Privacy Notice

myAster (hereinafter referred to as “The Company”, “we”, “us”, “our”) is the “Data Controller” in respect of your Personal Data. The Company is myAster’s exclusive website/application that allows patients to avail myAster's healthcare services at the click of a button. The Company provides personalized care to patients leading to an improved digital healthcare experience.

We understand the importance of protecting the Personal Information of our customers (hereinafter referred to as “customer”, “you”, “user”, “Data Subject”). This Privacy Notice outlines how we Process any Personal Data collected from you by accessing, browsing and/or using the website/application. This Privacy Notice applies only to activities that a customer engages in on this website/application and does not apply to The Company’s activities that are “offline" or unrelated to the website.

Any Capitalized terms used in this Privacy Notice shall have the meanings ascribed to them under applicable Data Protection laws and regulations.

  • What Personal Data we collect
  • We collect the following categories of Personal Data:
  • Personal Identifiers: Full name, contact number, date of birth, gender, email address, physical address, address type, landmark area, city, state, visa status, country, passport, emirates id and nationality, location, family member’s personal data (name, gender, dob, relationship to the member, and the mobile number), insurance details, appointment details(date and time), audio and video interaction, output data from medical devices and sound and video files. Please note: In some situations, the mobile number and/or email address of the patient and a family member may be the same. This may occur when family members share contact details for convenience or accessibility, particularly in the case of dependents.
  • Patient Health Data: Prescriptions, lab reports, radiology reports, family member medical prescription
  • Account Login and Device Information: IP address, internet domain, browser type, device details, encrypted password etc.
  • Queries : Any Personal Information received via queries.
  • How and when we collect your Personal Data
  • The methods by which we collect your Personal Data include but are not limited to the following:
  • When you visit our website and engage in activities such as registering or login-in purposes,
  • When you make bookings or purchases (Medicines, Nutrition, Personal Care etc.),
  • When you make payments through the website including our online pharmacy, home delivery of medications,
  • When you opt for instant video consultations and home care services,
  • When you sign up for our rewards program,
  • When you communicate with us through Social Networking websites, Third-Party applications, or similar technologies.
  • Use of Your Personal Data
  • Your Personal Data may be used or Processed for various purposes including but not limited to the following:
  • https://www.myaster.com/ collects certain anonymous data regarding the usage of the website. This information does not personally identify users, by itself or in combination with other information, and is gathered to improve the performance of the website.
  • To allow new users to register on our website and/or allowing both new as well as existing users to make purchases,
  • To ensure smooth video consultation and maintain internal records,
  • To share the information with the central HIS systems.
  • To fulfill any bookings or orders made by you through our website,
  • To advertise the products and services of myAster and send you updates about new products, special offers, and other information that may interest you at the email address you provided,
  • To perform studies, research, and analysis for improving our information, services, and technologies and ensure that the content displayed is customized to your interests and preferences based on your feedback,
  • To administer or otherwise carry out our obligations in relation to any agreement you have with us,
  • To comply with legal and regulatory requirements, including responding to court orders, or legal processes, establishing or exercising our legal rights, defending against legal claims, and investigating, preventing, or taking action regarding illegal activities, suspected fraud, violations of our terms of use, breaches of our agreement with you, or as otherwise required by law.
  • Legal Basis for Processing of Your Personal Data
  • We will only Process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your Personal Data. In almost every case, the legal basis will be one of the following:
  • Consent: For example, where you have provided your consent to receive certain marketing/promotional messages from us or where you have provided your explicit consent for us to Process your data during live telemedicine consultation services under tele-MyAster.
  • Our Legitimate Interest: Where it is necessary for us to understand our customers, promote our services, and effectively provide services, provided in each case that this is done in a legitimate way that does not duly affect your privacy and other rights.
  • Compliance with law/agreement: Where we are subject to a legal obligation and need to use your Personal Information in order to comply with that obligation. For example, when you may purchase products/services from us, or book appointments we need to use your contact details and payment information in order to Process your order.
  • Vital Interests: In some limited cases, we may need to Process your Personal Information where it is necessary to protect your vital interests or the vital interests of another person.
  • We will always take steps to ensure that the Processing of your Personal Information is fair and lawful and that it does not unduly affect your privacy.
  • AI Usage
  • We may use Artificial Intelligence (AI) technologies to enhance healthcare services, including but not limited to supporting diagnostic processes, personalizing treatment recommendations, and automating certain administrative and clinical workflows. These tools are used in accordance with applicable legal and regulatory guidelines, and are subject to internal assessments to ensure accuracy, fairness, and patient safety.
  • Wherever applicable, separate and explicit consent will be obtained from individuals prior to the use of AI tools in Processing their health data or delivering AI-assisted healthcare services.
  • Children’s Privacy
  • We understand the importance of taking extra precautions to protect the privacy and safety of children using our website or services. Minors are not permitted to use the website or services, and we request that minors under the age of 18 do not submit any Personal Information to the website. Since information regarding minors under the age of 18 is not collected, we do not knowingly distribute Personal Information regarding minors under the age of 18. By accessing this website, you affirm and guarantee that you are 18 years of age or older. We hold no liability for any unsolicited information provided by you, and you consent to the usage of such information in accordance with this Privacy Notice. If we become aware that a person submitting Personal Data is under 18, we will delete all the information as soon as possible unless it is with the consent and involvement of a parent or guardian. If you believe we might have any information from or about a child under 18, please contact us via email at Privacy@asterdmhealtcare.com.
  • Term of storage of Personal Data
  • We take diligent measures to ensure that the Personal Information you provide us is retained only for as long as necessary for the purpose for which it was collected, and for satisfying any legal, accounting or reporting requirements or as required by any applicable law.
  • If you withdraw your consent from marketing, we will remove your credentials from the marketing database.
  • Sharing and transferring of Personal Data
  • Basis your consent, you authorize us to exchange, transfer, share, your Personal Data within the Company affiliates/agents/third party service providers/partners/authorities, Health Information Systems (HIS) and from your country to any other countries across the world for legal documentation, marketing purposes, or for providing our services for the purposes specified under this Notice or as may be required by applicable laws and regulations. This will be subject to applicable data localization measures, security measures and applicable regulatory measures.
  • Please note that, in line with regulatory requirements and basis your consent, all health-related data is securely shared with government-mandated Health Information Exchanges (HIEs) such as NABIDH, RIAYATI, MALAFFI and other applicable platforms to support better care coordination and public health outcomes.
  • You acknowledge that some countries where we may transfer your Personal Information may not have adequate data protection regime or laws that are as stringent as the laws of your own country. You acknowledge that it is adequate that when myAster transfers your Personal Information to any other entity within or outside your country of residence, myAster will place contractual obligations along with technical and organizational measures on the transferee which will oblige the transferee to adhere to the provisions of this Notice. Additionally, the principle of data localization is followed, where applicable, in accordance with UAE PDPL, 2021 and DIFC Data Protection Law. Thus, Personal Data is stored within the same jurisdiction as its collection to ensure the accuracy and integrity of the Personal Information.
    • Exceptions:
    • There are certain exceptions under which Patient Health Information can be transferred or shared outside the country of collection, by virtue of a decision issued by the Federal or local governmental Health authority in the State and after getting approval from the Dubai Health Authority or any other local Authority. Such exceptions include, but are not limited to:
    • Matters of public interest
    • Information that is already publicly available
    • Medical diagnosis, the provision of healthcare or social care, treatment, or health insurance services
    • Protection of the Data Subject’s vital interests
    • Compliance with legal obligations or the exercise of established rights in the areas of employment, social security, or social protection laws, as permitted under applicable legislation
    • Establishment, exercise, or defense of legal claims, including international judicial cooperation
    • Execution of a contract that serves the Data Subject’s interests
  • Your Rights and Control over your Personal Data
  • We will respect your Legal Rights in relation to your Personal Data. myAster is committed to protecting them and ensuring compliance if you wish to exercise any of the rights under the United Arab Emirates’ Personal Data Protection Law, 2021.
  • For Users in the UAE and DIFC
    • Right to Obtain Information - You have the right to request information about the Personal Data we hold about you at any time, including the Process of filing complaints with the UAE Data Office subject to exemptions.
    • Right of Data Portability - You have the right to request to get a copy of your data transferred to you or another party collected by us in a machine-readable and easy-to-read format.
    • Right of Correction - You have the right to request correction of your Personal Data if the information is incorrect, including the right to have incomplete Personal Data completed.
    • Right of Erasure - You have the right to get your Personal Data erased or removed at any time except:
      • If your request affects the investigation procedures, claims for rights and legal proceedings or defence by myAster.
      • Your request conflicts with other legislation to which myAster is subject.
    • Right to Restrict Processing - You have the right to restrict the Processing of your Personal Data if:
      • If you have asserted that your Personal Data is incorrect, myAster must restrict the Processing of such data pending the verification of the accuracy of the Personal Data.
      • If the Processing is unlawful.
      • If the Processing violates the purpose for which data was collected.
    • Right not to be subject to Automated Decision-Making - You have the right to not be subject to a decision solely based on automated Processing, including profiling, which produces legal effects or otherwise significantly affects you.
    • Right of Grievance Redressal - You have a right to Grievance Redressal where your exercise to request your rights is refused.
    • Right to withdraw consent - You have a right to withdraw consent at any time from further Processing your data.
  • To exercise any of your above-mentioned rights, please contact us at Privacy@asterdmhealtcare.com.
  • We will respond to your access request as soon as reasonably possible and/or as per the applicable timeframes laid down by the respective privacy laws/regulations. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing of the same as soon as practically possible. If we are unable to provide you with your Personal Information or to make a correction requested by you, we shall inform you of the reasons why we are unable to do so (except where we are not required to do so under the law).
  • Please note that depending on the request that is being made, we will only need to provide you with access to the Personal Information contained in the documents requested, and not to the entire documents themselves. For example, The Company may not be obliged to provide the employee with access to the disciplinary records, investigation reports, or decisions to terminate, that the organization has created for evaluative and/or investigative purposes of the employee.
  • You have the right to withdraw your consent at any point, provided such withdrawal of the consent is intimated to us in writing through an email at Privacy@asterdmhealtcare.com requesting the same. Once you withdraw your consent to share the Personal Data collected by us, we shall have the option not to fulfil the purposes for which the said Personal Data was sought, and we may restrict you from using our services or the website or parts of it as the case may be.
  • Security
  • The security of your Personal Information is important to us. We have adopted and maintained reasonable technical and organizational security measures and procedures including access governance and information sharing on a need-to-know basis, password protection, encryption etc. to ensure that the Personal Information collected is secure. We restrict access to your Personal Information to our and our affiliates’ employees, agents, third-party service providers, partners, and agencies on a need-to-know basis and are absolutely limited to the purposes specified above in this Notice.
  • Use of Cookies
  • Cookies are small bits of data cached in a user’s browser. myAster utilises cookies to determine whether or not you have visited the home page in the past. However, no other user information is gathered. We may use non-personal "aggregated data" to enhance the operation of our website or analyse interest in the areas of our website.
  • If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.
  • International Users and Personal Data
  • We welcome international users and respect their privacy. We encourage them to visit Aster Medical Travel (https://astermedicaltravel.ae) for details on how we handle the Personal Data.
  • Modifications to this Privacy Notice
  • The website Privacy Notice and terms & conditions would be changed or updated occasionally to meet the requirements and standards. Therefore, customers are encouraged to frequently visit these sections in order to be updated about the changes on the website. Modifications will be effective on the day they are posted and the date of this Privacy Notice of when it was last updated will appear at the top of this document.
  • Contact Us
  • If you have any questions regarding this Privacy Notice, you may contact our Group Data Protection Officer:
  • DPO Details: Privacy@asterdmhealtcare.com
  • Contact No - +971565037221
  • Or you can write to us at:
  • Official Address: 33rd Floor - Aspect Tower, Business Bay, P.O. Box: 8703 - Dubai - U.A.E