Privacy Policy

1. Collection of Medical Personal Data


We only collect the following necessary medical-related personal data to facilitate your health checkup or medical tourism service:

  • Basic identity information (name, nationality, passport/ID number, contact details)
  • Medical history, health conditions, and test results provided by you or the medical institution
  • Appointment records and service coordination details

All medical data is collected with your explicit consent and solely for the purpose of delivering the agreed medical services.

2. Purpose of Processing Medical Data


Your medical data will be processed only for the following legitimate purposes:

  • To coordinate with medical institutions for your health checkup or treatment arrangement
  • To provide English interpretation and service support during your medical visit
  • To comply with legal and regulatory requirements of relevant medical institutions and authorities
  • To improve our service quality (with anonymized data only)

We will not use your medical data for marketing, advertising, or any other purpose without your separate written consent.

3. Sharing of Medical Data


Your medical data will only be shared with the following parties, and under strict confidentiality obligations:

  • The medical institution(s) you select for the purpose of performing the health checkup or treatment
  • Authorized third-party service providers (e.g., interpreters, logistics partners) who are bound by GDPR-compliant data processing agreements
  • Regulatory authorities when required by law

We will never sell, rent, or disclose your medical data to any other third parties for commercial purposes.

4. Data Subject Rights Under GDPR


In accordance with the General Data Protection Regulation (GDPR), you have the following rights regarding your medical data:

  • Right of access: Request a copy of the medical data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete medical data
  • Right to erasure: Request deletion of your medical data (subject to legal retention requirements)
  • Right to restrict processing: Request limitation of processing your medical data under specific circumstances
  • Right to data portability: Request transfer of your medical data to another controller (where technically feasible)
  • Right to object: Object to processing of your medical data based on our legitimate interests

To exercise these rights, please contact us via the contact information provided on our website. We will respond to your request within 30 days as required by GDPR.

5. Security of Medical Data


We implement appropriate technical and organizational measures to protect your medical data from unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption of data in transit and at rest
  • Access controls to limit data access to authorized personnel only
  • Regular security audits and staff training on data protection
  • Secure data storage systems compliant with international medical data standards

In the event of a data breach involving your medical data, we will notify the relevant supervisory authority and affected individuals in accordance with GDPR requirements.

6. Retention of Medical Data


We will retain your medical data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • The duration of your service and any follow-up period
  • Compliance with legal, tax, or regulatory retention requirements
  • Resolution of any potential disputes

Once the retention period expires, we will securely delete or anonymize your medical data.


7. International Data Transfers

 

Your medical data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that any such international data transfer is conducted in compliance with applicable data protection laws, including the GDPR.

For transfers to countries that do not provide an adequate level of data protection, we implement appropriate safeguards, including but not limited to:

  • The European Commission's Standard Contractual Clauses (SCCs)

  • Binding corporate rules

  • Other data transfer mechanisms permitted under GDPR

The primary recipients of your medical data outside the EEA include:

  • The medical institutions you have selected for your health checkup or treatment (located in [your target countries, e.g., Japan, South Korea, Thailand, etc.])

  • Our service providers and partners located in [your country/region]

By providing your medical data and using our services, you acknowledge and agree that your medical data may be transferred to and processed in countries outside the EEA, which may have different data protection standards than your country of residence.

If you wish to obtain a copy of the appropriate safeguards we have implemented for such international transfers, please contact us using the details provided on our website.