Privacy Policy

How BioScalar Energy Center collects, uses, protects, and shares your personal data.

Effective date: 6/6/2026  ·  Last updated: 6/6/2026

Privacy Policy — BioScalar Energy Center
Please read carefully. By using the Website or our Services, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent — in particular for sensitive (health-related) data and certain marketing — we will ask for it separately and clearly, and you may withdraw it at any time.

1.Who we are & how to reach us

BioScalar Energy Center is the “Controller” responsible for your personal data under this Policy. You can contact us regarding privacy matters using the details below.

BioScalar Energy Center
595 Jumeira Street, Umm Suqeim, Dubai, United Arab Emirates
Email: info@bioscalarenergycentre.com
Phone / WhatsApp: +971 50 291 5908
Data Protection contact: bioscalar@icloud.com

2.Legal framework

We process personal data in accordance with the laws of the United Arab Emirates, including in particular:

  • Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and its Executive Regulations and any implementing decisions, as amended from time to time;
  • Federal Decree-Law No. 44 of 2021 establishing the UAE Data Office, the federal regulator for personal data;
  • Federal Law No. 2 of 2019 concerning the Use of Information and Communication Technology (ICT) in Health Fields, where applicable to health-related information; and
  • Federal Law No. 15 of 2020 on Consumer Protection and Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes, as relevant.

If you access the Website from outside the UAE, your data may also be protected by the laws of your own country. Where we offer Services to, or monitor the behaviour of, individuals in the European Economic Area or United Kingdom, we will, to the extent applicable, also act consistently with the EU/UK General Data Protection Regulation (GDPR). See Section 11 (International transfers) and Section 12 (Your rights).

3.Definitions

  • Personal data — any information relating to an identified or identifiable natural person.
  • Sensitive personal data — data revealing health, physical or mental condition, biometric or genetic data, and similar categories that warrant additional protection.
  • Processing — any operation performed on personal data, such as collection, recording, storage, use, disclosure, or deletion.
  • Controller — the party that determines the purposes and means of processing (i.e. BioScalar).
  • Processor — a third party that processes personal data on our behalf and under our instructions.
  • Data subject / you — the individual to whom the personal data relates.

4.The personal data we collect

We collect the categories of personal data described below. Not all of these will apply to every individual; what we collect depends on how you interact with us.

  • Identity & contact data — full name, title, date of birth, gender, email address, phone/WhatsApp number, postal address, nationality or country of residence.
  • Booking & appointment data — sessions requested or booked, dates and times, attendance, preferences, and notes related to your appointments.
  • Health & wellness data (sensitive) — information you share so we can deliver Services safely and appropriately, such as health history, symptoms, conditions, medications, pregnancy status, lifestyle information, wellness goals, and outputs from sessions including QEEG brain-mapping data, neurofeedback metrics, scan results, and intake/consultation forms.
  • Transaction & payment data — records of products or services purchased, amounts, invoices, and order history. Card and payment-instrument details are handled by our payment processor; we do not store full card numbers.
  • Communications — the content of messages you send us by email, web form, WhatsApp, phone, or social media, and our responses.
  • Marketing preferences — your consent or objection to receiving newsletters, offers, and other communications.
  • Technical & usage data — IP address, device and browser type, operating system, approximate location, pages viewed, referring URLs, and interactions with the Website, collected via cookies and similar technologies (see Section 8).
A note on our Services. Our Services are provided for wellness and educational purposes and are not a substitute for medical diagnosis, treatment, or advice. Any health information you provide is used to help us deliver Services responsibly and to advise you to consult a qualified healthcare provider where appropriate. Please also review the disclaimer published on our Website.

5.How we collect your data

  • Directly from you — when you fill in a contact, booking, or intake form, make a purchase, speak with us, message us on WhatsApp, subscribe to communications, or attend a session.
  • Automatically — through cookies and similar technologies when you use the Website (see Section 8).
  • From third parties — for example our booking, payment, and website-hosting providers, or where you are referred by another person or practitioner (with the appropriate authority).

6.Why we process your data & our legal bases

We process personal data only where we have a lawful basis to do so. Depending on the situation, our bases include your consent, the performance of a contract with you (or steps taken at your request before entering one), compliance with a legal obligation, and our legitimate interests in operating and improving our business, where these are not overridden by your rights. In practice we process your data for the following purposes:

  • To respond to enquiries and communicate with you — based on your consent, steps taken prior to a contract, or our legitimate interests.
  • To manage bookings and deliver the Services — based on the performance of our contract with you, and on your consent for any health data involved.
  • To process payments and keep transaction records — based on the performance of our contract and our legal obligations.
  • To keep records and meet accounting, tax, and regulatory duties — based on our legal obligations.
  • To send marketing and newsletters (where you have opted in) — based on your consent.
  • To secure, maintain, analyse, and improve the Website — based on our legitimate interests, and on your consent for non-essential cookies.
  • To establish, exercise, or defend legal claims — based on our legitimate interests and legal obligations.

7.Sensitive (health-related) data & explicit consent

Some of our Services require us to process sensitive personal data about your health and wellbeing. We treat this information with heightened care and:

  • collect only what is necessary to provide the Services safely and appropriately;
  • process it on the basis of your explicit consent (or another lawful basis permitted under the applicable health-data and data-protection laws);
  • restrict access to authorised personnel who need it to perform their role;
  • apply additional security and confidentiality safeguards; and
  • do not use it for marketing or share it for unrelated purposes without your separate, specific consent.

You may withdraw your consent to the processing of sensitive data at any time (see Section 12). Withdrawal will not affect processing carried out before withdrawal, and in some cases may mean we are unable to continue providing a particular Service.

8.Cookies & similar technologies

The Website is hosted on the Squarespace platform and uses cookies and similar technologies to function, to remember your preferences, to enable shopping-cart and booking features, and to understand how the Website is used. Cookies fall into broad categories:

  • Strictly necessary — required for core functionality such as security, cart, and checkout. These do not require consent.
  • Functional — remember your choices and preferences.
  • Analytics & performance — help us understand usage so we can improve the Website.
  • Marketing — used to measure and tailor promotional activity, where applicable.

Where required, we ask for your consent to non-essential cookies before they are set, and you can change your preferences or withdraw consent at any time through the cookie controls on the Website or your browser settings. Blocking some cookies may affect how the Website works.

9.How we share your data

We do not sell your personal data. We share it only as needed and with appropriate safeguards, including with:

  • Service providers / processors acting on our behalf — for example website hosting and platform services (Squarespace), payment processing, booking and scheduling tools, email and communications providers (including WhatsApp/Meta when you contact us there), and analytics providers. These parties may only process data under our instructions and confidentiality obligations.
  • Professional advisers — such as accountants, auditors, insurers, and lawyers, where necessary.
  • Authorities and regulators — where required to comply with the law, a court order, or a lawful request, or to protect our rights, safety, or property.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate protections.

10.International transfers

Some of our service providers (including our website platform and certain communications and analytics tools) operate or store data outside the UAE. Where we transfer personal data across borders, we do so in accordance with the PDPL and only where there is an adequate level of protection or appropriate safeguards are in place — for example a determination of adequacy, approved contractual clauses, or your explicit consent after being informed of any risks. You may contact us for more information about the safeguards we apply.

11.How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, including to provide the Services, maintain our records, and comply with legal, accounting, tax, and regulatory obligations. Retention periods vary by data type — for example, health-related records and transaction records may be kept for the minimum periods required by applicable UAE law. When data is no longer needed, we securely delete or anonymise it.

12.Your rights

Subject to the conditions and exceptions in applicable law, you have the right to:

  • Access the personal data we hold about you and obtain information about how we process it;
  • Rectify inaccurate or incomplete data;
  • Erase your data (the “right to be forgotten”) in certain circumstances;
  • Restrict or object to certain processing, including direct marketing;
  • Data portability — receive certain data in a structured, machine-readable format or have it transferred to another controller where technically feasible;
  • Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing; and
  • Object to automated decision-making that produces legal or similarly significant effects (see Section 13).

To exercise any of these rights, contact us using the details in Section 1. We may need to verify your identity before responding, and we will respond within the period required by applicable law. Exercising your rights is free of charge in ordinary circumstances.

13.Automated decision-making & profiling

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a lawful basis. Where any such processing occurs, you have the right to request human intervention, to express your point of view, and to contest the decision.

14.Children's privacy

The Website and Services are intended for adults. We do not knowingly collect personal data from children without the consent of a parent or legal guardian. Where a Service is provided to a minor, we require the involvement and consent of a parent or guardian. If you believe a child has provided us with personal data without appropriate consent, please contact us so we can take appropriate action.

15.Data security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, loss, alteration, or disclosure — including access controls, encryption in transit where appropriate, and limiting access to authorised personnel. No method of transmission or storage is completely secure; however, we maintain procedures to manage any suspected data breach and will notify you and the relevant authority where required by law.

16.Third-party links

The Website may contain links to third-party websites, tools, or services that we do not control. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review their privacy notices before providing personal data.

17.Marketing communications

Where you have opted in, we may send you newsletters, offers, and information about our Services. You can opt out at any time by using the unsubscribe link in our emails, replying to ask us to stop, or contacting us using the details in Section 1.

18.Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top indicates when it was last revised. Where changes are material, we will take reasonable steps to notify you. Your continued use of the Website or Services after an update constitutes acknowledgement of the revised Policy.

19.Complaints & how to contact us

If you have any questions, requests, or concerns about how we handle your personal data, please contact us first using the details in Section 1 — we aim to resolve matters promptly.

If you are not satisfied, you have the right to lodge a complaint with the relevant supervisory authority. In the UAE, this is the UAE Data Office. If you are located in another jurisdiction, you may also be able to complain to your local data protection authority.