Privacy & Data Protection Policy

Effective Date: October 2025
Entity: HealthVenture OÜ, operating as GetMedicalCertificate.com

1. Purpose and Applicability

This Policy governs the collection, storage, processing, and protection of all personal, transactional, and health-related information provided by Users to the Platform. By using the Platform or completing payment, the User provides explicit consent to the data practices described herein.

2. Data Collected

The Platform collects data strictly necessary for the fulfillment of its Services, including:

  • Personal Data: Full name, age, gender, address, phone, email, and government-issued identification.
  • Medical Data: Reason for consultation, symptoms, duration of illness, and recipient institution details.
  • Transactional Data: Payment confirmations processed via Stripe Payments Europe Ltd.
  • Technical Data: IP address, browser metadata, device identifiers, and cookies used for analytics and security.

3. Purpose of Processing

All data is processed lawfully and solely for:

  • Enabling consultation and certificate issuance.
  • Verifying authenticity of submissions.
  • Maintaining audit trails and transaction records.
  • Ensuring fraud prevention and system security.
  • Complying with legal, fiscal, or regulatory requirements.

4. Data Storage and Retention

All data is securely stored on encrypted servers located in India. Personal and consultation data shall be retained for fifteen (15) days post-consultation, after which it is permanently deleted or anonymized unless retention is required by law.

5. Data Disclosure and Access

Access is restricted to:

  • Licensed doctors assigned to the case.
  • Authorized payment processors (Stripe).
  • Technical vendors performing maintenance under confidentiality obligations.
    The Platform does not sell, rent, or transfer User data to unrelated third parties.

6. Cookies and Tracking Technologies

The Platform employs cookies, pixels, and analytics tools for authentication, user session continuity, performance analysis, and security monitoring. By continuing to use the Platform, the User consents to such tracking mechanisms. Disabling cookies via browser settings may impair certain functionalities.

7. Security Safeguards

Appropriate administrative, technical, and organizational measures are implemented, including data encryption, firewalls, and restricted access controls. While the Platform adheres to industry standards, Users acknowledge that absolute security cannot be guaranteed.

8. International Data Transfer and Compliance

Although owned by an EU-registered entity, operational data processing occurs in India. The Platform observes principles aligned with the EU General Data Protection Regulation (GDPR) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Indian law.

9. User Rights

Within the data-retention period, Users may request access, correction, or deletion of their data by writing to care@getmedicalcertificate.com. Post-deletion, restoration is not possible. Minimal transaction data may be retained for compliance obligations.

10. Legal Basis and Consent

The User’s act of payment and submission of personal or medical data constitutes explicit consent under Article 6(1)(a) GDPR and relevant Indian law. The consultation process is deemed initiated upon payment, extinguishing withdrawal rights under Article 16(m) of Directive 2011/83/EU.

11. Governing Law and Jurisdiction

This Policy shall be governed by the laws of the Republic of India, and disputes shall be subject to the exclusive jurisdiction of the competent courts at Cuttack, Odisha (India).

12. Contact

Email:care@getmedicalcertificate.com