Who We Are
Dr. Bravo Plastic Surgery is operated by Dr. Miguel Bravo, European Board-Certified Plastic Surgeon, practicing at Elyzee Hospital, Al Khaleej Al Arabi Street, Mushrif, Abu Dhabi, United Arab Emirates. Throughout this policy, references to "we", "us", or "our" refer to this practice.
How to Contact Us
Phone / WhatsApp: +971 58 670 5466
Email: info@drbravoplasticsurgery.com
Address: Elyzee Hospital, Al Khaleej Al Arabi St, Mushrif, Abu Dhabi, UAE
Applicable Laws
As a practice based in the United Arab Emirates, we comply with the UAE Personal Data Protection Law (PDPL, Federal Decree-Law No. 45 of 2021) and its implementing regulations, as well as the UAE ICT Health Data Law (Federal Law No. 2 of 2019) for clinical health records. We also respect the Abu Dhabi Department of Health requirements, including participation in the Malaffi Health Information Exchange.
What We Collect
A) Website contact and consultation forms: When you submit an enquiry or book a consultation through our website, we collect the information you provide, which typically includes your name, phone or WhatsApp number, email address, and the content of your message. These submissions are processed by our customer relationship management platform (LeadConnector / GoHighLevel) to manage your enquiry.
B) WhatsApp messaging: If you contact us via WhatsApp, your phone number and message content are processed by WhatsApp (Meta Platforms) in accordance with their privacy policy to deliver the conversation.
C) Usage data and cookies: We collect device and browser information, pages viewed, referral sources, approximate geographic location, and interaction events (such as clicks and scrolls). We may use Google Analytics 4 for this purpose, which does not log or store full IP addresses and derives only coarse geolocation data.
D) Clinical records: If you proceed to an in-person consultation or treatment, your clinical record is created and maintained within the Elyzee Hospital electronic medical records system. In Abu Dhabi, healthcare providers participate in the Malaffi Health Information Exchange (an Abu Dhabi Department of Health initiative) for secure, real-time sharing of clinical data between authorised providers.
How We Use Your Data
We use the information we collect to respond to your enquiries and schedule consultations; to prepare for your care and, once you are seen, to create and update your clinical record; to operate, secure, and improve our website and forms; to analyse website usage in aggregate so we can improve content and navigation; to send follow-up communications or marketing messages only where you have given consent; and to meet our legal, regulatory, and professional obligations.
Legal Bases Under the PDPL
Depending on the context, we process your personal data on the basis of your consent (for example, when you choose to submit a contact form or opt in to marketing communications); performance of a contract or pre-contractual steps (such as scheduling a consultation or responding to your enquiry); compliance with a legal obligation (including health record retention requirements); and public interest or public health grounds where applicable to clinical data. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Cookies and Consent
We use strictly necessary cookies to maintain site security and core functionality. With your consent, we may also use analytics, functional, or advertising cookies as indicated by your selections in our cookie consent banner. You can update your preferences at any time through the cookie settings link in our website footer.
Sharing and Recipients
Hospital and care team: If you proceed to treatment, relevant information is shared with Elyzee Hospital for clinical use and record-keeping. Abu Dhabi providers exchange clinical data through the Malaffi Health Information Exchange in accordance with Department of Health policy.
Service providers: We use vetted third-party vendors to host and operate our website and communications. These include Framer for website hosting, LeadConnector (GoHighLevel) for form processing and customer relationship management, WhatsApp (Meta) for messaging, and Google for analytics. Each provider processes data on our behalf under appropriate agreements.
Legal and compliance: We may disclose personal data where required by law, or to establish, exercise, or defend legal claims. We do not sell personal data.
International Transfers
Because some of our service providers are global companies, your data may be transferred outside the United Arab Emirates. Where such transfers occur, we follow the cross-border transfer mechanisms provided for under the PDPL, including adequacy determinations, appropriate contractual safeguards, or your explicit consent where applicable.
Data Retention
Clinical health records: Retained for not less than 25 years from the date of your last health procedure, as required by Article 20 of the UAE ICT Health Data Law, under the management of Elyzee Hospital.
Website enquiries: Typically retained for 24 months from your last interaction, or sooner upon your request, unless a longer period is required by law or to resolve a dispute.
Cookie consent records: Retained by the consent management platform to demonstrate compliance.
Your Privacy Rights
Subject to any legal exceptions, you have the right to access your personal data or request a copy; to correct or erase your personal data; to restrict or object to processing, including the right to stop receiving marketing communications; to object to decisions made solely by automated means that produce legal or similarly significant effects; and to receive information about our processing activities. To exercise any of these rights, please contact us using the details above. You also have the right to lodge a complaint with the UAE Data Office, the federal data protection regulator.
Security
We apply appropriate technical and organisational measures to protect your personal data, including encryption, access controls, activity logging, and least-privilege principles. We require our service providers to implement comparable safeguards, in line with the PDPL expectation that controllers and processors ensure security appropriate to the level of risk.
WhatsApp, Email, and Uploads
WhatsApp provides end-to-end encryption for messages; however, metadata and device information may still be processed under WhatsApp's own privacy policy. We recommend that you avoid sharing highly sensitive clinical details over chat. We will collect detailed clinical information directly during your in-person consultation and store it securely within the hospital records system.
Children
We do not knowingly collect personal information from individuals under the age of 18 through our website forms. Clinical care for minors is arranged directly with appropriate parental or guardian consent.
Before-and-After Images and Testimonials
We publish patient photographs and testimonials only with written consent and take steps to de-identify each case. You may withdraw your consent for website use of images at any time; however, removal from the website does not affect our obligation to retain the clinical record itself.
Changes to This Policy
We may update this policy from time to time to reflect changes in our services, applicable laws, or regulatory guidance. The effective date at the top of this page indicates the latest revision.
Data Controller
For website interactions and pre-consultation enquiries, the data controller is Dr. Bravo Plastic Surgery (contact details above). For treatment provided at Elyzee Hospital, your clinical record falls under the hospital's data management policies and Abu Dhabi Malaffi participation requirements.
