This privacy notice informs you about the processing of personal data within our website and services. It applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

We inform you about the processing of your personal data and the rights to which you are entitled under the European General Data Protection Regulation (GDPR). Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person.

The terms used, but not defined in this privacy notice, but defined in the GDPR shall have the meaning as ascribed to them by the GDPR.

1. Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:

K.B. Innovation Group s.r.o.

Staré Grunty 204/16

841 04 Bratislava, Slovakia

Company Registration Number: 56258119

Email: info@medicalnavigator.com

Website: www.medicalnavigator.com

(hereinafter “we “us” as appropriate)

2. What sources and data do we use?

We process personal data that we receive from you while using our Website and in the course of providing our Services.

Website access data: When you visit our Website, we collect technical data that your browser transmits to our server, including: IP address, date and time of the request, time zone, content of the request, HTTP status code, amount of data transferred, referrer URL, operating system, browser type and version.

Contact and intake form data: When you contact us via our contact or intake form, we collect the following personal data: full name, email address, phone number, preferred form of contact (phone, email, WhatsApp), type of medical treatment you are interested in, preferred treatment timeframe, and any additional information or medical reports you choose to share.

Health data: By submitting information about your medical condition, treatment preferences, or medical reports through our intake form, you are providing us with health-related data within the meaning of Art. 9 GDPR. This data is processed exclusively for the purpose of providing our Services as described in our Terms of Service.

3. What do we process your personal data for and on what legal basis?

We process personal data in accordance with the GDPR for the following purposes:

3.1 Consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)

By ticking the consent checkbox on our intake form, you explicitly consent to:

(a) the collection, processing and use of the personal information you provide, including health data, for the purpose of handling your inquiry and providing our Services;

(b) being contacted regarding your request via your preferred method of communication (phone, email, or WhatsApp);

(c) the transfer of your data to hospitals, clinics, or other healthcare providers inside and outside the EU/EEA (hereinafter "health care providers") as necessary for the provision of our Services.

You may withdraw your consent at any time by contacting us at info@medicalnavigator.com. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

3.2 Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)

When you contact us and request our Services, your data is (in addition to any given consent) processed for the purpose of providing our Core Services (as defined in our Terms of Service), including: providing information about health care providers, facilitating contact between you and your selected health care provider, appointment scheduling, coordination, and ongoing organizational support.

For Additional Services (visa support, transfers, accommodation, insurance assistance), your data is processed for the performance of the relevant contract upon your request.

If you contact us as a health care provider, your contact data and information about your practice or clinic will be processed for the purpose of handling your request and eventually also for the purposes of implementation of pre-contractual measures and for the performance of a contract as the case may be.

3.3 Legitimate interests (Art. 6(1)(f) GDPR)

We process your access data and other data to safeguard our legitimate interests, in particular: ensuring IT security and the security of our Website; advertising or market research (unless you have objected); and assertion of legal claims and defense in case of legal disputes.

3.4 Cookies and analytics - Consent (Art. 6(1)(a) GDPR)

When you visit our Website for the first time, you will be asked whether you wish to accept non-essential cookies. If you consent, we may analyze the use of our Website and carry out marketing activities based on your interactions.

4. Who can access my data?

Within our organization, only personnel who need your data to fulfill our contractual and legal obligations have access to it.

Processors (Art. 28 GDPR): We engage processors in the categories of IT services, hosting, communications, customer support and marketing. We take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable law.

Health care providers: At your request and with your consent, we transfer your personal data (including health data) to your selected health care provider(s) for the purpose of appointment scheduling, initial consultations, and treatment coordination (i.e. to provide our Services). The contract for Medical Services is concluded directly between you and the relevant health care provider. For reasons of data protection and medical confidentiality, health care providers do not send health-related data concerning you back to us.

We will disclose your data to third parties only where required by law, necessary for the performance of a contract or pre-contractual measures, based on legitimate interests, or where you have consented to such transfer.

5. How long will my data be retained?

For security reasons, log file information is stored for a maximum of 180 days and then deleted.

We process and store your personal data for the duration of our business relationship, which includes the facilitation of contact with health care provides, organizational support, and the initiation and execution of any contracts for Additional Services.

After the conclusion of our Services, your data will be retained for as long as necessary to comply with applicable legal obligations by us. Under the Slovak law, relevant retention periods may include mandatory retention period for accounting records (10 years under Act No. 431/2002 Coll. on Accounting) and for tax records (10 years under Act No. 595/2003 Coll. on Income Tax).

The storage period is also assessed according to applicable statutory limitation periods, which under Slovak law are generally 3 years (Section 100 et seq. of the Slovak Civil Code), but may extend up to 10 years in certain cases.

If you exercise your rights as a data subject, we will store the information provided to you in this regard for 5 years in order for us to be able to prove compliance with the GDPR and applicable law. This period may be extended in the context of inquiries by the supervisory authorities.

6. Are data transferred to a third country or an international organization?

Your data is primarily processed within the European Union. Where data is transferred to countries outside the EU/EEA (e.g. the USA), we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses, adequacy decisions by the European Commission, or your explicit consent (Art. 49(1)(a) GDPR).

Please note: The protection of personal data in certain third countries may not correspond to the level of data protection required by the EU. In particular, there may be risks of access by government authorities. Where relevant, we will inform you of any specific risks prior to such transfer.

7. What are my data subject rights?

Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you are being processed and, if so, to access such data.

Right to rectification (Art. 16 GDPR): You have the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete data completed.

Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of personal data concerning you without undue delay, subject to applicable exceptions (e.g. legal obligations, defense of legal claims).

Right to restriction of processing (Art. 18 GDPR): You have the right to request restriction of processing under the conditions set out in Art. 18 GDPR.

Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time. The withdrawal only takes effect for the future.

Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing.

Where personal data are processed for direct marketing purposes, you have the right to object at any time. If you object, your data will no longer be processed for such purposes.

Objections may be sent to info@medicalnavigator.com at no cost.

Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The relevant authority in the Slovak Republic is the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky), Hraničná 12, 820 07 Bratislava.

8. Automated individual decision-making

We do not use fully automated decision-making pursuant to Art. 22 GDPR. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation to provide data?

For technical and security reasons, certain data is required to use our Website. If you do not provide this data, you may not be able to use our Website.

When using our intake form, you must provide your full name, phone number, preferred form of contact, and consent in order for us to process your inquiry. Other fields are optional. If you do not provide the required data, we will not be able to process your request.

10. Facilitation of contact with health care providers

At your request, we facilitate the organization of your initial contact and appointments with your selected health care provider(s). When facilitating this contact, the following data may be transferred to the health care provider: your contact details (name, email, phone number), treatment preferences, preferred timeframe, and any additional information such as health related data or medical reports you have provided.

As stated in our Terms of Service, we are not a healthcare provider and do not provide medical services. The contract for medical services is concluded directly between you and the relevant health care provider. For reasons of data protection and medical confidentiality, health care provides do not send health-related data concerning you back to us.

11. Cookies

We use cookies on our Website. Cookies are small text files stored on your device when visiting certain websites.

Essential cookies: These are necessary for our Website to function. They cannot be disabled except through your browser settings.

Non-essential cookies: We only use non-essential cookies (analytics, marketing) if you have given your consent via our cookie banner. You can withdraw your consent or change your preferences at any time.

You can also manage cookies through your browser settings. Please refer to your browser’s help pages for instructions.

12. Contact

For any questions or concerns regarding this Privacy Policy or the processing of your personal data and to assert your data subject rights, you may contact us via email or by post using contact details provided in section 1 of this Privacy Policy.