Data Protection

MEDICTE is committed to protecting your personal and medical information in accordance with applicable data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the General Data Protection Regulation (GDPR) where applicable.

We recognize the sensitive nature of medical information and implement strict measures to ensure the confidentiality, integrity, and availability of your data.

We process the following categories of personal data:

• Personal identification data (name, date of birth, passport information)

• Contact information (email, phone, address)

• Medical and health information (medical history, treatment records, test results)

• Financial information (payment details, billing information)

• Travel information (flight details, accommodation preferences)

• Technical data (IP address, browser type, device information)

• Communication data (correspondence, preferences, consent records)

We process your personal data based on the following legal bases:

• Consent: Where you have given explicit consent for specific processing activities

• Contract performance: To fulfill our contractual obligations to you

• Legal obligation: To comply with legal and regulatory requirements

• Legitimate interests: For our legitimate business interests, such as improving our services

• Vital interests: To protect your health and safety

We collect and process only the personal data that is necessary for the specific purposes for which it was collected. We do not process your data for purposes incompatible with the original purpose without your consent.

We regularly review the data we hold and delete or anonymize data that is no longer necessary for the purposes for which it was collected.

We implement comprehensive security measures to protect your data, including:

• Encryption of data in transit and at rest

• Access controls and authentication mechanisms

• Regular security assessments and audits

• Staff training on data protection

• Secure data centers and infrastructure

• Incident response and breach notification procedures

• Regular backups and disaster recovery plans

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Medical records are typically retained for the period required by law (usually 7-10 years) or longer if necessary for ongoing care. Financial records are retained as required by tax and accounting laws.

You have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data

• Right to rectification: Correct inaccurate or incomplete data

• Right to erasure: Request deletion of your data (subject to legal requirements)

• Right to restrict processing: Limit how we use your data

• Right to data portability: Receive your data in a structured format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: Withdraw consent at any time

To exercise these rights, please contact us using the information provided below.

As part of our medical tourism services, your data may be transferred to Turkey where your treatment will take place. We ensure that appropriate safeguards are in place, including:

• Standard contractual clauses approved by data protection authorities

• Adequacy decisions where applicable

• Binding corporate rules where relevant

• Your explicit consent for specific transfers

We may share your data with trusted third-party service providers who assist us in operating our business. These processors are contractually bound to:

• Process data only for specified purposes

• Implement appropriate security measures

• Comply with data protection laws

• Not use data for their own purposes

We regularly audit our third-party processors to ensure compliance with data protection requirements.

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant data protection authority within 72 hours

• Inform affected individuals without undue delay

• Provide details of the breach and measures taken

• Offer guidance on steps you can take to protect yourself

For questions about data protection or to exercise your rights, please contact us:

Email: info@medicte.ca

Phone: +1 647 327 9051

Address: 690 Dorval Dr, Suite 200, Oakville, ON L6K 3X9, Canada