search
The #1 Medical Tourism Platform since 2014

Privacy Notice “Bookimed”

Bookimed (hereinafter — “we” and “us”) cares for your personal data and does everything possible to protect it. 

We have created this Privacy Notice (“Notice”) to help you understand what personal data is collected, stored and processed and what happens to it when you use our Website (“Website”)

You, as a data subject, may be our Visitor, Client, Partner and Representative.

Category of data subjects Description
Visitor anyone who visits our website
Client is our end-user to whom we provide our services.
Partner is the legal entity that provides medical care. Note: while providing you with the medical care services our Partner acts as independant controller
Representative is a user whose data we receive from our Partners: clinics, hospitals etc. 

1. Purpose

1.1. This document explains what data is collected in connection with the Bookimed Website. 

1.2. It also explains how we use that data, where we store it, and how we protect it. 

In short:

  • In order for you to use our Website and Services, we need to process some of your data. For any other purpose, we will always ask you for your consent in advance.
  • We will not share your data for third party advertising purposes.

1.3. Finally, it explains your rights in relation to your personal data.

At Bookimed, we care about the privacy of your data and are committed to protecting it. This Privacy Notice (“Notice”) is here to help you to understand how your personal data is collected, stored or used, and what happens to it when you’re using https://en.bookimed.com/ (“Website”). 

In case you have any questions you can contact us at contact@bookimed.com.

In short, you may generally browse our Website without providing us with your information. However, if you want to use the full functionality of our Website and Services, you will need to provide some of your data. 

In case you do not agree with the whole Agreement or with a part of it, please stop using our Website and Services presented on it.

2. Information about the Controller

Controller Bookimed Limited
Address of registration 14 / F Golden Centre, 188 Des Voeux Road Central, Hong Kong
Email for general questions marketing@bookimed.com
Email for personal data request privacy@bookimed.com.
Contact phone number 1-800-550-00-89

 As for privacy roles:

  • Bookimed is the controller with respect to the personal data of Visitors, Clients and Partners.
  • Regarding the personal data of Representatives, Bookimed is a processor.
Please note: Our Partners act as separate controllers when providing services. To contact the Data Protection Officer of Bookimed Limited, please email privacy@bookimed.com

We are Bookimed Limited (located at 14/F Golden Centre, 188 Des Voeux Road Central, Hong Kong). In this document, we will refer to ourselves as “Bookimed”, “we” or “us”. You may contact us via email at contact@bookimed.com.

To communicate with our Data Protection Officer, please email privacy@bookimed.com.

If you live in a country in the European Economic Area (EEA), the Services are provided by Bookimed, which for the purposes of applicable data protection legislation is the data controller responsible for your personal data when you use our Services. 

For data provided to us by our Partners we act as a processor under the GDPR requirements. In order to exercise the privacy rights we will make all possible on our behalf or transfer your request to the appropriate controller.

3. How do we collect and use data?

3.1. Regardless of who you are to us (Visitor, Client, Partner or Representative), we have only three categories of data about you: 

3.2. Automatically collected data (the same for everyone).

We collect your interaction with the website, device and connection data, cookies and similar technologies to keep our website running.

3.3. Data given by Visitors.

We collect  your Contact data and extra case details, if applicable, when you contact us and our customer service.

3.4. Data given to us by a Client.

We collect your Contact data, Account data, Medical data, Call Records Data, Comments, Trip data, Guardian data when you want to request our Services and to register your account.

3.5. Data given to us by Partner.

We collect Contact data when you become our Partner.

3.6. Data is given to us about the Representatives.

We collect Contact data, Qualification data and Scientific activity information when we need to decide on the most appropriate clinic and specialist.

3.7. Data we receive from other sources.

We collect Contact data, details on trips to medical providers and information about medical courses when you interact with us via social networks or when we provide services to our partners.

For your convenience we divided our users into 4 categories: Visitor, Client, Partner and Representative.

  • Visitor — anyone who visits our website.
  • Client — is our end-user to whom we provide our services.
  • Partner — is the legal entity that provides medical care. Note: while providing you with the medical care services our Partner acts as independent controller.
  • Representative — is a user whose data we receive from our Partners: clinics, hospitals etc. 

Regardless of who you are to us (Visitor, Client, Partner or Representative), we have only three categories of data about you: 

Important: We process medical and health data that is sensitive data. We understand the importance of keeping this data secure. We need you to understand that processing of sensitive personal data (medical and health) is necessary to provide you Service (legal basis: performance of the contract). 

Automatically collected data

When you access our Website some data is collected automatically. We need technical data to operate, maintain and improve our Website. Such data includes:

Category of actions Description of the category Legal basis
Your interaction with a Website. We may collect data about your interaction with our Website. Such data includes: your interaction with the Website, the features you use, the pages you view, the way you use our Website and the actions you take if such actions are present. Legitimate interest
Device and connection data. 

We collect information about your computer, phone, tablet, or other devices you use to access the Services. 

Namely, we collect: connection type and settings when you access, update or use our Services. Also, the operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. Geolocation, for instance, we use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. 

The amount of this information we collect depends on the type and settings of the device you use to access the Services.

Legitimate interest
Cookies and similar technologies We use cookies for analytical purposes. You may disable cookies at your browser settings at any time. Find out more about our use of cookies further in this Privacy Notice and in our Cookie Policy. Legitimate interest and/or Consent

Data you provide to us

Please pay attention that all data listed here is not mandatory collected. This only means that we may collect it from you.

Data given by Visitors

During the usage of our website you may want to clarify details about our services or get a recommendation due to your case. 

While contacting us and our Representative support we may collect your contact details as name, email address, phone number and country, extra case details if applicable.

Category of actions Description of the category Legal basis
Customer support
  • name;
  • surname;
  • email;
  • phone number;
  • country;
  • request type;
  • case details (if applicable);
  • documents (if applicable).
Performance of the contract

Data given to us by a Client

When you become our Client we begin to process more data about you. All the data we collect and process is needed for the following reasons: User Account registration, request submission, rating formation, consulting in the form of conversation.

The data we may receive for these reasons: Contact data, Account data, Medical data, Call Records Data, Comments.

When you want to request our Services and to register your account we will ask you to give us some of your personal data, so that we will be able to get in touch with you and to provide our Service. Depending on the type of the account you want to register, we will require different data.

Category of actions Description of the category List of data Legal basis
User Account registration To use our service you need to create an account. For User Account registration you will need to provide data and agree to our Terms of Service.

Contact data: 

  • name;
  • email address;
  • phone number.
Performance of the contract
Account customisation In account settings, you may choose the preferred messenger (Viber, Telegram, Whatsapp) to communicate with us. Also, you choose to link your account to your social media profile (Facebook, Google+). 

Account data: 

  • profile picture;
  • name;
  • age;
  • country;
  • email address;
  • social media profile;
  • messenger;
  • phone number.
Performance of the contract
Commenting of the content / rating On our Website you may, also, leave comments. Note: your comments will be publicly available. That is why we kindly ask you to be cautious when leaving a comment. However, you may choose to leave an anonymous comment. Also, you may delete your comment at any time, by sending us an email to contact@bookimed.com
  • name;
  • email address;
  • comment context;
  • user ID.

Performance of the contract

Find out more details in the Reviews & Comments Policy.

Submitting a request Through your User Account, you may submit a request to us. You may upload certain data to your request.

Medical data: 

  • description of diagnosis; 
  • medical history; 
  • MRI scans;
  • X-ray scans, etc.

Trip data: 

  • bank statement; 
  • passport data etc.

Guardian data:

  • ID;
  • authorization to represent your ward;
  • contact data;
  • medical data of your ward;
  • trip data etc. 

Pay attention. Guardian data is collected when you are authorized to represent and to disclose data of another person. In case you decide to provide data of another person we will ask you to provide additional data. 

Performance of the contract 

Pay attention: some of the data may be kept longer due to the Legal obligation.

Consultation You may also provide your data via phone conversation.Pay attention. We will let you know if your call is being recorded before we do so. If you would prefer that your call was not recorded, you can opt out by stating this, or by hanging up.

Call Records Data: 

  • name;
  • age;
  • location; 
  • medical data, etc.
Performance of the contract.

Data given to us by a Partner

If you are representative of the clinic or/and the hospital and you want to register an account we need to process the data about you and your company. Your corporate data (company registration number etc) is not personal data. It becomes personal data only in the activities that are directly related to you as a representative.

Category of actions Description of the category List of data Legal basis
Partner Account registration To use our service you need to create an account. For User Account registration you will need to provide data and agree to our Terms of Service.

Contact data: 

  • Company type;
  • website;
  • the full name of a contact person;
  • phone number;
  • the email address.
Performance of the contract

Data is given to us about the Representatives

Due to the agreements between us (Bookimed) and our Partners we receive the data that is needed for our Clients and Visitors to make a decision about the most suitable clinic and professional.

The controller of your personal data is our Partner where you are currently working. For the purposes of the performance of the contract we receive your qualification data and contact data.

Category of actions Description of the category List of data Legal basis
Account registration Partner registers its doctors and specialists to create a database for users convenience to choose the appropriate one.

Contact data: 

  • name;
  • profile picture;
  • location;
  • email address.
Performance of the contract
Detailed description In order to provide a high-quality service at the choice of a specialist, we request qualification data, as this gives our Client a more complete understanding.

Qualification data:

  • education and special training programs;
  • work experience;
  • availability of licenses and certificates;
  • membership in professional associations and international communities (ISAPSASPSEURAPSEORTC and others);
  • internships and advanced training in clinics abroad;
  • awards and grants.

Scientific activity information:

  • research;
  • publications;
  • participation in specialized events.
Performance of the contract

Data we receive from other sources

We may also get the information from other sources and combine it with the information which we are gathering through the Website. Such sources include:

Category of actions Description of the category List of data Legal basis
Social media Data.  To use our service you need to create an account. For User Account registration you will need to provide data and agree to our Terms of Service.

Contact data:

  • name; 
  • email address;
  • phone number.
Performance of the contract
Data from medical providers We may receive certain personal data from medical partners. 
  • the medical course;
  • details on trip to medical provider information about flights;
  • invoices;
  • other relevant information. 
Performance of the contract

4. Why and how do we use your data? 

4.1. We process your data for seven basic purposes: 

  • provision of the features of the Website;
  • provision of our Services;
  • providing information about our Services;
  • researches and for analysis purposes;
  • complying with security obligations;
  • complying with our legal obligations;
  • to send marketing communications.

4.2. If we need to process your data for other purposes, we will ask your consent to do so. 

We use, process, and store your information as necessary to perform our contract with you, legal obligation and for our legitimate business interests, in operating our Website and providing our Services including:

  • provision of the features of the Website;
  • provision of our Services;
  • providing information about our Services;
  • researches and for analysis purposes;
  • complying with security obligations;
  • complying with our legal obligations;
  • marketing.
Category of data processing purpose (“processing purpose”) Description Legal Basis  Categories of personal data
To provide the features of the Website.

We collect the data to provide you with access to our Website and Services. Also, to maintain and improve our services. This includes using the data to:

  • сreate and update your Account;
  • enable you to use our Website;
  • enable you to request our Service. 
Performance of a contract  Contact data, Account data.
To provide our Service.

You may provide us additional data so that we can tailor our Service just for your needs. This includes using data to:

  • provide a range of medical facilities for a particular case;
  • verify your identity;
  • arrange a trip to the designated place.
Performance of a contract  Contact data, Account data, Social media data, Medical data, Trip data Guardian data, Consultation data.
To communicate information about our Services.

We use the data we collect to communicate with you about the Services you have requested. This includes using data to:

  • Answer your questions;
  • Help resolve issues in relation to our services. 
Performance of a contact  Contact data, Social media data, Medical data, Trip data, Guardian data, Consultation data
To communicate information about our Services.

We use the data we collect to communicate with you about the Services. This includes using data to:

  • inform you about the new features;
  • inform you about updates and changes.
Legitimate interest  Contact data, Account data
To conduct research and for analysis purposes. We may use data we collect for the purpose of testing, analysis, research and overall development of the product and services. This also allows us to enhance safety and security, develop new features and monitor and improve customer support. Legitimate interest  Automatically collected data, Device and connection data, Cookies and similar technologies, Account Data. 
To create a safe environment. We may also use data about how you use our Website to prevent, detect, or investigate fraud, abuse, illegal use, violations of our Terms of Service, and to comply with court orders, governmental requests or applicable law. Legitimate interest  Automatically collected data, Device and connection data, Cookies and similar technologies, Data from our partners, Contact data, Social media data, Account data, Trip data, certain Guardian data
To operate our business and to comply with our legal obligations. We use the personal data you give us to run our business and to comply with our legal obligations.  Compliance with legal obligations  Automatically collected data, Device and connection data, Cookies and similar technologies, Data from our partners, Contact data, Social media data, Account data, Trip data, certain Guardian data
To send marketing communications. If you are our Representative and you gave us your consent, we may use the contact details you provided to send you our marketing communications, where permitted by applicable law (unless you have opted-out). You may opt-out of receiving such communications at any time.  Consent  Contact data, Social media data.
Other Purposes.  We will ask for your consent to further process your personal data in case we use your personal data for other purposes. During data collection, we will send you individual messages and get your consent. Consent 
  • Pay attention.

    If we use consent as a legal basis for processing, you will have a choice to opt-in or to opt-out from any processing activity. You may withdraw your consent at any time by sending us an email to privacy@bookimed.com

    The only legal basis for processing of Medical data is the performance of a contract. We don’t use this data for no reason other than providing you with a Service.

5. Do we use cookies?

5.1. A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies generally do not permit us to personally identify you. 

5.2. Data collected by cookies may include the following:

  • the website that referred you to us;
  • the web pages you viewed on our Website;
  • the advertisements you viewed and clicked while browsing different websites;
  • browser preferences such as language;
  • We also collect information using web beacons (also known as “tracking pixels”).

5.3. Read more at our Cookie Policy.

A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies generally do not permit us to personally identify you. We generally use session cookies to save your preferences and such cookies expire when you close your browser. These cookies are likely to be analytical, or performance cookies.

Data collected by cookies may include the following:

  • the website that referred you to us;
  • the web pages you viewed on our Website;
  • the advertisements you viewed and clicked while browsing different websites;
  • browser preferences such as language;
    We also collect information using web beacons (also known as “tracking pixels”).

Read more at our Cookie Policy.

We may use Cookies to display content based upon what you view on our Website to personalize your visit. 

We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies). You can find out more about this popular website analytics tool here

These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and anonymous. It is only used to improve how a website works. You can find out more about how it protects your data here.

Your browser can help you manage cookies. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. If you turn cookies off, you may not have access to many features that make our Website more efficient and some of our services will not function properly. 

However, if you do want to manage cookies, here is an instruction on how to do it. For example, you can choose to turn off all cookies. You do this through your browser settings on each browser and device that you use. Each browser is a little different, but usually, these settings are under the “options” or “preferences” menu. The links below provide information about cookie settings for the browsers:

Also, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

6. How do we share and disclose data?

6.1. We may share your personal data under the following conditions:

  • Authorized third parties;
  • Safety, Legal purposes, and Law enforcement;
  • Business transfers;
  • With your consent;
  • Service providers.

6.2. We, as the controller, have certain obligations to secure your data. Before transferring it every vendor goes through a security audit.

6.3. We transfer your personal data to our contractors in Ukraine. 
There is not an adequacy decision by the European Commission 

6.4. According to the GDPR we use “appropriate safeguards” as a legal basis for transfer – Standard Contractual Clauses approved by the EU Commission. You can read here for more detailed if you want.

We may share your personal data under the following conditions:

  • Authorized third parties
  • Safety, Legal purposes, and Law enforcement
  • Business transfers
  • With your consent
  • Service providers
How do we share data?

Authorized third parties.

We may share certain information with parties directly authorized to receive data. For example, we may share your data with a Medical Provider of your choice, or you log in and/or registers via social networks.

Safety, Legal purposes, and Law enforcement.

We will disclose your personal data to third parties to the extent necessary to:

  • (i) comply with a government request, a court order or applicable law;
  • (ii) prevent illegal uses of our Website or violations of our Website’s Terms of Service and our policies;
  • (iii) defend ourselves against third-party claims;
  • and (iv) assist in fraud prevention or investigation (e.g., counterfeiting).

Business transfers. 

We will not sell your personal data to any company or organization. However, we may transfer your personal data to a successor entity upon a merger, consolidation or other corporate reorganization in which Bookimed participates or to a purchaser or acquirer of all or substantially all of Bookimed assets to which this Website relates. In such an event, we will notify you before your personal data is transferred and becomes subject to a different privacy notice.

With your consent.In cases where you have provided your consent, we may share your personal data, as described at the time of consent.

Service providers

Third party service providers process personal data on Bookimed’s behalf. Such data includes data which we collect automatically. For example, host, manage and service our data, distribute emails, research, and analysis, advertising, analytics, manage brand and promotions as well as administering certain features.

— 

Little bit more about Service providers. We may allow third parties to provide contextual and other advertising, and to provide analytical services related to the work of the Website and/or the Service. Such parties may use different identifiers to collect information about the usage of the program, including your IP address, MAC address, device identifiers, software and hardware, time zone and information about the usage of Website and Services.

This information may be used by us and others, among other things, to determine the popularity of certain content, to provide contextual and other advertising, and for a better understanding of your activities on the Website.

FAQs about data sharing

We may share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

“Third parties” includes third-party service providers (including contractors and designated agents). The following activities are carried out by third-party service providers: payroll, management, Customer support, administration and IT services.

We, as the controller, have certain obligations to secure your data. Before transferring it every vendor goes through a security audit.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.

We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business.

We may also need to share your personal information with a regulator or to otherwise comply with the law.

We will inform you in advance as soon as possible in case of such situation

We transfer the personal data we collect about you to our servers in Germany and to our company (also in the US) in order to perform our contract with you. 

Transferring to our servers allows us to maintain our IT technologies and management tools.
We transfer your personal data to our contractors in Ukraine. There is not an adequacy decision by the European Commission in respect of Ukraine and this means that Ukraine is not deemed to provide an adequate level of protection for your personal data.

There is not an adequacy decision by the European Commission in respect of the US and this means that the US is not deemed to provide an adequate level of protection for your personal data.

But

According to the GDPR we use “appropriate safeguards” as a legal basis for transfer – Standard Contractual Clauses approved by the EU Commission. You can read here for more detailed if you want.

7. Do we transfer your data?

Yes, we transfer your data. 

Due to the international nature of Bookimed in the course of our operations, we may need to process your data outside of the country in which you reside. In such a case, we will use appropriate safeguards (for example, contractual data protection clauses), to ensure that your personal information will remain protected in accordance with this Privacy Notice. 

8. How do we handle your data?

8.1. We provide industry-standard physical, electronic, and procedural safeguards to protect personal data we process and maintain. Despite our efforts, no website, mobile application, database or system is completely secure or “hacker proof.” If you have a reason to believe that your interaction with our Website and/or Service is no longer secure, please immediately notify us by contacting us in writing at privacy@bookimed.com.

8.2. We use the Standard Contractual Clauses approved by the European Commission to ensure adequate protection in the mutual processing of data with our Partners.

8.3. We retain your personal data for as long as necessary to fulfill the purposes described in this Notice unless otherwise required by law. However, we may keep some of your personal data for as long as reasonably necessary for our legitimate business interests, including fraud detection and prevention and to comply with our legal obligations including tax, legal reporting, and auditing obligations.

8.4. Before the disclosure of your personal data to any third party we handle the vendor security check to see if there are appropriate safeguards in place.

We store your data at our servers in Germany. To handle it in a secure and compliant GDPR way we use: encryption, contractual obligations, retention controls, levels of access and vendor security check.

  • Encryption & Security

We provide industry-standard physical, electronic, and procedural safeguards to protect personal data we process and maintain. For example, we take reasonable operational and technical measures to limit access to your data. For example, data which we receive is available only to authorized employees and contractors. Also, we use encryption and other safeguards to make sure your data is safe. Such measures are reasonably designed to help protect your personal data from loss, unauthorized access, disclosure, alteration or destruction.

Despite our efforts, no website, mobile application, database or system is completely secure or “hacker proof.” As a result, we cannot guarantee or warrant the security of any information you transmit on or through the Website and you do so at your own risk. You can help keep your data safe by taking reasonable steps to protect your personal data against unauthorized disclosure or misuse. If you have a reason to believe that your interaction with our Website and/or Service is no longer secure, please immediately notify us by contacting us in writing at privacy@bookimed.com.

  • Contractual obligations. 

We use the Standard Contractual Clauses approved by the European Commission to ensure adequate protection in the mutual processing of data with our Partners.

Note: while providing you with the medical care services our Partner acts as independant controller.

  • Retention of your personal data

We retain your personal data for as long as necessary to fulfill the purposes described in this Notice unless otherwise required by law. However, we may keep some of your personal data for as long as reasonably necessary for our legitimate business interests, including fraud detection and prevention and to comply with our legal obligations including tax, legal reporting, and auditing obligations.

  • Third-parties. 

Before the disclosure of your personal data to any third party we handle the vendor security check to see if there are appropriate safeguards in place.

9. How do we treat minors?

We do not and will not knowingly collect personal data directly from any child under 16. We may process data of a child under 16 only upon a parent or guardian’s request and only after the verification of parent/guardian identity and authority to represent a child. However, if you are a parent or guardian and are concerned about the personal data of your child, please contact privacy@bookimed.com.

10. How can you manage your personal data?

10.1. If you provide us with your personal information, you may exercise your rights and exercise any of your rights: 

  • Access;
  • Data portability;
  • Restrict processing;
  • Erasure;
  • Rectification;
  • Object processing;
  • Not to be subject to automated decision-making;
  • Right to lodge complaints.

10.2. If you have further questions, you can always send an email to privacy@bookimed.com  and we will do our best to help you.

In case you provide us with your personal data you may use your powers and exercise any of the rights described in this section. If you have any additional questions you can always send an email to privacy@bookimed.com and we will do our best to help you.

List of your rights

Access. 

You can request an explanation of the personal data we process about you. Also, you can request a copy of your personal data undergoing processing. 

Rectification. 

You can rectify/correct any inaccurate data about you.

Data portability. 

You have a right to receive the personal data concerning you, which you provided to us. You can make a request to transmit this data directly to another data controller in a structured, commonly used and machine-readable format. We will transmit your data directly to another controller in cases where it is technically feasible.

Erasure. 

You have a right to be forgotten which means that we will delete all personal data that you have provided to us. Note, we may retain certain information as required by law and for legitimate business purposes permitted by law. 

Restrict processing. You can request us to temporarily or permanently stop processing all or some of your personal data.

Object processing. 

You can, at any time, object to the processing of your personal data on grounds relating to your particular situation. You have the right to object to your personal data being processed for direct marketing purposes.

Right to lodge complaints

You have the right to lodge complaints in relation to the data processing activities carried out by us to the competent data protection authorities. 

Not to be subject to automated decision-making

You have a right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

11. How do we update this Notice? 

Applicable law and our practices change over time. If we decide to update our Privacy Notice, we will post the changes on our Website. If we materially change the way in which we process your personal data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to read our Privacy Notice and keep yourself informed of our practices.