Medicalocation – GDPR-Compliant Privacy Policy
Effective Date: [22.08.2025]
Last Updated: [22.08.2025]
Medicalocation (“we,” “our,” “us”) is committed to protecting your personal data and ensuring your privacy in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the ePrivacy Directive, and applicable national laws.
This Privacy Policy explains what personal data we collect, why we collect it, how we process it, how long we keep it, who we share it with, and your rights under European law.
⸻
1. Data Controller and Contact Information
Data Controller: Medicalocation
Email: info@medicalocation.com
Address:
Phone:
⸻
2. Definitions
For the purposes of this policy:
•“Personal Data”: Any information relating to an identified or identifiable natural person (Art. 4(1) GDPR).
•“Processing”: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion (Art. 4(2) GDPR).
•“Data Subject”: You, the individual whose personal data is being processed.
•“Special Categories of Data”: Sensitive data such as health information, processed under Art. 9 GDPR.
⸻
3. Categories of Personal Data We Collect
We may collect and process the following data:
1.Identification Data
•Name, surname, date of birth, gender, nationality, passport/ID number.
2.Contact Information
•Email address, phone number, residential address.
3.Health Data (Special Category) – only processed with explicit consent (Art. 9(2)(a))
•Medical history, diagnoses, treatment plans, test results, medical images.
4.Financial Data
•Billing details, payment information, transaction history.
•Note: We do not store complete credit/debit card details; payments are processed securely via PCI-DSS compliant providers.
5.Technical Data
•IP address, device type, operating system, browser type, access logs, cookies, and similar technologies.
6.Communication Data
•Records of emails, chat messages, or calls with our support team.
⸻
4. How We Collect Your Data
•Directly from you when you register, complete forms, request consultations, or communicate with us.
•From healthcare providers when you authorize sharing of your medical records.
•Automatically through cookies, analytics tools, and tracking technologies when you use our website/app.
⸻
5. Purposes and Legal Basis for Processing
We process your data for:
1.Service Provision (Art. 6(1)(b))
•To connect patients with healthcare providers, arrange consultations, and manage bookings.
2.Legal Compliance (Art. 6(1)(c))
•To meet obligations under medical, tax, and consumer protection laws.
3.Legitimate Interests (Art. 6(1)(f))
•To improve services, ensure network security, and prevent fraud.
4.Explicit Consent (Art. 9(2)(a))
•Required for processing health data and for marketing communications.
⸻
6. Data Sharing and Recipients
We may share your personal data with:
•Partner hospitals and licensed doctors (only with your consent).
•Payment processors for secure transactions.
•IT, cloud, and security service providers.
•Regulators, courts, or law enforcement where legally required.
International Transfers:
If data is transferred outside the European Economic Area (EEA), we use safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions (Art. 45 GDPR), or Binding Corporate Rules (BCRs).
⸻
7. Data Retention
We retain data only as long as necessary:
•Medical records: 5 years (or longer if required by local healthcare laws).
•Transaction and billing data: 10 years (for accounting and tax compliance).
•Account data: Until you request deletion or 2 years of inactivity.
⸻
8. Your Rights Under GDPR
You have the following rights:
•Right of Access (Art. 15) – Obtain a copy of your personal data.
•Right to Rectification (Art. 16) – Correct inaccurate or incomplete data.
•Right to Erasure (Art. 17) – Request deletion of your data.
•Right to Restriction (Art. 18) – Limit processing in certain situations.
•Right to Data Portability (Art. 20) – Receive your data in a machine-readable format.
•Right to Object (Art. 21) – Oppose processing based on legitimate interest.
•Right to Withdraw Consent (Art. 7(3)) – Withdraw at any time without affecting prior lawful processing.
•Right to Lodge a Complaint – With your local Data Protection Authority (DPA).
⸻
9. Security Measures
We use technical and organisational measures such as:
•End-to-end encryption for medical data transfers.
•Secure GDPR-compliant cloud hosting.
•Role-based access controls and multi-factor authentication.
•Regular vulnerability assessments and penetration testing.
⸻
10. Cookies and Tracking
We use:
•Essential cookies – Required for core functionality.
•Analytics cookies – To improve performance (Google Analytics, anonymized IPs).
•Marketing cookies – Only with your consent.
You can manage or disable cookies in your browser settings.
⸻
11. Children’s Privacy
Our services are not directed to children under 16 years old. We process children’s data only with parental/guardian consent, in compliance with Art. 8 GDPR.
⸻
12. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, unless required for medical matching — and then only with your explicit consent.
⸻
13. Changes to This Policy
We may update this policy periodically. All changes will be posted with the updated Effective Date.
⸻
Contact for Data Protection Matters:
Email: info@medicalocation.com
Postal: [Insert Address]
Phone: [Insert Number]