Privacy Policy

Effective Date: January 10, 2025
Last Updated: September 2, 2025

MediTour Facilitators (“MediTour,” “we,” “us,” “our”) operates https://mymeditour.com and provides medical-travel coordination services. This Privacy Policy explains what we collect, how we use and share it, and the choices you have. By using our site and services, you agree to this Policy and our Terms and Conditions.

1. Who We Are

Website: https://mymeditour.com
We connect patients with international healthcare and travel providers and coordinate related logistics. We are not a healthcare provider.

2. Categories of Information We Collect

Personal Identifiable Information (PII)
Name, email, phone, postal address; passport/government ID details (if you ask us to arrange travel).

Health Information (Special Category)
Medical history, conditions, treatment preferences, records only with your explicit consent when needed to coordinate care.

Travel Information
Visa details, flight itineraries, accommodation and transportation preferences.

Payment Information
Billing details; card data is handled by our payment processor(s) and not stored by us (except limited billing metadata).

Technical/Usage Data
IP address, device/browser type, operating system, time zone, pages viewed, and interactions (via cookies/analytics).

User-Submitted Content
Form submissions, messages, optional survey responses, comments (if enabled).

Media
If you upload images, avoid embedded location data (EXIF); site visitors could download and extract it.

3. Cookies and Similar Technologies

We use:

• Essential cookies (site operation and security),

• Analytics cookies (e.g., Google Analytics) to improve performance,

• Preference cookies (remember settings).

You can manage cookies through your browser. In regions requiring consent, we will present a cookie banner and honor your choices.

4. How We Use Your Information (Purposes & Legal Bases)

Service delivery & coordination (arranging consultations, travel, lodging): Contract necessity.
Communications (service notices, support): Contract necessity/Legitimate interests.
Marketing (emails/newsletters): Consent (you can withdraw anytime).
Processing health data: Explicit consent (GDPR/UK GDPR).
Payments & invoicing: Contract necessity/Legal obligation.
Security, fraud prevention, debugging: Legitimate interests/Legal obligation.
Legal compliance: Legal obligation.

We do not sell personal information. We may share limited data with analytics or advertising partners, which can be considered “sharing” under California law (see Section 10).

5. How We Share Information

Healthcare Providers – to coordinate your care (with your explicit consent for health data).
Travel/Lodging/Transportation Partners – to arrange your itinerary.
Payment Processors – to complete transactions.
Vendors/Service Providers – hosting, email, analytics, form storage (e.g., WPForms), CRM, IT/security, customer support.
Legal/Regulatory – if required by law or to protect rights and safety.

We require service providers to use data only to perform services for us and to protect it appropriately.

6. International Data Transfers

Your information may be transferred to countries outside your own (including the U.S., Türkiye, Colombia, Panama, Mexico, and others). For EEA/UK transfers we use Standard Contractual Clauses (and UK IDTA where applicable) and additional safeguards.

7. Data Retention (How Long We Keep Data)

We keep data only as long as necessary for the purposes above, then delete or anonymize it. Typical periods:

• Lead & contact forms: 24 months from last interaction (or earlier upon request).

• Coordination files (incl. health data you provide): for the duration of our engagement + up to 7 years for record-keeping/legal purposes.

• Transaction/financial records: 7 years (tax/legal).

• Analytics data: per vendor default or 26 months, whichever is shorter.

• Comments (if enabled): retained to recognize and approve follow-ups; you can delete your own.

8. Your Privacy Choices & Rights

Email marketing. We use opt-in consent for newsletters. You can unsubscribe anytime via the link in each email or by contacting us.

Access, correction, deletion, portability, restriction, objection.

• EEA/UK users: you have rights under GDPR/UK GDPR.

• U.S. users: your state may grant similar rights (see Section 10).

Contact us at info@mymeditour.com to exercise rights. We will verify your request. If we decline, you can appeal (instructions provided in our response).

Automated decision-making. We do not use automated decision-making that produces legal or similarly significant effects.

Cookies/Analytics choices. Use our cookie banner (where shown) and your browser settings.

9. Security

We use reasonable technical and organizational measures such as encryption in transit, role-based access controls, least-privilege, vendor due diligence, and incident response procedures. No method is 100% secure.

10. California & Other U.S. State Disclosures

Sale/Sharing. We do not sell personal information. We may share limited identifiers and internet activity with analytics/advertising partners for cross-context behavioral advertising. California residents can opt out of sharing by contacting us.

Sensitive Personal Information. We collect health information (sensitive PI). We use it only as necessary to provide services you request, and you may request to limit its use/disclosure where required.

Rights. Right to know/access, delete, correct, opt out of sale/sharing, and to non-discrimination. You may use an authorized agent.

Notice at Collection. We collect the categories listed in Section 2 for the purposes in Section 4. We retain them as described in Section 7.

How to Exercise. To exercise any of the rights above, email us at info@mymeditour.com.

11. Children’s Privacy

Our services are not intended for children under 16 (or under 13 in the U.S.). If you believe we collected a child’s data, contact us and we will delete it.

12. Third-Party Links & Embedded Content

External sites and embedded content (videos, maps, etc.) may collect data per their own policies. We are not responsible for their practices.

13. WP-Specific Notes (if applicable on your site)

• Comments cookies (if comments are enabled): store your details for convenience (up to 1 year).

• Login & screen options cookies (for site admins/editors): duration per WordPress defaults.

14. Changes to This Policy

We may update this Policy from time to time. We will change the “Last Updated” date and, where required, provide additional notice.