Complex treatments
for your beauty
for your beauty
PRIVACY POLICY (PDPL UAE)
This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") describes how your personal data is processed when using the solar-beauty.ae website (hereinafter referred to as the "Website"). This Policy has been prepared in accordance with the UAE Personal Data Protection Law (PDPL) and related regulations.
1. Data Controllers and contact details
The Site is a unified platform of two independent data controllers (hereinafter collectively referred to as the “Companies”, and individually as the “Company”):
— SOLAR MEDICAL CLINIC LLC (hereinafter referred to as “MEDICAL CLINIC”), Trade License No. 1374404.
— KRASOTA BEAUTY SALON LLC (hereinafter referred to as “BEAUTY SALON”), Trade License No. 1239386.
Single service address: Al Merkadh, Sobha Hartland Waves, Dubai, UAE.
Contact information for inquiries: Solar.clinic.ae@gmail.com | +971 50 734 5432.
Each Company independently determines the purposes and means of processing within its category of services; however, the Companies may exchange data with each other to the extent necessary for unified customer service and the functioning of the Site (see Section 6).
2. Scope and consent
This Policy applies to all personal data collected through the Website, registration forms, messaging apps, telephone, and at the reception desk. By using the Website, you acknowledge that you have read and understood this Policy. Marketing communications and optional cookies require separate opt-in consent with the ability to unsubscribe/revoke.
3. Categories of data we process
3.1. Identification and contact information: first name, last name, telephone number, email; address, if necessary.
3.2. Recording and service provision data: selected services, time of visit, request history, payment details.
3.3. Website activity data: IP address, device identifiers, browser/OS type, pages and events, cookies/similar technologies.
3.4. Medical/health-related data (for the Clinic only): health questionnaire, medical history, before/after photos, medical reports – processed on the basis of explicit consent and/or as part of the provision of medical services in accordance with applicable law.
3.5. Payment data: masked card details (last 4 digits, brand), payment profile token/ID, transaction status, amount/currency, date/time. Full card details (PAN, expiration date, cardholder name) and CVV/CVC are not processed by us and are transmitted directly to the payment provider.
3.6. Communications: requests, reviews, correspondence (email, instant messengers), call recordings if there is a notification.
4. Purposes and legal basis for processing
4.1. Contract execution/service provision: recording, reminders, billing, issuing invoices/checks, post-procedure recommendations.
4.2. Compliance with the law: requirements of the PDPL, tax/accounting regulations, regulators of the Emirate of Dubai (including in the medical field).
4.3. Legitimate interests: development and security of the Site, protection from fraud, protection of the rights of Companies and users.
4.4. Consent: marketing communications (email/SMS/WhatsApp), optional cookies, publishing reviews/before/after content.
4.5. Clinic's medical data: explicit consent and/or other grounds provided by applicable law for the provision of medical services.
5. Cookies and similar technologies
We use cookies/SDKs/pixels for analytics, personalization, and marketing. Optional categories are activated only with your consent via the banner/settings. You can change your preferences at any time; disabling them may affect the functionality of the Website.
5-A. Payment details and payment security (Stripe)
5-A.1. Online payments for services and purchases of gift certificates on the Website are processed through the payment provider Stripe. Card data (PAN, expiration date, cardholder name, CVV/CVC) is transferred directly to Stripe via secure channels (TLS).
5-A.2. We do not store full payment card details or CVV/CVC on our servers. For repeat payments, a token/payment profile identifier generated by Stripe may be used; we only store the token and masked details (card brand, last 4 digits).
5-A.3. Stripe is PCI DSS Level 1 certified and implements fraud prevention measures including 3-D Secure/3DS 2.0 (if supported by the issuing bank).
5-A.4. Legal grounds for processing payment data: contract performance (payment for services/certificates), compliance with the law (accounting/taxes/AML requirements), legitimate interests (payment security, settlement of disputed transactions).
5-A.5. Storage periods: payment and invoice information (excluding full card data) — at least **5 years** or another period required by UAE law; payment tokens — until the client revokes/deletes the account or terminates the contractual relationship with Stripe.
5-A.6. Refunds and chargebacks: Refunds for cancellations/complaints are processed via Stripe to the original payment method within the timeframe and according to the procedure specified in the Offer/Cancellation and Refund Policy. Chargeback requests are processed according to the payment system rules.
5-A.7. Cross-Border Transfers: Stripe's infrastructure may be located outside the UAE. Data transfers are subject to Section 7. Cross-Border Transfers.
5-A.8. Your responsibility: do not share one-time passwords/confirmation codes with third parties and ensure the confidentiality of your device/browser.
6. Data transfer and joint processing
6.1. Processors: hosting providers, payment gateways (including Stripe), CRM/communications, analytics, antifraud, IT support - under data processing agreements.
6.2. Between the Companies: Data exchange between the Clinic and the Salon is permitted to the extent necessary for scheduling, visit administration, customer service, security, and accounting/tax purposes; the parties remain separate controllers.
6.3. Government agencies: upon legal request, subject to established procedures.
7. Cross-border transfer
Data transfers outside the UAE are subject to the availability of an adequate level of protection in the recipient country and/or based on contractual mechanisms stipulated by the PDPL. This also applies to data transfers to Stripe and related services.
8. Storage periods
— Account data and records — up to 3 years from the date of last interaction, unless otherwise required by law.
— Clinic medical records — within the timeframes established by applicable UAE medical and archival regulations.
— Financial/accounting documents — at least 5 years or another period required by tax law.
After the expiration of the deadline, the data is deleted/anonymized within a reasonable time.
9. Security and incident notifications
We implement organizational and technical measures, including access restrictions, encryption during transmission, segmentation, access auditing, staff training, and antivirus/EDR. We will notify you and (where required) the regulator of any significant security breaches affecting your rights and freedoms without undue delay, within the timeframes established by the PDPL.
10. Data subject rights and how to exercise them
You have the rights to access, rectify, delete, restrict, transfer, object, and revoke consent. You can send your request to Solar.clinic.ae@gmail.com . We will respond within the PDPL deadlines, usually within 30 days.
For marketing/newsletters, you can revoke your consent via the "unsubscribe" link or by writing to us; this does not affect the lawfulness of the processing prior to the revocation.
For the Clinic's medical data, certain restrictions on rights may apply by law (e.g., retention of documentation).
11. Data of minors
This website is intended for users 18+. Minors' data is processed only with the participation of a legal representative and within the scope of providing relevant services in accordance with UAE law.
12. Changes to the Policy
We may update the Policy. The new version is effective upon publication on the Website. The date of the last update is indicated at the top.
13. Contact information for inquiries
Email: solar.clinic.ae@gmail.com
Phone: +971 50 734 5432
Postal address: Al Merkadh, Sobha Hartland Waves, Dubai, UAE
If your request remains unresolved, you have the right to appeal to the UAE Data Protection Authority.
1. Data Controllers and contact details
The Site is a unified platform of two independent data controllers (hereinafter collectively referred to as the “Companies”, and individually as the “Company”):
— SOLAR MEDICAL CLINIC LLC (hereinafter referred to as “MEDICAL CLINIC”), Trade License No. 1374404.
— KRASOTA BEAUTY SALON LLC (hereinafter referred to as “BEAUTY SALON”), Trade License No. 1239386.
Single service address: Al Merkadh, Sobha Hartland Waves, Dubai, UAE.
Contact information for inquiries: Solar.clinic.ae@gmail.com | +971 50 734 5432.
Each Company independently determines the purposes and means of processing within its category of services; however, the Companies may exchange data with each other to the extent necessary for unified customer service and the functioning of the Site (see Section 6).
2. Scope and consent
This Policy applies to all personal data collected through the Website, registration forms, messaging apps, telephone, and at the reception desk. By using the Website, you acknowledge that you have read and understood this Policy. Marketing communications and optional cookies require separate opt-in consent with the ability to unsubscribe/revoke.
3. Categories of data we process
3.1. Identification and contact information: first name, last name, telephone number, email; address, if necessary.
3.2. Recording and service provision data: selected services, time of visit, request history, payment details.
3.3. Website activity data: IP address, device identifiers, browser/OS type, pages and events, cookies/similar technologies.
3.4. Medical/health-related data (for the Clinic only): health questionnaire, medical history, before/after photos, medical reports – processed on the basis of explicit consent and/or as part of the provision of medical services in accordance with applicable law.
3.5. Payment data: masked card details (last 4 digits, brand), payment profile token/ID, transaction status, amount/currency, date/time. Full card details (PAN, expiration date, cardholder name) and CVV/CVC are not processed by us and are transmitted directly to the payment provider.
3.6. Communications: requests, reviews, correspondence (email, instant messengers), call recordings if there is a notification.
4. Purposes and legal basis for processing
4.1. Contract execution/service provision: recording, reminders, billing, issuing invoices/checks, post-procedure recommendations.
4.2. Compliance with the law: requirements of the PDPL, tax/accounting regulations, regulators of the Emirate of Dubai (including in the medical field).
4.3. Legitimate interests: development and security of the Site, protection from fraud, protection of the rights of Companies and users.
4.4. Consent: marketing communications (email/SMS/WhatsApp), optional cookies, publishing reviews/before/after content.
4.5. Clinic's medical data: explicit consent and/or other grounds provided by applicable law for the provision of medical services.
5. Cookies and similar technologies
We use cookies/SDKs/pixels for analytics, personalization, and marketing. Optional categories are activated only with your consent via the banner/settings. You can change your preferences at any time; disabling them may affect the functionality of the Website.
5-A. Payment details and payment security (Stripe)
5-A.1. Online payments for services and purchases of gift certificates on the Website are processed through the payment provider Stripe. Card data (PAN, expiration date, cardholder name, CVV/CVC) is transferred directly to Stripe via secure channels (TLS).
5-A.2. We do not store full payment card details or CVV/CVC on our servers. For repeat payments, a token/payment profile identifier generated by Stripe may be used; we only store the token and masked details (card brand, last 4 digits).
5-A.3. Stripe is PCI DSS Level 1 certified and implements fraud prevention measures including 3-D Secure/3DS 2.0 (if supported by the issuing bank).
5-A.4. Legal grounds for processing payment data: contract performance (payment for services/certificates), compliance with the law (accounting/taxes/AML requirements), legitimate interests (payment security, settlement of disputed transactions).
5-A.5. Storage periods: payment and invoice information (excluding full card data) — at least **5 years** or another period required by UAE law; payment tokens — until the client revokes/deletes the account or terminates the contractual relationship with Stripe.
5-A.6. Refunds and chargebacks: Refunds for cancellations/complaints are processed via Stripe to the original payment method within the timeframe and according to the procedure specified in the Offer/Cancellation and Refund Policy. Chargeback requests are processed according to the payment system rules.
5-A.7. Cross-Border Transfers: Stripe's infrastructure may be located outside the UAE. Data transfers are subject to Section 7. Cross-Border Transfers.
5-A.8. Your responsibility: do not share one-time passwords/confirmation codes with third parties and ensure the confidentiality of your device/browser.
6. Data transfer and joint processing
6.1. Processors: hosting providers, payment gateways (including Stripe), CRM/communications, analytics, antifraud, IT support - under data processing agreements.
6.2. Between the Companies: Data exchange between the Clinic and the Salon is permitted to the extent necessary for scheduling, visit administration, customer service, security, and accounting/tax purposes; the parties remain separate controllers.
6.3. Government agencies: upon legal request, subject to established procedures.
7. Cross-border transfer
Data transfers outside the UAE are subject to the availability of an adequate level of protection in the recipient country and/or based on contractual mechanisms stipulated by the PDPL. This also applies to data transfers to Stripe and related services.
8. Storage periods
— Account data and records — up to 3 years from the date of last interaction, unless otherwise required by law.
— Clinic medical records — within the timeframes established by applicable UAE medical and archival regulations.
— Financial/accounting documents — at least 5 years or another period required by tax law.
After the expiration of the deadline, the data is deleted/anonymized within a reasonable time.
9. Security and incident notifications
We implement organizational and technical measures, including access restrictions, encryption during transmission, segmentation, access auditing, staff training, and antivirus/EDR. We will notify you and (where required) the regulator of any significant security breaches affecting your rights and freedoms without undue delay, within the timeframes established by the PDPL.
10. Data subject rights and how to exercise them
You have the rights to access, rectify, delete, restrict, transfer, object, and revoke consent. You can send your request to Solar.clinic.ae@gmail.com . We will respond within the PDPL deadlines, usually within 30 days.
For marketing/newsletters, you can revoke your consent via the "unsubscribe" link or by writing to us; this does not affect the lawfulness of the processing prior to the revocation.
For the Clinic's medical data, certain restrictions on rights may apply by law (e.g., retention of documentation).
11. Data of minors
This website is intended for users 18+. Minors' data is processed only with the participation of a legal representative and within the scope of providing relevant services in accordance with UAE law.
12. Changes to the Policy
We may update the Policy. The new version is effective upon publication on the Website. The date of the last update is indicated at the top.
13. Contact information for inquiries
Email: solar.clinic.ae@gmail.com
Phone: +971 50 734 5432
Postal address: Al Merkadh, Sobha Hartland Waves, Dubai, UAE
If your request remains unresolved, you have the right to appeal to the UAE Data Protection Authority.
Services
About Us
© 2026
All rights reserved
All rights reserved
