Bookimed Limited (hereinafter referred to as “we” and “us”) is committed to safeguarding your personal data and ensuring its protection.
We have created this Privacy Notice (“Notice”) to help you understand what personal data is collected, stored, and processed, and what happens to it when you use our website (“Website”).
You, as a data subject, may be our Visitor, Client, Partner, or Representative.
| Category of data subjects | Description |
|---|---|
| Visitor | Anyone who visits our website. |
| Client | Our end-user to whom we provide our services. |
| Partner | The legal entity that provides medical care. Note: Our Partner acts as an independent controller when providing you with medical care services. |
| Representative | A user whose data we receive from our Partners: clinics, hospitals, etc. |
1. Purpose
1.1. This document explains what data is collected in connection with the Bookimed Website.
1.2. It also explains how we use that data, where we store it, and how we protect it.
In summary:
- We need to process some of your data to enable you to use the full functionality of our Website and Services. We will always ask for your consent in advance for any other purpose.
- We will not share your data for third-party advertising purposes.
1.3. Finally, it explains your rights in relation to your personal data.
At Bookimed, we care about your data privacy and are committed to protecting it. This Privacy Notice (“Notice”) is here to help you understand how your personal data is collected, stored, or used, and what happens to it when you use https://www.bookimed.co.uk/ (“Website”).
If you have any questions, you can contact us at [email protected].
If you do not agree with the whole Agreement or with a part of it, please stop using our Website and Services.
2. Information about the Controller
| Controller | Bookimed Limited |
|---|---|
| Address of registration | 14 / F Golden Centre, 188 Des Voeux Road Central, Hong Kong |
| Email for general questions | [email protected] |
| Email for personal data request | [email protected] |
| Contact phone number | 4-420-808-909-66 |
As for privacy roles:
- Bookimed is the controller with respect to the personal data of Visitors, Clients, and Partners.
- Regarding the personal data of Representatives, Bookimed is a processor.
Please note: Our Partners act as separate controllers when providing services.
To contact the Data Protection Officer of Bookimed Limited, please email [email protected].
If you live in the United Kingdom, the Services are provided by Bookimed, which for the purposes of applicable data protection legislation, including the UK Data Protection Act 2018 and the GDPR, is the data controller responsible for your personal data when you use our Services.
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated.
For data provided to us by our Partners, we act as a processor under GDPR requirements. To exercise privacy rights, we will make every effort on our behalf or transfer your request to the appropriate controller.
3. How do we collect and use data?
3.1. Regardless of who you are to us (Visitor, Client, Partner, or Representative), we have three categories of data about you:
- Automatically collected data;
- Data you give us as a Visitor, Client, or Partner;
- Data received from other sources.
3.2. Automatically collected data
We collect your interaction with the website, device, and connection data, cookies, and similar technologies to keep our website running.
3.3. Data given by Visitors
We collect your contact data and extra case details, if applicable, when you contact us and our customer service.
3.4. Data given by a Client
We collect your contact data, account data, medical data, call records data, comments, trip data, and guardian data when you want to request our Services and register your account.
3.5. Data given by a Partner
We collect contact data when you become our Partner.
3.6. Data about Representatives
We collect contact data, qualification data, and scientific activity information when we need to decide on the most appropriate clinic and specialist.
3.7. Data from other sources
We collect contact data, details on trips to medical providers, and information about medical courses when you interact with us via social networks or when we provide services to our partners.
Important: We process medical and health data that is sensitive data. We understand the importance of keeping this data secure. We need you to understand that processing of sensitive personal data (medical and health) is necessary to provide you Service (legal basis: performance of the contract).
Automatically collected data
When you access our Website some data is collected automatically. We need technical data to operate, maintainб and improve our Website. Such data includes:
| Category of actions | Description of the category | Legal basis |
|---|---|---|
| Your interaction with the Website | We may collect data about your interaction with our Website. Such data includes: your interaction with the Website, the features you use, the pages you view, the way you use our Website, and the actions you take if such actions are present. | Legitimate interest |
| Device and connection data | We collect information about your computer, phone, tablet, or other devices you use to access the Services. Namely, we collect: connection type and settings when you access, update or use our Services. Also, the operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We also use use your IP address and/or country preference to approximate your location and enhance your Service experience. The amount of information we collect depends on your device type and settings. | Legitimate interest |
| Cookies and similar technologies | We use cookies for analytical purposes. You may disable cookies through your browser settings at any time. Find out more about our use of cookies further in this Privacy Notice and in our Cookie Policy. | Legitimate interest and/or Consent |
Data you provide
Please note that all data listed here is not mandatorily collected. This only means that we may collect it from you.
Data given by Visitors
When using our website, you may want to clarify details about our services or get a recommendation based on your specific case.
When you contact us or our Representative support, we may collect your contact details, such as your name, email address, phone number, country, and any additional case details, if applicable.
| Category of actions | Description of the category | Legal basis |
|---|---|---|
| Customer support | We collect: name; surname; email; phone number; country; request type; case details (if applicable); documents (if applicable). | Performance of the contract |
Data given to us by a Client
When you become our Client, we begin to process more data about you. This data is required for the following purposes: User Account registration, request submission, rating formation, and consulting in the form of conversation.
For these purposes, we may collect the following types of data: Contact data, Account data, Medical data, Call Records Data, and Comments.
To request our services and register your account, we will ask for certain personal data to contact you and provide our services. The specific data required may vary depending on the type of account you wish to register.
| Category of actions | Description of the category | List of data | Legal basis |
|---|---|---|---|
| User Account registration | To use our service, you need to create an account. For User Account registration, you will need to provide data and agree to our Terms of Service. | Contact data: name; email address; phone number. | Performance of the contract |
| Account customisation | In account settings, you may choose the preferred messenger (Viber, Telegram, Whatsapp) for communication and link your account to your social media profile (Facebook, Google+). | Account data: profile picture; name; age; country; email address; social media profile; messenger; phone number. | Performance of the contract |
| Commenting on the content / rating | On our Website you may leave comments. Note: your comments will be publicly available. That is why we kindly ask you to be cautious when leaving a comment. However, you may choose to leave an anonymous comment. Also, you may delete your comment at any time by emailing us as [email protected]. For further details, please refer to our Review & Comment Policy. | Name; email address; comment context; user ID. | Performance of the contract Find out more details in the Reviews & Comments Policy. |
| Submitting a request | Through your User Account, you may submit a request and upload data related to your request. | Medical data: description of diagnosis; medical history; MRI scans; X-ray scans, etc. Trip data: bank statement; passport data etc. Guardian data: ID; authorization to represent your ward; contact data; medical data of your ward; trip data, etc. | Performance of the contract |
| Consultation | You may also provide your data via phone conversation. We will let you know if your call is being recorded before we do so. If you prefer not to have your call recorded, you can opt-out by stating this or hanging up. | Call Records Data: name; age; location; medical data, etc. | Performance of the contract |
Please Note:
- Guardian data is collected when you are authorized to represent and disclose data about another person. If you decide to provide data about another person, we will ask for additional information.
- Some of the data may be retained longer due to legal obligations.
Data given by a Partner
If you are a representative of a clinic or hospital and wish to register an account, we need to process data about you and your company. Your corporate data (e.g., company registration number) is not considered personal data. However, it becomes personal data when it pertains to activities directly related to you as a representative.
| Category of actions | Description of the category | List of data | Legal basis |
|---|---|---|---|
| Partner Account registration | To use our service, you need to create an account. For User Account registration, you will need to provide data and agree to our Terms of Service. | Contact data: Company type; website; the full name of a contact person; phone number; email address. | Performance of the contract |
Data about the Representatives
Due to the agreements between us (Bookimed) and our Partners, we receive the necessary data for our Clients and Visitors to make informed decisions about the most suitable clinic and professionals.
The controller of your personal data is our Partner where you are currently working. For the purposes of fulfilling the contract, we receive your qualification data and contact data.
| Category of actions | Description of the category | List of data | Legal basis |
|---|---|---|---|
| Account registration | Partner registers its doctors and specialists to create a database for users’ convenience in choosing the appropriate professional. | Contact data: name; profile picture; location; email address. | Performance of the contract |
| Detailed description | To provide a high-quality service in selecting a specialist, we request qualification data, as this gives our Client a more complete understanding. | Qualification data: education and special training programs; work experience; availability of licenses and certificates; membership in professional associations and international communities (ISAPS, ASPS, EURAPS, EORTC, etc.); internships and advanced training in clinics abroad; awards and grants. Scientific activity information: research; publications; participation in specialized events. | Performance of the contract |
Data from other sources
We may also obtain information from other sources and combine it with the data which we gather through the Website. Such sources include:
| Category of actions | Description of the category | List of data | Legal basis |
|---|---|---|---|
| Social media data | To use our service, you need to create an account. For User Account registration, you will need to provide data and agree to our Terms of Service. | Contact data: name; email address; phone number. | Performance of the contract |
| Data from medical providers | We may receive certain personal data from medical partners. | Medical course; details on trips to medical providers; information about flights; invoices; other relevant information. | Performance of the contract |
4. Why and how do we use your data?
4.1. We process your data for seven basic purposes:
- Provision of the features of the Website;
- Provision of our Services;
- Providing information about our Services;
- Research and analysis purposes;
- Complying with security obligations;
- Complying with our legal obligations;
- To send marketing communications.
4.2. If we need to process your data for purposes other than those listed above, we will seek your consent in advance.
We use, process, and store your information as necessary to perform our contract with you, fulfill legal obligations, and for our legitimate business interests, in operating our Website and providing our Services, including:
- provision of the features of the Website;
- provision of our Services;
- providing information about our Services;
- research and analysis purposes;
- complying with security obligations;
- complying with our legal obligations;
- marketing.
| Category of data processing purpose (“processing purpose”) | Description | Legal Basis | Categories of personal data |
|---|---|---|---|
| Provision of website features | We collect data to provide you with access to our Website and Services, as well as to maintain and improve our services. This includes using the data to: сreate and update your Account; enable you to use our Website; enable you to request our Service. | Performance of a contract | Contact data, Account data. |
| Provision of Services | You may provide additional data so that we can tailor our Service just for your needs. This includes using data to: provide a range of medical facilities for a particular case; verify your identity; arrange a trip to the designated place. | Performance of a contract | Contact data, Account data, Social media data, Medical data, Trip data Guardian data, Consultation data. |
| Communication about Services. | We use the data we collect to communicate with you about the Services you have requested. This includes using data to: answer your questions; help resolve issues in relation to our services. | Performance of a contact | Contact data, Social media data, Medical data, Trip data, Guardian data, Consultation data |
| Informational communication | We use the data we collect to inform you about new features, updates, and changes to our Services. | Legitimate interest | Contact data, Account data |
| Research and analysis | We may use data we collect for testing, analysis, research, and overall development of our product and services. This also helps enhance safety and security, develop new features, and improve customer support. | Legitimate interest | Automatically collected data, Device and connection data, Cookies and similar technologies, Account data. |
| Creating a safe environment | We may also use data on how you use our Website to prevent, detect, or investigate fraud, abuse, illegal use, and violations of our Terms of Service, and to comply with court orders, governmental requests, or applicable laws. | Legitimate interest | Automatically collected data, Device and connection data, Cookies and similar technologies, Data from our partners, Contact data, Social media data, Account data, Trip data, certain Guardian data |
| Business operations and legal compliance | We use the personal data you provide to run our business and comply with our legal obligations. | Compliance with legal obligations | Automatically collected data, Device and connection data, Cookies and similar technologies, Data from our partners, Contact data, Social media data, Account data, Trip data, certain Guardian data |
| Marketing communications | If you are our Representative and you gave us your consent, we may use the contact details you provided to send you our marketing communications, where permitted by applicable law (unless you have opted out). You may opt out of receiving such communications at any time. | Consent | Contact data, Social media data. |
| Other Purposes | If we need to process your personal data for other purposes, we will ask for your consent at the time of data collection. | Consent |
Please Note:
If we rely on consent as a legal basis for processing your data, you will have the option to opt in or opt out of any processing activity. You may withdraw your consent at any time by emailing us at [email protected].
For the processing of medical data, the only legal basis we use is the performance of a contract. We only use this data to provide you with our services and for no other purposes.
5. Do we use cookies?
5.1. What are cookies?
A cookie is a piece of data stored on the user’s hard drive containing information about the user. Cookies generally do not permit us to personally identify you.
5.2. What data do cookies collect?
Data collected by cookies may include the following:
- the website that referred you to us;
- the web pages you viewed on our Website;
- the advertisements you viewed and clicked while browsing different websites;
- browser preferences, such as language.
We also collect information using web beacons (also known as “tracking pixels”).
For more information, please refer to our Cookie Policy.
5.3. How do we use cookies?
We generally use session cookies to save your preferences and such cookies expire when you close your browser. These cookies are likely to be analytical, or performance cookies.
We use cookies to personalize your visit to our Website based on the content you view. We, along with third-party vendors such as Google, use first-party cookies (e.g., Google Analytics cookies). These cookies help us understand how visitors use our website, which pages are visited most often, and if there are any error messages from web pages. The information collected by these cookies is aggregated and anonymous and is only used to improve how our website works.
5.4. Managing cookies
Your browser can help you manage cookies. You can choose to have your computer warn you each time a cookie is being sent, or you can turn off all cookies. Please note that if you turn cookies off, you may not have access to many features that make our Website more efficient, and some of our services may not function properly.
If you want to manage cookies, you can do so through your browser settings on each browser and device that you use. Each browser is slightly different, but usually, these settings are found under the “options” or “preferences” menu. The links below provide information about cookie settings for various browsers:
You can also opt-out by visiting the Network Advertising Initiative Opt-Out page or using the Google Analytics Opt-Out Browser add-on.
6. How do we share and disclose data?
6.1. We may share your personal data under the following conditions:
- Authorized third parties;
- Safety, legal purposes, and law enforcement;
- Business transfers;
- With your consent;
- Service providers.
6.2. As the data controller, we have certain obligations to secure your data. Before transferring data, every vendor undergoes a security audit.
6.3. We transfer your personal data to our contractors in Ukraine. The European Commission has not issued an adequacy decision for Ukraine.
6.4. In accordance with the GDPR, we use “appropriate safeguards” as a legal basis for transferring data. This includes using Standard Contractual Clauses approved by the EU Commission and the UK Information Commissioner’s Office. You can read more about these safeguards here.
| How do we share data? | |
|---|---|
| Authorized third parties. We may share information with parties directly authorized to receive it. For example, we may share your data with a Medical Provider of your choice, or if you log in and/or register via social networks. | Safety, Legal purposes, and Law enforcement. We will disclose your personal data to third parties to the extent necessary to: (i) comply with a government request, a court order, or applicable law; (ii) prevent illegal uses of our Website or violations of our Website’s Terms of Service and our policies; (iii) defend ourselves against third-party claims; and (iv) assist in fraud prevention or investigation (e.g., counterfeiting). |
| Business transfers. We will not sell your personal data to any company or organization. However, we may transfer your personal data to a successor entity upon a merger, consolidation or other corporate reorganization in which Bookimed participates or to a purchaser or acquirer of all or substantially all of Bookimed assets to which this Website relates. In such an event, we will notify you before your personal data is transferred and becomes subject to a different privacy notice. | With your consent. In cases where you have provided your consent, we may share your personal data as described at the time of consent. |
| Service providers. Third-party service providers process personal data on Bookimed’s behalf, including data collected automatically. These providers may host, manage, and service our data, distribute emails, conduct research and analysis, manage advertising and promotions, and administer features. | N/A |
Note about Service providers:
We may allow third parties to provide contextual and other advertising, as well as analytical services related to the operation of our Website and Services. These third parties may use various identifiers to collect information about your usage of our platform, including your IP address, MAC address, device identifiers, software and hardware details, time zone, and other usage information.
This information can be used by us and these third parties to:
- Determine the popularity of certain content.
- Provide contextual and other types of advertising.
- Gain a better understanding of your activities on the Website.
FAQs about data sharing
Why may we share?
We may share your personal data with third parties when required by law, to manage our working relationship with you, or for other legitimate interests.
Which third-party services process my data?
Third-party service providers, including contractors and designated agents, may process data for activities such as payroll, management, customer support, administration, and IT services.
Is my data secure with these services?
All third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow these providers to use your data for their own purposes. They may only process your data for specified purposes and in accordance with our instructions.
Any other sharing not mentioned before?
We may share your personal information with other third parties, for example, in the context of a possible business sale or restructuring, or to comply with legal obligations.
We will inform you in advance as soon as possible in case of such a situation.
International data transfers
We transfer the personal data we collect to our servers in Germany and to our company in the US to perform our contract with you. Transferring to these servers allows us to maintain our IT technologies and management tools.
We also transfer your personal data to contractors in Ukraine. The European Commission has not issued an adequacy decision for Ukraine, meaning it is not deemed to provide adequate protection for personal data. Similarly, the US does not have an adequacy decision from the European Commission.
However, according to the GDPR, we use “appropriate safeguards” as a legal basis for these transfers, such as Standard Contractual Clauses approved by the EU Commission and the UK ICO. You can read more about these safeguards here.
7. Do we transfer your data?
Yes, we transfer your data.
Due to Bookimed’s international nature, we may need to process your data outside the United Kingdom. When we transfer your data internationally, we use appropriate safeguards, such as contractual data protection clauses, to ensure your personal information remains protected in accordance with this Privacy Notice, the UK GDPR, and the Data Protection Act 2018.
8. How do we handle your data?
8.1. Encryption & security
We provide industry-standard physical, electronic, and procedural safeguards to protect the personal data we process and maintain. Despite our efforts, no website, mobile application, database, or system is completely secure or “hacker-proof.” You can help keep your data safe by taking reasonable steps to protect your personal information. If you have a reason to believe that your interaction with our Website and/or Service is no longer secure, please immediately notify us by contacting us in writing at [email protected].
8.2. Contractual obligations
We use the Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner’s Office to ensure adequate protection in the mutual processing of data with our Partners.
8.3. Retention of your personal data
We retain your personal data for as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required by law. We may retain some of your personal data for a longer period as necessary for our legitimate business interests, such as fraud detection and prevention, and to comply with our legal obligations, including tax, legal reporting, and auditing requirements.
8.4. Third parties
Before disclosing your personal data to any third party, we conduct a vendor security check to ensure appropriate safeguards are in place.
We store your data on our servers in Germany. To handle your data securely and in compliance with GDPR and the Data Protection Act 2018, we use encryption, contractual obligations, retention controls, access levels, and vendor security checks.
9. How do we treat minors?
We do not and will not knowingly collect personal data directly from any child under 16. We may process data of a child under 16 only upon the request of a parent or guardian and after verifying the parent/guardian’s identity and authority to represent the child. If you are a parent or guardian and are concerned about your child’s personal data, please contact us at [email protected].
10. How can you manage your personal data?
10.1. If you provide us with your personal information, you may exercise the following rights:
- Access;
- Data portability;
- Restrict processing;
- Erasure;
- Rectification;
- Object processing;
- Not to be subject to automated decision-making;
- Right to lodge complaints.
If you have any further questions, please contact us at [email protected], and we will do our best to assist you.
10.2. In case you provide us with your personal data, you may use your powers and exercise any of the rights described in this section.
| List of your rights | |
|---|---|
| Access. You have the right to request an explanation of the personal data we process about you. Additionally, you can request a copy of your personal data that is undergoing processing. | Rectification. You have the right to correct any inaccurate or incomplete personal data we hold about you. |
| Data portability. You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format. Where technically feasible, you can request that we transmit this data directly to another data controller. | Erasure. You have the right to request the deletion of all personal data you have provided to us. Please note that we may retain certain information as required by law and for legitimate business purposes. |
| Restrict processing. You can request that we temporarily or permanently stop processing all or some of your personal data. | Object processing. You can object to the processing of your personal data at any time, based on grounds relating to your particular situation. You also have the right to object to your personal data being processed for direct marketing purposes. |
| Right to lodge complaints. You have the right to lodge complaints with the Information Commissioner’s Office (ICO) or other competent data protection authorities regarding our data processing activities. | Not to be subject to automated decision-making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you in a similar way. |
11. How do we update this Notice?
Our Privacy Notice may be updated to reflect changes in applicable law and our data processing practices. If we make any changes, we will post the updated Privacy Notice on our Website.
If there are significant changes in how we process your personal data, we will notify you in advance. In cases where it is legally required, we will seek your consent before implementing such changes.
We encourage you to review our Privacy Notice regularly to stay informed about how we protect your personal data.
