Data Controller
Who is responsible for your data
1 CLICKAWAY is a hospital operations platform operated by Omer Ali Siddiq, based in Dubai, United Arab Emirates. We act as the data processor on behalf of hospital clients (who are the data controllers for their staff data), and as the data controller for data collected via our marketing website.
Contact for data requests: siddiqomer00@gmail.com ยท +971 55 602 7771
All data access, correction, or deletion requests are acknowledged within 24 hours and fulfilled within 72 hours.
Data We Collect
What information we process and why
We process two distinct categories of data depending on whether you are a visitor to our marketing website or a staff user of the operational platform.
| Category | Data fields | Purpose | Legal basis |
|---|---|---|---|
| Marketing website visitors | Name, email, hospital name, message (contact form); anonymised usage data via Google Analytics (page views, session duration, browser type) | Respond to demo requests; understand which content is useful | Legitimate interest |
| Hospital staff accounts | Full name, role, department, mobile number (optional); FCM device token for push notifications; login timestamps | Account authentication, request dispatch, push notifications | Contractual necessity (hospital service agreement) |
| Operational requests | Room number, language required, department, request status, timestamps at each stage | Dispatch, tracking, audit reporting for the hospital | Contractual necessity |
We do not collect or store patient data. 1 CLICKAWAY has no integration with clinical systems and never processes patient names, medical record numbers, diagnoses, or treatment information.
Retention
How long we keep data
| Data type | Retention period |
|---|---|
| Contact form submissions | 12 months from submission |
| Staff account data | Duration of hospital contract, then deleted within 30 days of termination |
| Operational request records | 12 months rolling; hospital can request export and full deletion at any time |
| Google Analytics data | 26 months (Google's default; controlled via Google Analytics settings) |
| Audit logs | 24 months to support compliance reporting |
Sub-Processors
Third parties we use to deliver the service
We share data only with the sub-processors listed below, each of whom processes data under a signed Data Processing Agreement and industry-standard security certifications.
| Sub-processor | Location | Purpose |
|---|---|---|
| Google LLC (Firebase) | United States | Primary operational datastore โ staff accounts, requests, audit logs |
| Google LLC (FCM) | United States | Push notifications to staff devices |
| Google LLC (Analytics) | United States | Marketing website analytics (anonymised) |
| Supabase Inc. | United States / EU edge | Serverless notification relay โ transient only, no persistent storage |
| Vercel Inc. | Global CDN | Hosting and delivery of the PWA application files |
| Formspree Inc. | United States | Contact form submissions on the marketing site only |
Data residency: Operational data is currently stored on Google Cloud infrastructure (United States). Hospitals with UAE or KSA data residency requirements should contact us before signing โ an Enterprise plan with Gulf-region hosting is available.
International Transfers
Transfers outside the UAE
Data processed by our sub-processors (listed above) is transferred to and stored in the United States and European Union. These transfers are made under Google's, Supabase's, and Vercel's standard contractual clauses and Data Processing Agreements, which provide appropriate safeguards as recognised under international data protection frameworks.
For hospital clients with strict UAE or KSA data residency policies, an Enterprise plan with Gulf-region infrastructure is available. Contact us before contract signature to discuss options.
Cookies & Analytics
How we use cookies on the marketing site
Our marketing website uses Google Analytics to collect anonymised information about how visitors interact with pages (which pages were viewed, session duration, browser type, country). This data is pseudonymised โ it is not linked to your name or identity.
- Analytics cookies are used on the marketing site only โ never inside the operational hospital app.
- No advertising or retargeting cookies are used.
- You can opt out of Google Analytics at any time via your browser settings or the Google Analytics Opt-out Browser Add-on.
Your Rights
Rights under UAE PDPL
Under Federal Decree-Law No. 45 of 2021 (UAE Personal Data Protection Law), you have the following rights regarding personal data we hold about you:
- Access โ request a copy of the personal data we hold about you.
- Correction โ request correction of inaccurate or incomplete data.
- Deletion โ request deletion of your data. We will fulfil deletion requests within 72 hours.
- Restriction โ request that we limit how we use your data in certain circumstances.
- Portability โ request your operational data in a structured, machine-readable format.
- Objection โ object to processing based on legitimate interest.
To exercise any of these rights, email siddiqomer00@gmail.com with the subject line "Data Request". We will acknowledge within 24 hours and respond fully within 30 days.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UAE Data Office (the designated supervisory authority under UAE PDPL).
Security
How we protect your data
- All data in transit is encrypted via HTTPS/TLS โ there is no unencrypted data path.
- Access to operational data is role-restricted โ each user can only see data within their assigned role.
- Sub-processors are SOC 2 Type II and ISO 27001 certified.
- No staff account can be self-registered โ all accounts are created by the hospital admin.
Policy Updates
Changes to this policy
We may update this Privacy Policy when our practices change or when required by law. If we make material changes, we will notify hospital clients by email at least 14 days before the changes take effect. The date at the top of this page reflects when the policy was last revised.