Make a payment
Make a payment
Privacy Policy
Last updated: 19 May 2026
This Privacy Policy explains how OHFTS, a company incorporated in the United Arab Emirates (“Company”, “we”, “us”, or “our”), collects, uses, stores, transfers, and otherwise processes personal data in connection with the coordination, facilitation, administration, and support of medical and healthcare-related services for individuals located in the European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”).

The Company acts primarily as an independent medical services facilitator and coordinator connecting patients with healthcare providers, clinics, hospitals, laboratories, insurers, transportation providers, accommodation providers, and related service partners.

This Privacy Policy is intended to comply with the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the UK GDPR, and applicable national data protection laws.
Data Controller
The data controller responsible for processing personal data under this Privacy Policy is:

OHFTS
FZ-LLC, 64 - Block C, Dubai Healthcare City, Dubai, UAE
Email: info@overseasmedicalcenter.com

Where required under Article 27 GDPR, the Company may appoint an EU representative.
Scope of This Policy
This Policy applies to personal data collected through:
  • our website(s);
  • online forms and portals;
  • messaging applications;
  • email communications;
  • telephone calls;
  • healthcare intake forms;
  • contracts and service agreements;
  • interactions with medical providers and partner organizations;
  • travel and logistics coordination activities; and
  • any other services provided by the Company.
Categories of Personal Data We Process
Depending on the nature of the services requested, we may process the following categories of personal data:
Identification Data
  • full name;
  • date of birth;
  • nationality;
  • passport or ID details;
  • photographs;
  • signatures.
Contact Data
  • email address;
  • phone number;
  • residential address;
  • emergency contact information.
Medical and Health Data
  • medical history;
  • diagnoses;
  • laboratory and imaging results;
  • prescriptions;
  • treatment plans;
  • physician reports;
  • disability information;
  • allergies;
  • insurance-related medical information.
Financial and Transaction Data
  • payment information;
  • billing details;
  • insurance details;
  • banking information where necessary.
Technical and Usage Data
  • IP addresses;
  • browser type;
  • device identifiers;
  • website interaction data;
  • cookies and analytics information.
Communication Data
  • correspondence records;
  • customer support requests;
  • call recordings where permitted by law.
Sources of Personal Data
We may collect personal data:

  • directly from the data subject;
  • from family members or authorized representatives;
  • from healthcare providers;
  • from insurance companies;
  • from employers or agencies acting on behalf of the data subject;
  • from publicly available sources where legally permitted; and
  • from business partners and referral intermediaries.

The Company may assume that any person providing another individual’s personal data is authorized to do so.
Purposes of Processing
We process personal data for the following purposes:
Service Provision
  • arranging and coordinating medical consultations and treatments;
  • facilitating communication with healthcare providers;
  • scheduling appointments;
  • organizing travel and accommodation related to medical services;
  • customer support and case management.
Contractual and Administrative Purposes
  • entering into and performing contracts;
  • billing and payment administration;
  • insurance coordination;
  • maintaining internal business records.
Legal and Compliance Purposes
  • compliance with applicable laws and regulations;
  • fraud prevention;
  • dispute resolution;
  • responding to lawful requests from authorities;
  • establishment, exercise, or defense of legal claims.
Business Operations
  • improving services;
  • analytics and internal reporting;
  • quality assurance;
  • risk management;
  • cybersecurity;
  • training and auditing.
Marketing and Communications
Where permitted by applicable law, we may use contact details to provide information about our services, offers, or updates. Data subjects may opt out at any time.
Legal Bases for Processing
We process personal data under one or more of the following legal bases:
Contractual Necessity
Processing necessary for the performance of a contract or to take steps prior to entering into a contract.
Legitimate Interests
Processing necessary for the legitimate interests pursued by the Company or third parties, including:
  • efficient administration of medical coordination services;
  • customer relationship management;
  • service improvement;
  • fraud prevention;
  • network and information security;
  • corporate restructuring and business continuity.

Where reliance is placed on legitimate interests, the Company considers that such interests are not overridden by the rights and freedoms of the data subject.
Legal Obligations
Processing necessary to comply with applicable legal obligations.
Consent
Where required by law, we rely on consent, particularly for certain categories of health-related data processing or marketing communications.

Consent may be withdrawn at any time; however, withdrawal does not affect the lawfulness of prior processing.
Medical and Healthcare Exceptions
Special category health data may be processed where necessary for:

  • preventive or occupational medicine;
  • medical diagnosis;
  • provision or management of healthcare systems and services;
  • public health purposes;
  • establishment, exercise, or defense of legal claims;
explicit consent where applicable.
Automated Decision-Making
The Company does not generally engage in solely automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR.

The Company may use automated tools for operational efficiency, triage support, fraud detection, analytics, and service optimization.
Data Sharing and Recipients
We may disclose personal data to:

  • hospitals and clinics;
  • physicians and healthcare professionals;
  • laboratories and pharmacies;
  • insurance companies;
  • travel and accommodation providers;
  • IT and cloud service providers;
  • payment processors;
  • professional advisers;
  • auditors;
  • regulatory authorities;
  • courts and law enforcement agencies;
  • affiliated companies and subcontractors.

The Company may share only the minimum personal data reasonably necessary for operational purposes, although complete medical records may be shared where necessary to facilitate treatment or healthcare evaluation.
International Transfers
Due to the international nature of our operations, personal data may be transferred to and processed in countries outside the EEA, UK, or Switzerland, including the United Arab Emirates and other jurisdictions that may not provide an equivalent level of data protection.

Where required under applicable law, the Company implements appropriate safeguards for international transfers, which may include:

Standard Contractual Clauses approved by the European Commission;
UK International Data Transfer Addendum;
contractual confidentiality obligations;
organizational and technical security measures.

The data subject acknowledges that healthcare coordination services may require international transfers of medical information between jurisdictions.
Data Retention
We retain personal data for as long as reasonably necessary for:
  • service provision;
  • compliance with legal obligations;
  • accounting and tax requirements;
  • dispute resolution;
  • evidentiary purposes;
  • protection of legal rights.

Retention periods may vary depending on:
  • the type of data;
  • applicable legal requirements;
  • limitation periods;
  • operational necessity.

The Company may retain limited information after service termination where necessary for legal, regulatory, fraud prevention, or recordkeeping purposes.

Security Measures
The Company implements commercially reasonable technical and organizational measures intended to protect personal data against:
  • unauthorized access;
  • accidental loss;
  • destruction;
  • alteration;
  • disclosure.

Such measures may include:
  • access controls;
  • encryption;
  • secure communication channels;
  • authentication procedures;
  • employee confidentiality obligations;
  • monitoring and logging systems.

No transmission or storage system can be guaranteed to be completely secure. The Company does not warrant absolute security.

Data Subject Rights
Subject to applicable legal limitations and exemptions, individuals may have the right to:

  • access personal data;
  • request rectification;
  • request erasure;
  • restrict processing;
  • object to processing;
  • data portability;
  • withdraw consent;
  • lodge a complaint with a supervisory authority.

The Company may refuse or limit requests where permitted under applicable law, including where requests are manifestly unfounded, excessive, infringe the rights of others, or conflict with legal obligations.

Requests may be submitted to: info@overseasmedicalcenter.com

The Company may require reasonable verification of identity before responding to requests.

Cookies and Tracking Technologies
Our websites may use cookies and similar technologies for:
  • website functionality;
  • analytics;
  • performance optimization;
  • security;
  • user preferences.

Users may manage cookie preferences through browser settings or cookie management tools where available.

Disabling cookies may affect website functionality.
Third-Party Websites and Services
Our services may contain links to third-party websites or platforms. The Company is not responsible for the privacy practices, content, or security of third-party services.

Use of third-party services is at the user’s own risk and subject to the relevant third party’s policies.
Children’s Data
The Company may process personal data relating to minors where necessary for the provision of healthcare coordination services and where permitted under applicable law.

Parents, guardians, or authorized representatives may provide information on behalf of minors.
Business Transfers
Personal data may be disclosed as part of:
  • mergers;
  • acquisitions;
  • financing transactions;
  • restructuring;
  • asset sales;
  • insolvency proceedings.

In such cases, personal data may be transferred as a business asset subject to applicable confidentiality and legal protections.
Limitation of Liability
To the maximum extent permitted by applicable law, the Company shall not be liable for:
  • indirect or consequential damages;
  • unauthorized acts of third parties;
  • failures attributable to healthcare providers or external partners;
  • events beyond reasonable control;
  • temporary interruptions or security breaches despite reasonable safeguards.

Nothing in this Policy excludes liability where exclusion is prohibited by law.
Changes to This Privacy Policy
The Company reserves the right to amend this Privacy Policy at any time.

Updated versions will become effective upon publication unless otherwise required by law.

Where legally required, we will provide additional notice or obtain consent for material changes.
Contact Information
Questions, requests, or complaints regarding this Privacy Policy or personal data processing may be directed to:

Data Protection Contact
OHFTS
FZ-LLC, 64 - Block C, Dubai Healthcare City, Dubai, UAE
Email: info@overseasmedicalcenter.com

If you are located in the EEA or UK, you may also have the right to lodge a complaint with your local supervisory authority.