MedVoyage Global

Privacy Policy

Last Updated: 26 November 2025

Legal Documents

Effective Date: 1 December 2025
Last Updated: 26 November 2025

MedVoyage Global Ltd and its affiliated entities (together referred to as “MedVoyage”, “we”, “us”, “our”) are committed to protecting your privacy and handling your personal data in a transparent and lawful manner.

This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use our websites, mobile applications, platforms and related services (together, the “Services”), and explains the rights that may be available to you under applicable data protection and privacy laws. It does not apply to third-party websites, platforms, or services that may be accessible through MedVoyage. Each third-party service may have separate privacy policies that differ from ours.

By accessing or using the Services, or by providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you should not use the Services.

1. Who we are and scope of this Policy

For most processing activities described in this Policy, MedVoyage Global Ltd, headquartered in Dubai, United Arab Emirates, acts as the data controller. Certain healthcare providers, diagnostic laboratories, insurers and other partners with whom you interact through the Services may also act as independent or joint controllers in respect of your personal data when they provide services directly to you.

This Policy applies to personal data that we collect through:

  • Our websites and web portals, including any MedVoyage branded domains and subdomains.
  • Our mobile applications and other software made available by MedVoyage.
  • Any digital products, online booking tools, telehealth or coordination services operated by MedVoyage.

Third party sites, applications or services that you access through the Services are governed by their own privacy policies. We are not responsible for their data practices.

Please note that if you use the Services on behalf of another individual, such as a child, dependent or family member, you confirm that you have the authority to do so and that you will ensure that they are aware of this Privacy Policy. That individual will also be a data subject in respect of the personal data that relates to them.

2. Personal data that we collect

For the purposes of this Policy, “personal data” means any information that identifies, relates to or can reasonably be linked to an identified or identifiable natural person. Some of this information will be sensitive or “special category” data under certain laws, including information relating to health.

The categories of personal data that we may collect include:

2.1 Identity and contact information

  • Full name, date of birth, gender.
  • Contact details such as email address, phone number, postal address and country of residence.
  • Government or identification numbers where required by law or for certain services, such as passport or national ID details for medical tourism and insurance processing.

2.2 Medical and health information

  • Medical history, diagnoses, clinical notes, treatment plans and referrals.
  • Laboratory reports, imaging results and diagnostic information.
  • Prescriptions, medication history and allergy information.
  • Information you provide during consultations, telehealth sessions or when using online health questionnaires or forms.

This information is treated as sensitive or special category data and is subject to additional safeguards under applicable law.

2.3 Insurance, billing and financial information

  • Insurance policy details, coverage information and authorisations.
  • Transaction details such as services booked, appointment dates and amounts paid.
  • Billing address and limited payment information, such as the last digits of a payment card and transaction identifiers.

We do not store your full payment card number on our servers. Payments are processed securely by third party payment service providers.

2.4 Account, preference and support information

  • Username, password, account settings and preferences.
  • Language and communication preferences.
  • Information you provide when you contact us, including through email, chat or support requests.
  • Feedback, reviews, survey responses and other information about your experience with our Services and partners.

2.5 Technical, usage and location data

  • Device information, such as device type, operating system, browser type and settings.
  • Log and usage information, including IP address, access times, pages viewed, features used and the referral page that led you to our Services.
  • Approximate location data derived from your IP address, and, where enabled, geolocation data from your device to assist with local doctor, clinic or service recommendations.

Where we collect or process location data, we do so in accordance with applicable law and your device or app settings.

3. How we collect personal data

We collect personal data in the following ways:

  • Directly from you. You provide personal data to us when you create an account, book appointments, submit forms, upload medical documents, communicate with providers or contact our support team.
  • Through your use of the Services. We automatically collect certain technical and usage data when you access and use our Services, including through cookies and similar technologies.
  • From healthcare and service partners. With your authorisation or where permitted by law, our verified partners such as hospitals, clinics, diagnostic labs, insurers and medical tourism providers share relevant medical records, reports or claim information with us so that we can coordinate and deliver the Services.
  • From other third parties. We may receive information about you from payment providers, identity verification services, fraud prevention services, referral partners or publicly available sources, where this is lawful and appropriate.

We will only collect personal data that is relevant and necessary for the purposes described in this Policy.

4. How we use personal data

We use personal data for the following purposes:

  1. Providing and administering the Services:
    • Creating and managing user accounts.
    • Scheduling appointments, coordinating telehealth consultations and processing bookings.
    • Sharing relevant information with healthcare providers, diagnostic labs and other partners to support your care.
  2. Facilitating medical and related services:
    • Coordinating medical tourism, travel and accommodation where requested.
    • Assisting with insurance verifications, preauthorisation and claims processing.
  3. Processing payments and preventing fraud:
    • Processing payments, refunds, chargebacks and related financial transactions.
    • Monitoring transactions for fraud, misuse or unauthorised activity and taking appropriate action.
  4. Improving, developing and securing the Services:
    • Analysing usage trends and user behaviour to understand how the Services are used.
    • Developing new features, services and offerings.
    • Testing, monitoring and improving the performance and security of our systems.
  5. Research, analytics and quality assurance:
    • Using de-identified or aggregated data to conduct analytics, quality assurance and, where appropriate, health related research, subject to applicable legal and ethical requirements.
  6. Communication and support:
    • Sending appointment confirmations, reminders, reports and related service communications.
    • Responding to your inquiries, support requests and complaints.
    • Sending policy update notices and administrative messages about your account.
  7. Marketing, where permitted:
    • Providing you with information about services, offers or health related content that may be of interest to you, in accordance with applicable marketing and consent rules. You can opt out of marketing communications at any time.
  8. Legal and regulatory compliance:
    • Complying with legal, regulatory, tax, accounting and reporting obligations.
    • Responding to lawful requests from courts, regulators, law enforcement and other public authorities.

We do not use your medical information for unrelated advertising purposes.

5. Legal bases for processing

Where applicable laws apply, we rely on one or more of the following legal bases to process your personal data:

  • Performance of a contract. Processing is necessary to provide the Services you request, including booking and managing appointments, facilitating telehealth consultations and coordinating care and related services.
  • Compliance with legal obligations. Processing is necessary to comply with legal or regulatory obligations, for example in relation to medical record retention, tax, anti-money laundering, accounting or reporting.
  • Legitimate interests. We process personal data for our legitimate interests, or those of a third party, where these interests are not overridden by your rights and freedoms. This includes, for example, improving the Services, preventing fraud, ensuring network and information security and responding to enquiries.
  • Consent. We rely on your consent where required by law, for example for certain types of marketing communications, for some categories of cookies and for specific processing of sensitive medical information where consent is the appropriate legal basis.

Where we rely on consent, you may withdraw your consent at any time using the mechanisms provided or by contacting us. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6. Disclosure of personal data

We may share your personal data with the following categories of recipients, in each case only to the extent necessary for the relevant purpose and subject to appropriate safeguards:

  1. Healthcare and service providers:
    • Hospitals, clinics, doctors, dentists, nurses, therapists and other licensed healthcare professionals.
    • Diagnostic laboratories, imaging centres and pharmacies.
    • Medical tourism providers, travel partners and accommodation partners involved in your care or travel arrangements.
  2. Insurance and financial services partners:
    • Insurance companies, third party administrators and other entities involved in verifying coverage, processing claims or providing financial products that you elect to use.
  3. Service providers and vendors:
    • Technology providers that host our platforms and store data.
    • Payment processors and financial institutions that process payments and refunds.
    • Customer support providers, communication platforms and call centre services.
    • Analytics, monitoring, security and performance tools.
    • Marketing and customer relationship management platforms, where permitted.

    These third parties act as processors or service providers on our behalf and are contractually required to use personal data only in accordance with our instructions and to implement appropriate security measures.

  4. Corporate transactions:
    • In connection with any merger, acquisition, restructuring, sale of assets or similar corporate transaction involving MedVoyage, personal data may be disclosed to prospective or actual purchasers, their advisers and related entities, subject to confidentiality and appropriate data protection safeguards.
  5. Legal and regulatory authorities:
    • Courts, regulators, law enforcement agencies and other public authorities where we are required or permitted to do so by law, to protect our rights or the rights of others, or to support the detection, investigation or prevention of crime, fraud or security issues.

We do not sell your personal contact details or medical information to third parties for their independent marketing purposes.

7. International transfers

MedVoyage operates internationally. Your personal data may be transferred to and processed in countries other than the one in which you are located, including the United Arab Emirates, the United Kingdom, member states of the European Union, the United States, India, Turkey and Pakistan.

Some of these countries may have data protection laws that are different from those in your country and may not be recognised by regulators as providing an equivalent level of protection.

When we transfer personal data from the United Kingdom, the European Economic Area or other jurisdictions with data export requirements to a country that has not been recognised as providing an adequate level of protection, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by relevant regulators.
  • Contractual obligations requiring recipients to protect personal data in line with applicable standards.
  • Technical and organisational measures, including encryption and access controls.

You may contact us using the details at the end of this Policy if you would like more information about the safeguards applied to international transfers.

8. Data retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting or reporting requirements, and to establish, exercise or defend legal claims.

Retention periods will vary depending on the type of data and the context in which it was collected. For example:

  • Medical and clinical records are usually retained for a minimum period specified in local health and professional regulations.
  • Transaction and billing records are typically retained for a minimum period required for tax and accounting purposes.
  • Technical logs may be retained for a shorter period to support security and troubleshooting.

When personal data is no longer needed for its original purpose and no legal obligation requires us to retain it, we will delete it or anonymise it so that it can no longer be associated with you.

9. Data security

We take the security of personal data seriously and implement appropriate technical and organisational measures designed to protect it against unauthorised or unlawful access, accidental loss, destruction or damage. These measures include:

  • Use of industry standard encryption technologies to protect data in transit and at rest where appropriate.
  • Firewalls, access controls and authentication procedures that restrict access to systems and data to authorised personnel only.
  • Regular monitoring, logging and security reviews of our systems.
  • Organisational policies and training for staff regarding data protection, confidentiality and information security.

Despite our efforts, no system can be guaranteed to be fully secure. If we become aware of a data breach that affects your personal data, we will take appropriate steps to investigate and mitigate the breach and, where required by law, we will notify you and the relevant supervisory authorities.

Your data is securely stored on encrypted servers located in thee USA, UK, and UAE, using industry-standard backup systems.

International transfers comply with applicable data protection laws through data processing agreements (DPAs) and cross-border data safeguards.

10. Your rights

Depending on your location and on applicable law, you may have some or all of the following rights in relation to your personal data:

  • Right of access. To obtain confirmation of whether we process your personal data and to receive a copy of that data.
  • Right to rectification. To have inaccurate or incomplete personal data corrected.
  • Right to erasure. To request deletion of your personal data in certain circumstances, for example where it is no longer needed for the purpose for which it was collected and there is no legal requirement for us to retain it.
  • Right to restriction. To request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability. To receive certain personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.
  • Right to object. To object to processing based on our legitimate interests or to processing for direct marketing purposes.
  • Right to withdraw consent. Where we rely on consent, to withdraw that consent at any time.
  • Rights relating to automated decision making. To request human review of certain decisions made solely by automated means, where applicable.

You can exercise your rights by contacting us using the details in section 21. We may need to verify your identity before responding to certain requests. In some cases, we may be unable to comply with your request, for example where legal or regulatory obligations require us to retain specific data. If this occurs, we will explain the reasons to you.

You also have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data infringes applicable law.

To close your account or request data removal, email support@medvoyageglobal.com.

11. Children’s privacy

Our Services are intended for use by adults. You must generally be at least 18 years old to create an account and contract for Services in your own name. In some jurisdictions, the age of majority or the age at which an individual can lawfully provide consent to data processing may differ.

Parents or legal guardians may use the Services on behalf of minors or dependents in order to arrange medical and related services for them. In doing so, they are responsible for ensuring that the information they provide is accurate and that they have the necessary authority. Please note we do not knowingly collect personal data from children under 13 without verified parental consent.

We do not knowingly collect personal data directly from children who are below the age at which they can lawfully provide consent in their country, without appropriate parental or guardian consent. If you believe that a child has provided personal data to us without such consent, please contact us and we will take appropriate steps to delete that data where required.

12. Cookies and similar technologies

We use cookies and similar technologies to operate and improve our Services, to remember your preferences and to support security and analytics.

Cookies are small text files that are stored on your device when you visit a website. They can be session cookies that expire when you close your browser, or persistent cookies that remain on your device for a set period.

We may use different types of cookies, including:

  • Strictly necessary cookies that are required for the operation of the Services.
  • Functional cookies that remember your preferences.
  • Analytics cookies that help us understand how the Services are used.
  • Marketing or advertising cookies that help us deliver relevant content, where permitted.

In regions where this is required by law, we will ask for your consent before placing non-essential cookies or using similar technologies for analytics or marketing purposes. You can manage your cookie preferences through your browser settings and, where available, through our cookie banner.

More detailed information about our use of cookies may be provided in a separate Cookie Policy on our website.

13. Analytics and advertising tools

We may use third party tools, such as Google Analytics, Meta technologies, Hotjar and mapping services, to help us understand how users interact with the Services, to improve user experience and, where permitted, to support our outreach and educational activities.

These tools may collect information such as IP address, device identifiers, browser information and interactions with our websites and apps. Where possible, we configure these tools to limit the use of personal data and to work with aggregated or pseudonymised information.

Where required by law, we will obtain your consent before using analytics or advertising tools that rely on cookies or similar technologies. You can withdraw your consent at any time through our cookie banner or your browser settings.

We do not use your identifiable medical information for targeted advertising.

14. International compliance

We aim to comply with applicable data protection and privacy laws in the regions where we operate, including:

  • United Arab Emirates Federal Decree Law No. 45 of 2021 on the Protection of Personal Data, in respect of our UAE operations.
  • India’s Digital Personal Data Protection Act 2023, in respect of our Indian operations.
  • Turkey’s Law No. 6698 on the Protection of Personal Data (KVKK), in respect of our Turkish operations.
  • Relevant United States health privacy laws where we act as a business associate or otherwise handle protected health information.
  • Applicable Pakistani regulations and any future data protection legislation that comes into force.

Your specific rights and our obligations may vary depending on the laws that apply in your country or region. Where local law grants you additional rights, we will respect those rights.

15. Public areas and user content

If you choose to post reviews, comments or other content in public areas of the Services, or to create a public profile, that information may be visible to other users and may be indexed by search engines.

You should not include medical information or other sensitive personal data in public content. Once posted, public content may remain available even if you deactivate your account, although you can contact us to request removal where appropriate and technically feasible.

16. Email and other communications

We use your contact details to send you service-related communications, such as appointment confirmations, reminders, reports, invoices, important notices about your account and updates to this Policy or our terms.

We may also send you marketing communications about MedVoyage services or health related information that we think may interest you, where we are permitted to do so by law and, where required, with your consent.

You can opt out of receiving marketing emails at any time by using the unsubscribe link in our emails or by contacting us. We will continue to send you important service and administrative messages that are necessary for the performance of our contract with you or required by law.

We do not send unsolicited bulk email.

17. Intellectual property

All original content on the Services, including text, graphics, logos, icons, user interface design, software and documentation created by or for MedVoyage, is either owned by MedVoyage Global Ltd or used under licence. These materials are protected by copyright, trademark and other intellectual property laws.

Nothing in this Privacy Policy affects your rights in the content that you upload to the Services or in any content owned by third parties, such as healthcare providers or licensors. Any use of MedVoyage intellectual property requires our prior written consent, except where permitted by law.

18. Misuse, unauthorised access and data scraping

The security and confidentiality of personal data stored on our systems and those of our partners is important to us. Any unauthorised access, copying, scraping, harvesting or misuse of such data, whether by automated or manual means, is strictly prohibited.

We reserve the right to suspend or terminate access to the Services, notify relevant authorities and pursue legal remedies in the event of unauthorised access, attempted security breaches, data scraping or other misuse of the Services or the data that they host.

Nothing in this section affects the rights of individuals under data protection law in relation to their own personal data.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, our practices or applicable laws. When we make material changes, we will take appropriate steps to inform you, for example by posting a prominent notice on our website or sending you an email or in app notification.

The “Last Updated” date at the top of this Policy indicates when it was most recently revised. Your continued use of the Services after the updated Policy has taken effect will signify that you have read and understood the changes.

20. How to contact us

If you have any questions or concerns about this Privacy Policy or about how we handle your personal data, or if you wish to exercise your rights, you can contact us at:

  • Email (privacy): privacy@medvoyageglobal.com
  • Email (support): support@medvoyageglobal.com
  • Website: www.medvoyageglobal.com

Head Office: MedVoyage Global Ltd, Dubai