FlytoDoc Privacy Policy

Effective Date: Sep 1, 2025
Last Updated: Sep 7, 2025

1. Data Controller

FlytoDoc OÜ, Estonia
Email: [Insert DPO or Contact Email]

2. Categories of Data

• Identity data: name, date of birth, nationality, contact details.
• Health data: medical history, conditions, and records (special category data).
• Technical data: device information, IP address, cookies.
• Transaction data: payments, subscription details.

3. Lawful Bases for Processing

We process personal data based on:

• Contract performance (providing services through the Platform).
• Legal obligation (accounting, fraud prevention).
• Consent (processing special category health data, marketing communications).
• Legitimate interests (improving our services, preventing misuse).

4. Purposes of Processing

• Connecting Patients with Doctors and service providers.
• Coordinating travel and related services.
• Providing AI-driven doctor matching (with human review available).
• Monitoring patient safety through QR code and PSN system.
• Billing, subscriptions, fraud detection, and compliance.

5. Sharing and Transfers

• Data is shared with selected Doctors, Coordinators, Travel Agencies, and Med-Reps only as necessary.
• Some data may be transferred outside the EEA. In such cases, we use Standard Contractual Clauses or other approved safeguards.

6. Retention

• Patient and medical data: kept for the duration of treatment and up to 5 years after, unless longer required by law.
• Account and transaction records: retained for 7 years to comply with accounting laws.
• Marketing data: kept until consent is withdrawn.

7. Rights of Data Subjects

You have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Erase data (“right to be forgotten”).
• Restrict processing.
• Data portability.
• Object to processing.
• Withdraw consent at any time.
• Lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.

8. Automated Decision-Making

Our AI may suggest doctors or services based on your data. You have the right to request human intervention, express your view, and contest the decision.

9. Security

We apply encryption, access control, pseudonymisation, and monitoring to protect personal data. No system is 100% secure, but we act in accordance with Article 32 GDPR.

10. Cookies

We use cookies and similar technologies for analytics and functionality. Non-essential cookies require your consent. You can manage cookies in your browser or via our cookie banner.

11. GDPR Compliance

FlytoDoc fully complies with all applicable requirements of the General Data Protection Regulation (GDPR)

12. Contact

For questions or to exercise your rights, contact:
FlytoDoc OÜ
Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Tööstuse tn 47a-28, 10416 Estonia
Email: [email protected]

By using our website and services, you consent to the terms of this Privacy Policy.