Privacy and Cookies Notice
1. INTRODUCTION
1.1. At Clinics Abroad, SIA, we prioritize the protection of your personal data. This Privacy Policy explains how we process and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1.2. Clinics Abroad is dedicated to managing your personal data responsibly and transparently. If you have any questions or require further clarification, please contact us at dpo@clinicsabroad.com and we will address your concerns promptly.
2. SCOPE
2.1. This Privacy Policy applies to all personal data collected and processed by Clinics Abroad from users of our platform, including both clients (individuals seeking healthcare services) and clinics (healthcare providers). It also covers interactions with third-party processors we engage for operational purposes.
2.2. We are committed to protecting the privacy of all individuals whose data we process as part of our services. This includes:
2.2.1. Personal data collected from users and clinics for account administration, subscription to marketing updates, and participation in promotions.
2.2.2. Data shared with authorized third-party service providers for payment processing, communication, and platform functionality.
2.2.3. Information retained for legal, operational, and administrative purposes.
3. DEFINITIONS
3.1. “Account” means a user-created profile that provides access to specific features or functionalities of the platform.
3.2. Applicable Law means the relevant data protection and privacy laws, including the General Data Protection Regulation (GDPR), and any guidance or statutory codes of practice issued by the relevant supervisory authorities that govern the processing of personal data.
3.3. “Clinic” means any medical or healthcare service provider listed on the platform that offers treatments or consultations to users.
3.4. “Clinics Abroad” means Clinics Abroad, SIA, a company registered in Latvia under registration number 40203558470, providing the platform to connect users with clinics.
3.5. “Content” means all materials available on the platform, including but not limited to articles, podcasts, images, and user-generated reviews.
3.6. Controller means the entity, as described in Section 4 below, that determines the purposes and means of processing Personal Data.
3.7. Data Subject means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or online identifier. For the purposes of this Policy, this includes users of Clinics Abroad, including both clients (individuals seeking services) and representatives of clinics.
3.8. “GDPR” means General Data Protection Regulation (EU Regulation 2016/679), which governs the collection, processing, and storage of personal data for users within the European Union.
3.9. “Governing Law” means the legal framework under which these Terms are interpreted and enforced, which is the law of Latvia unless otherwise stated.
3.10. “Personal Data” means any information relating to an identified or identifiable individual, collected or processed by Clinics Abroad as part of the platform’s operation.
3.11. “Platform” means the Clinics Abroad website and any associated services accessible at www.clinicsabroad.com.
3.12. “Processing or Processed” means Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
3.13. Processor means a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.
3.14. “Sensitive Data” means personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data, health data, or data concerning a person’s sex life or sexual orientation, in accordance with Article 9 GDPR.
3.15. “Services” means the intermediary services provided by Clinics Abroad, including connecting users with clinics, distributing inquiries, and facilitating access to clinic information.
3.16. “Terms” means these Terms and Conditions, which govern the relationship between Clinics Abroad, users, and clinics.
3.17. “Third-Party Processors” means external service providers, such as Stripe or WhatsApp Business, involved in processing payments, communications, or other data on behalf of Clinics Abroad.
3.18. “User”, ‘Client” or “Patient” means any individual accessing or using the platform to inquire about or connect with clinics listed on the platform.
4. CONTROLLER AND PROCESSORS
4.1. Controller
4.2. Clinics Abroad, SIA, is the data controller responsible for determining the purposes and means of processing personal data related to platform operations.
4.2.1. Company Name: Clinics Abroad, SIA
4.2.2. Registration Number: 40203558470
4.2.3. Registered Office: Kastanu 17, Garkalne, Adazi, Latvia, LV-2164
4.2.4. Contact for Data Protection Queries:
4.2.4.1. Email: dpo@clinicsabroad.com
4.2.4.2. Phone: +37128725443
4.3. As the data controller, Clinics Abroad ensures compliance with all applicable data protection laws, including the General Data Protection Regulation (GDPR).
4.4. Processors
4.5. The following entities act as Processors for specific operational activities, processing data on behalf of Clinics Abroad:
4.5.1. Stripe
4.5.1.1. Purpose: Payment processing for user service fees and clinic subscriptions.
4.5.1.2. Contact: Stripe, Inc., Attention: Stripe Legal , 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA.
4.5.2. WhatsApp for Business
4.5.2.1. Purpose: Communication channel for users submitting inquiries, making complaints, or subscribing to newsletters.
4.5.2.2. Contact: WhatsApp Ireland Limited, ATTN: WhatsApp Legal Department, Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland.
4.6. Data Processing Agreements
4.7. The relationships between Clinics Abroad and its Processors have been formalized through Data Processing Agreements in compliance with Article 28(3) of the GDPR . These agreements ensure that Processors only process data as instructed by Clinics Abroad and adhere to appropriate technical and organizational measures to secure the data.
5. PERSONAL DATA WE COLLECT
5.1. Clinics Abroad collects and processes only the personal data necessary to operate our platform, and, where applicable, send marketing communications to users who have opted in:
5.2. Personal Data
5.2.1. Name and surname
5.2.2. Contact details (e.g., email address, phone number)
5.3. Special Categories of Personal Data
5.4. Clinics Abroad do not process sensitive personal data (special categories).
5.5. How We Use Your Data
5.6. All data collected is handled responsibly and processed in accordance with GDPR to provide the requested services and to improve your experience on our platform. Sensitive data is never processed.
6. PURPOSES AND LAWFUL BASIS FOR COLLECTING PERSONAL DATA
6.1. Clinics Abroad collects and processes Personal Data for specific, legitimate purposes, as outlined below, and ensures that processing is conducted under one or more lawful bases as defined by GDPR:
6.2. Purposes of Processing
6.2.1. To manage clinic accounts and subscriptions on the platform.
6.2.2. To process payments, including subscription fees.
6.2.3. To send marketing communications and promotional materials where users or clinics have provided their consent.
6.2.4. To comply with applicable legal and regulatory obligations, such as tax and record-keeping requirements.
6.2.5. To respond to general inquiries, complaints, or feedback submitted directly to Clinics Abroad.
6.2.6. To maintain, operate, and improve the functionality, security, and user experience of the platform.
6.3. Contractual Necessity: Processing is necessary for the performance of a contract between Clinics Abroad and the user or for taking steps prior to entering into such a contract. For example, facilitating inquiries and ensuring the provision of requested services.
6.4. Compliance with Legal Obligations: Processing is necessary for compliance with legal requirements, such as tax reporting, anti-money laundering regulations, or responding to regulatory inquiries.
6.5. Legitimate Interests: Processing is necessary for the legitimate interests of Clinics Abroad, such as improving platform functionality, preventing fraud, and ensuring data security, provided these interests do not override the rights and freedoms of the Data Subject.
6.6. We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
6.7. Personal Data
Categories of personal data | Purpose(s) | Legal basis | ||
| Identify users (clients or representative for clinics) on the platform. Maintain user records. | Contract, Legitimate Interest | ||
Contact details (email address, phone number) | Provide platform updates or transactional emails. | Contract | ||
Home address | Address communications to users (e.g., invoices). | Contract | ||
Payment details (e.g., IBAN, bank details) | Process payments for service fees and clinic subscriptions. | Contract | ||
Communication records | Maintain logs of communication for troubleshooting, fraud prevention, and service improvements. | Legitimate Interest | ||
Emergency contact details (name, phone, email) | Contact the designated person in case of emergencies. | Legitimate Interest |
- Data Processed by Clinics Abroad for Operational User
Categories of Operational Data | Purpose(s) | Legal basis |
Platform usage data (e.g., IP address, cookies) | Analyze platform performance and improve user experience. | Legitimate Interest |
7. WHO WE SHARE YOUR PERSONAL DATA WITH
7.1. At Clinics Abroad, we do not share your personal data with clinics through our platform. If you choose to contact a clinic directly, any information you provide will be handled by that clinic under its own privacy policy, and Clinics Abroad will not have access to, or control over, such data.
7.2. At Clinics Abroad, your personal data is shared responsibly and only with those who need it to provide our services or comply with legal obligations. Here’s how and with whom we may share your information:
7.2.1. Internal Departments: Your data may be shared within Clinics Abroad, including Customer Support, Marketing, and Finance teams, but only for the purposes outlined in this privacy notice, such as responding to your inquiries or processing payments.
7.2.2. Authorized Partners and Processors: We work with trusted service providers, such as payment platforms (e.g., Stripe), hosting providers (e.g., Google Cloud Platform), and communication tools (e.g., WhatsApp for Business). These partners are contractually bound to keep your data secure and use it solely for the services they provide to us.
7.2.3. Legal or Regulatory Requirements: If required by law, we may share your personal data with government agencies or regulatory authorities, such as tax offices or data protection regulators.
7.2.4. Platform Functionality: To enable the proper operation of the platform and support connections between clinics and potential clients, certain business-related information provided by clinics (such as clinic name, contact details, location, service descriptions, and promotional content) may be visible to users through the platform.
7.2.5. Third-Party Service Providers: We may share your data with third parties that help us maintain and improve the platform, such as IT support, analytics providers, and marketing agencies. These providers are carefully vetted to ensure they comply with data protection regulations.
7.2.6. Data Transfers Outside the EEA: Clinics Abroad does not routinely transfer your data outside the European Economic Area (EEA). If such transfers are necessary, we ensure compliance with GDPR requirements by using approved safeguards, such as Standard Contractual Clauses. Please note that clinics located outside the EEA may process your data in jurisdictions with different data protection standards. We encourage you to review the clinic’s own privacy notice for details of any such transfers.
7.2.7. Legal Obligations: In cases where we are legally obligated to disclose your data—for example, in response to court orders or legal investigations—we will comply with applicable laws.
7.2.8. Your Privacy Matters: Clinics Abroad does not sell or trade your personal data. Any sharing of your data is strictly for the purposes listed above, ensuring your trust and privacy are respected at all times.
7.3. We do not sell, rent, or trade your personal data. All sharing is strictly limited to the purposes described above and carried out in compliance with applicable data protection laws.
8. DATA STORAGE AND RETENTION
8.1. At Clinics Abroad, we are committed to securely storing your Personal Data and retaining it only for as long as necessary to fulfill the purposes outlined in this privacy notice or to comply with legal obligations. Here’s how we manage data storage and retention:
8.2. Secure Storage
8.3. Personal Data in electronic format is stored on internal servers hosted on secure platforms, such as Amazon Web Services, protected by encryption protocols and access controls.
8.4. Customer data is managed through secure Customer Relationship Management (CRM) systems, which are accessible only to authorized personnel.
8.5. For additional security, data on employee devices or systems is password-protected and encrypted.
8.6. In rare cases where tangible, hard copy documents are required, these are stored securely in locked cabinets, accessible only to authorized personnel.
8.7. Retention Practices
8.8. Personal Data is retained for the duration of your relationship with Clinics Abroad and for a reasonable period thereafter to comply with legal, regulatory, or operational requirements. For example:
8.8.1. Contact details, such as your name, email, and phone number, are typically retained for up to 10 years after the end of the service relationship.
8.8.2. Marketing contact details are retained until you withdraw your consent or unsubscribe from communications, whichever occurs first.
8.8.3. Information collected for inquiries, such as medical conditions or service preferences, is deleted once the inquiry is resolved, unless extended for legal or regulatory purposes.
8.8.4. Payment details are securely retained for up to 7 years in compliance with financial and tax regulations.
8.9. Special Categories of Personal Data, such as health-related information, are never collected.
8.10. Data Disposal: When the retention period expires, or upon your request for deletion, we securely erase or anonymize your Personal Data, ensuring it cannot be reconstructed or used.
8.11. Operational Data: Data generated during your use of the platform, such as IP addresses and cookies, is retained for up to 12 months for analytics and troubleshooting purposes. If applicable, CCTV footage is retained for a maximum of 15 days unless needed for an ongoing investigation.
8.12. Commitment to Security: Throughout the retention period, we implement robust technical and organizational measures to protect the confidentiality, integrity, and availability of your data in compliance with GDPR requirements.
8.13. If you have any questions about how long we keep your data or wish to request its deletion, feel free to contact us at dpo@clinicsabroad.com.
9. YOUR RIGHTS REGARDING PERSONAL DATA
9.1. At Clinics Abroad, we are committed to protecting your rights under the GDPR. As a user of our platform (whether a client or a clinic representative), you have specific rights concerning the Personal Data we collect and process. You can exercise these rights by contacting us at dpo@clinicsabroad.com.
9.2. Clinics listed on the platform operate independently from Clinics Abroad. We do not share your personal data with them through our systems. If you choose to contact a clinic directly and provide personal data, that clinic will act as the controller for any processing it undertakes. In such cases, you must exercise your data protection rights directly with the clinic in accordance with its own privacy policy, as Clinics Abroad will have no control over, or access to, such data.
9.3. Accessing Your Rights We aim to process all requests promptly and transparently. Here’s how your rights are supported:
9.3.1. Response Times: We will respond to your request within 30 days of receipt. If your request is complex or we are handling a high volume of similar requests, this period may be extended to two months. You will be notified of the extension and the reasons for the delay within the initial 30-day period.
9.3.2. Response Format: Upon request, your Personal Data can be provided either digitally or in hard copy format.
9.3.3. Verification of Identity: To ensure your Personal Data remains secure, we may ask for additional information to verify your identity before processing your request.
9.3.4. Fees: Most requests are free of charge. However, if a request is deemed manifestly unfounded or excessive, particularly due to its repetitive nature, we reserve the right to charge a reasonable fee or decline the request with a written explanation.
9.4. Your Specific Rights
9.4.1. Right to Access: You can request confirmation of whether your Personal Data is being processed and, if so, access to the following:
9.4.1.1. The purposes of the processing.
9.4.1.2. The categories of Personal Data involved.
9.4.1.3. The recipients (or categories of recipients) to whom the data has been disclosed, including any outside the EEA.
9.4.1.4. The retention period or criteria used to determine it.
9.4.1.5. Your rights to rectification, erasure, restriction, or objection.
9.4.1.6. The existence of automated decision-making or profiling, if applicable.
9.4.2. Right to Rectification: If your Personal Data is inaccurate, incomplete, or outdated, you can request correction or updates.
9.4.3. Right to Erasure (“Right to be Forgotten”): You may request the deletion of your Personal Data in the following situations:
9.4.3.1. The data is no longer needed for the purposes it was collected.
9.4.3.2. You withdraw consent (if consent was the basis for processing).
9.4.3.3. You object to processing, and there are no overriding legitimate grounds.
9.4.3.4. The data was unlawfully processed.
9.4.3.5. Deletion is required by law.
9.4.4. Right to Restriction: You can request a restriction on processing your Personal Data in the following scenarios:
9.4.4.1. You contest the accuracy of the data (processing will be restricted pending verification).
9.4.4.2. The processing is unlawful, but you prefer restriction over deletion.
9.4.4.3. We no longer need the data, but you require it for legal claims.
9.4.4.4. You have objected to processing, pending verification of overriding legitimate grounds.
During restriction, we will only process your data with your consent, for legal claims, or for public interest reasons. You will be notified before any restriction is lifted.
9.4.5. Right to Data Portability: You can request a copy of your Personal Data in a structured, commonly used, and machine-readable format. You may also ask us to transfer this data to another organization directly, where technically feasible.
9.4.6. Right to Lodge a Complaint: If you believe your data rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority. For example:
9.5. Users within the EEA can contact their local data protection authority or consult the European Data Protection Board (EDPB) for more information.
9.6. Contact Us For any questions about your data rights or to submit a request, please email us at dpo@clinicsabroad.com. We are here to ensure that your data is handled with care and in full compliance with applicable regulations.
10. DATA SECURITY
10.1. Clinics Abroad is committed to implementing reasonable and appropriate administrative, technical, and physical measures to protect the confidentiality, integrity, and availability of Personal Data. These measures include secure storage, regular back-ups, and access controls. Efforts are made to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Clinics Abroad follows best practice policies and procedures for Information Technology and Management, Backups and Data Recovery, as well as Incident Response.
11. TRAINING AND AWARENESS
11.1. Clinics Abroad ensures all employees and stakeholders handling personal data are well-informed and trained on data protection and privacy practices. Training programs and awareness initiatives include:
11.1.1. Initial Training: New employees undergo comprehensive data protection training during their onboarding process.
11.1.2. Ongoing Training: Refresher courses are conducted periodically to update employees on changes in data protection laws, company policies, and best practices.
11.1.3. Role-Specific Training: Employees in roles that involve significant handling of personal data receive specialized training tailored to their responsibilities.
11.1.4. Awareness Campaigns: Regular campaigns, including emails, posters, and seminars, emphasize the importance of data privacy and security.
11.2. By maintaining these initiatives, Clinics Abroad seeks to ensure a high level of data protection awareness and compliance among its workforce.
12. COMMUNICATION AND ACCESSIBILITY OF THE POLICY
12.1. Clinics Abroad is committed to ensuring that this policy is accessible to all relevant stakeholders, including users of the platform, employees, and partners. The policy is made publicly available on the Clinics Abroad website and can be accessed at any time for review.
12.2. Clinics Abroad communicates major updates to the policy directly to users via email to ensure transparency and continued compliance. For employees, the policy is provided during onboarding and is accessible through the company’s internal portal. Copies of the policy are readily available upon request for any stakeholder.
12.3. Clinics Abroad encourages employees and other personnel handling Personal Data to familiarize themselves with this policy and its guidelines. For any queries or clarifications, stakeholders can contact Clinics Abroad at dpo@clinicsabroad.com.
12.4. By ensuring the policy is well-communicated and accessible, Clinics Abroad demonstrates its commitment to transparency, accountability, and the protection of Personal Data.
13. COOKIES NOTICE
13.1. Introduction
13.2. Clinics Abroad uses cookies and similar tracking technologies to enhance your experience on our platform, improve functionality, and analyze usage patterns. This Cookies Notice explains what cookies are, how we use them, and how you can manage your preferences.
13.3. What Are Cookies?
13.4. Cookies are small text files that are placed on your device (computer, tablet, or smartphone) when you visit a website. They enable the website to recognize your device and store certain information, such as your preferences or login details, to improve your browsing experience.
13.5. Types of Cookies We Use
13.6. Essential Cookies: These cookies are necessary for the platform to function properly. They enable features such as secure login, access to protected areas, and essential services.
13.7. Performance and Analytics Cookies: These cookies collect information about how visitors use our platform, such as which pages are visited most often or if users encounter errors. This data helps us improve the platform’s performance and usability.
13.8. Functional Cookies: These cookies remember your preferences and settings to provide a more personalized experience, such as your language preferences or previously selected clinics.
13.9. Advertising and Targeting Cookies: Clinics Abroad may use these cookies to deliver relevant advertisements to you based on your interests and browsing behavior.
13.10. How We Use Cookies
13.11. Clinics Abroad uses cookies to:
13.11.1. Enable core functionalities, such as secure login and user authentication.
13.11.2. Analyze traffic and user behavior to improve platform performance.
13.11.3. Enhance user experience by remembering preferences and tailoring content.
13.11.4. Deliver personalized advertisements and promotional messages.
13.12. Third-Party Cookies
13.13. Clinics Abroad collaborates with third-party service providers (e.g., Google Analytics, Stripe, WhatsApp for Business) that may also use cookies on our platform. These cookies are governed by the respective third-party privacy policies.
13.14. How to Manage Cookies
13.15. You have the right to accept or reject cookies. When you visit our platform, a cookie banner will appear, allowing you to manage your preferences. You can also adjust your browser settings to block cookies or alert you when cookies are being set. Please note that disabling cookies may affect the functionality and user experience of our platform.
13.16. For more information on managing cookies in popular browsers, visit:
13.16.1. Chrome: Google Chrome Help
13.16.2. Firefox: Mozilla Support
13.16.3. Safari: Apple Support
13.16.4. Microsoft Edge: Microsoft Support
13.17. Changes to This Cookies Notice
13.18. Clinics Abroad may update this Cookies Notice from time to time to reflect changes in our practices or for legal and regulatory compliance. Any updates will be communicated through a banner or notification on the platform.
13.19. Contact Us
13.20. If you have any questions about this Cookies Notice or how Clinics Abroad uses cookies, please contact us at:
13.20.1. Email: dpo@clinicsabroad.com
13.20.2. Phone: +37128725443
14. POLICY REVIEW
14.1. Clinics Abroad is dedicated to maintaining an up-to-date and effective Privacy Policy that complies with current legal requirements and aligns with industry best practices. To ensure the policy remains relevant and comprehensive, regular reviews are conducted, and necessary updates are implemented as follows:
14.2. Clinics Abroad will conduct an annual review of this Privacy Policy, coordinated by relevant departments, including Legal, IT, and Operations, to verify its continued effectiveness and compliance with applicable data protection laws. In addition, ad hoc reviews may be initiated when there are significant changes in legislation, internal processes, or organizational structures that may impact the policy.
14.3. Feedback from employees, users, and other stakeholders is encouraged and considered during the review process to enhance the clarity and applicability of the policy. Revisions to the Privacy Policy are approved by Clinics Abroad’s management team, and updated versions are communicated through direct email notifications to all users and stakeholders. The latest version will always be accessible on the Clinics Abroad website, and physical copies are available upon request.
14.4. By maintaining this proactive review process, Clinics Abroad ensures that its Privacy Policy adapts to evolving legal requirements, industry standards, and organizational needs, furthering its commitment to protecting the Personal Data of all stakeholders.