:
Account closure with secure deletion of personal information
Selective data removal where legally permissible
Automatic deletion of expired or unnecessary data
Secure destruction of physical media containing sensitive information
8. Your Rights and Choices
8.1 Access Rights
You have the right to:
Access your personal and health information stored on our platform
Request copies of your medical records and test results
View your account activity and data processing history
Obtain information about how your data is used and shared
8.2 Correction and Update Rights
You can:
Update your personal information through your account settings
Request corrections to inaccurate or incomplete health records
Add new information to your medical history
Notify us of changes to your contact information
8.3 Deletion and Restriction Rights
Subject to legal requirements, you may:
Request deletion of certain personal information
Restrict processing of your data for specific purposes
Object to certain uses of your information
Withdraw consent for optional data processing activities
8.4 Data Portability
You have the right to:
Download your data in a commonly used electronic format
Transfer your information to another healthcare provider
Request data export for personal records management
Receive assistance with data migration when switching providers
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
Essential cookies: Required for basic platform functionality
Security cookies: Used for fraud prevention and account protection
Performance cookies: Help us understand how you use our platform
Preference cookies: Remember your settings and customizations
9.2 Cookie Management
You can control cookies through:
Browser settings to block or delete cookies
Platform preferences for optional tracking features
Opt-out mechanisms for non-essential cookies
Regular cookie clearing for enhanced privacy
9.3 Third-Party Tracking
We limit third-party tracking by:
Restricting external scripts to essential services only
Implementing privacy-focused analytics tools
Obtaining consent for non-essential third-party services
Regularly reviewing our third-party integrations
10. International Data Protection Compliance
10.1 GDPR Compliance
For users in the European Union, we provide:
Lawful basis for all data processing activities
Data subject rights including access, rectification, and erasure
Privacy by design principles in our platform development
Data protection officer contact for privacy concerns
10.2 HIPAA Principles
We follow HIPAA-inspired practices including:
Minimum necessary standard for data access and sharing
Administrative safeguards for workforce training and access controls
Technical safeguards for data encryption and secure transmission
Physical safeguards for secure storage and facility access
10.3 Local Compliance
We ensure compliance with:
UAE Personal Data Protection Law for general data processing
Dubai Healthcare City regulations for healthcare data protection
Free zone data protection requirements where applicable
Sectoral healthcare guidelines and best practices
11. Children's Privacy
11.1 Age Restrictions
Minimum age for independent account creation is 18 years
Parental consent required for users under 18
Guardian supervision necessary for minor account management
Special protections for children's health information
11.2 Parental Controls
For minor users, we provide:
Parental account access to monitor and manage healthcare information
Consent mechanisms for healthcare providers to access information
Privacy education for both parents and children
Age-appropriate communications and interface design
12. Data Breach Notification
12.1 Incident Response
In case of a data breach:
Immediate containment of the security incident
Risk assessment to determine potential impact
Regulatory notification to relevant authorities within 72 hours
User notification for high-risk breaches affecting personal data
12.2 Breach Prevention
We prevent breaches through:
Continuous monitoring of system security
Regular security updates and patches
Employee training on security best practices
Incident simulation exercises and preparedness drills
13. Contact Information
13.1 Privacy Inquiries
For privacy-related questions and concerns:
Privacy Officer: privacy@freit.io
General Support: help@freit.io
Data Protection Officer: bilal.hameed@freit.io
13.2 Business Information
Freit FZ LLC
Address: Hi-Tech Office 101, Sharjah Research Technology and Innovation Park (SRTIP), Sharjah, UAE
Phone: +971-50-1364096
Website: www.care.freit.io
13.3 Regulatory Authorities
You may also contact relevant authorities:
UAE Data Protection Authority for general privacy concerns
Dubai Health Authority for healthcare-specific issues
Ministry of Health and Prevention for federal health regulations
14. Changes to This Privacy Policy
14.1 Policy Updates
We may update this Privacy Policy to reflect:
Changes in UAE or international privacy laws
New platform features or service offerings
Enhanced security measures or data protection practices
Regulatory requirements or industry standards
14.2 Notification of Changes
We will notify you of significant changes through:
Email notifications to your registered email address
Platform notifications when you log into your account
Website posting of updated policy with effective date
SMS alerts for critical privacy-related updates
14.3 Continued Use
Your continued use of Care by Freit.io after policy changes constitutes acceptance of the updated terms.
15. Governing Law and Jurisdiction
This Privacy Policy is governed by UAE federal law and the laws of the Emirate of Sharjah. Any disputes arising from this policy will be resolved through arbitration in Sharjah, UAE, under the Arbitration Rules of SRTIP.
16. Effective Date
This Privacy Policy is effective as of July 5, 2025 and replaces all previous versions.
By using Care by Freit.io, you acknowledge that you have read, understood, and agree to this Privacy Policy. Your privacy is our commitment, and we are dedicated to protecting your personal and health information with the highest standards of security and care.
© 2025 Care by Freit.io. All rights reserved.
Last Updated: July 5, 2025
Version: 2.0