PRIVACY POLICY

This Privacy Policy (hereinafter – the “Policy”) regulates the procedure and conditions for processing personal data and information related to medical confidentiality within the provision of information services via the web and/or mobile service “MedMapp” (hereinafter – the “Platform”), owned and administered by MEDAPP LLC (TIN 312319171, hereinafter – the “Service Provider”).

The use of the Platform, registration in the personal account, transfer of personal data and medical information, as well as any other interaction with the Service Provider within the framework of contractual relations, constitutes the User’s full and unconditional consent to the terms of this Policy, including consent to data processing in the manner and under the conditions established by law and this Policy.

Terms and Definitions

For the purposes of this Policy, the following terms are used:

Platform — the web and/or mobile service “MedMapp”, owned and administered by the Service Provider, intended for providing information services to Users, including the technical ability to exchange messages and transmit medical data.

Service Provider — MEDAPP LLC (TIN 312319171), administering the Platform and providing information services to Users in accordance with this Policy.

User — an individual with full legal capacity, registered on the Platform and using its functionality.

Personal data — any information relating to a directly or indirectly identified or identifiable natural person (data subject), including identification and contact information, as well as medical information.

Information related to medical confidentiality — information about the fact of seeking medical care, the User’s state of health, diagnosis, and other information obtained in the course of providing medical services, the disclosure of which is prohibited without the consent of the data subject, except in cases provided for by law.

Medical Institution — an organization registered and operating in accordance with the laws of its country, providing medical services and interacting with the User through the Platform.

1. General Provisions

1.1. This Policy defines the procedure, conditions, and purposes for receiving, storing, processing, using, transferring, and protecting personal data and information related to medical confidentiality processed by the Service Provider when providing information services via the Platform.

1.2. This Policy applies to all personal data and medical information received by the Service Provider from Users of the Platform.

1.3. The Service Provider ensures data processing solely to the extent necessary to fulfill contractual obligations and legal requirements, applying organizational and technical measures aimed at protecting data from unauthorized access, alteration, disclosure, or destruction.

2. Scope of Processed Data

2.1. The Service Provider processes the following categories of data of Platform Users:

  • 2.1.1. Identification and contact data: surname, first name, patronymic (if applicable), date of birth, gender, passport/ID card series and number (if identification is required), contact phone number, email address.
  • 2.1.2. Medical information (medical confidentiality): complaints, description of symptoms, preliminary diagnoses, information on examinations and treatments conducted, and other information about the state of health to the extent necessary to achieve the purposes specified in this Policy.
  • 2.1.3. Medical documents: extracts, referrals, test results, and other medical documents containing personal data and health information, in an amount sufficient for information exchange with the selected Medical Institution.
  • 2.1.4. Communication data within the Platform: content and metadata of messages, correspondence with medical institutions and/or customer support, history of selected treatment/clinic options, read and send message marks, date and time of actions in the Personal Account.

3. Purposes of Data Processing

3.1. The processing of personal data and information related to medical confidentiality is carried out by the Service Provider for the purposes of:

  • 3.1.1. Registering the User on the Platform, creating and maintaining an account, providing access to the functionality of the Personal Account.
  • 3.1.2. Receiving, storing, and transferring medical information and documents to the selected Medical Institution to the extent necessary for the provision of medical services.
  • 3.1.3. Organizing information interaction between the User and the Medical Institution, including the technical facilitation of message exchange and the ability to book medical services via the Platform.
  • 3.1.4. Sending the User notifications, messages, and other information related to the use of the Platform and the provision of information services.
  • 3.1.5. Ensuring the operation and security of the Platform, preventing unauthorized access, loss, alteration, blocking, or destruction of data.
  • 3.1.6. Complying with the requirements of the legislation of the Republic of Uzbekistan, including providing data to authorized state bodies in cases established by law.
  • 3.1.7. Resolving claims, protecting the rights and lawful interests of the Service Provider and/or the User.
  • 3.1.8. Compiling statistical and analytical reports on the use of the Platform, provided that the data is anonymized.

3.2. The processing of personal data and information related to medical confidentiality is carried out to the extent necessary and sufficient to achieve the specified purposes, in compliance with the principles of legality, minimization, and confidentiality, and is terminated upon achieving the purposes of processing or upon expiration of the storage periods established by law.

3.3. When transferring data to third parties, the Service Provider ensures that such transfer is only in the amount necessary to achieve the purposes of processing and requires such parties to comply with confidentiality and data protection requirements in accordance with the law.

4. Legal Grounds for Processing

4.1. The processing of personal data and information related to medical confidentiality is carried out by the Service Provider on the following grounds:

  • 4.1.1. The User’s consent to the processing of personal data and information related to medical confidentiality.
  • 4.1.2. The necessity to fulfill the Service Provider’s obligations to the User arising from the information services agreement concluded between them.
  • 4.1.3. The necessity to comply with the requirements of the legislation of the Republic of Uzbekistan.
  • 4.1.4. The necessity to protect the rights, lawful interests, life, and health of the User or other persons in cases provided for by the legislation of the Republic of Uzbekistan.

4.2. The User’s consent is provided in electronic form by performing actions that clearly confirm their will, including registration on the Platform, submitting data through the Platform’s forms, or other use of functionality that involves the transfer of data.

4.3. When the grounds established by law arise, the Service Provider is entitled to process personal data and information related to medical confidentiality without the User’s consent.

4.4. Data processing in the context of cross-border transfer is carried out provided that the recipient country ensures an adequate level of protection of data subjects’ rights or if the User has given consent.

5. Transfer of Data to Third Parties

5.1. The transfer of personal data and information related to medical confidentiality to third parties is permitted exclusively in the following cases:

  • 5.1.1. To Medical Institutions — to the extent necessary for the provision of medical services selected by the User, including foreign medical institutions with which information exchange is carried out through the Platform. In the case of transferring data to foreign medical institutions, such transfer constitutes a cross-border transfer and is carried out subject to their compliance with confidentiality requirements and provision of a level of data protection not lower than that established by the legislation of the Republic of Uzbekistan.
  • 5.1.2. To authorized state bodies — in the cases and manner established by the legislation of the Republic of Uzbekistan.

5.2. When transferring data to third parties, the Service Provider ensures that such transfer is only to the extent necessary to achieve the purposes of processing and requires such parties to comply with confidentiality and data protection requirements in accordance with the law.

5.3. Consent to the cross-border transfer of personal data and information related to medical confidentiality is deemed to be given by the User at the moment such data is sent through the Platform to the selected foreign medical institution.

6. Data Storage and Protection

6.1. The Service Provider stores personal data and information related to medical confidentiality in a form that allows identification of the data subject for the period necessary to achieve the purposes of processing, or for the periods established by the legislation of the Republic of Uzbekistan.

6.2. Upon achieving the purposes of processing or upon expiration of the established storage periods, the data is subject to destruction or anonymization, unless otherwise provided by the legislation of the Republic of Uzbekistan.

6.3. The Service Provider takes the necessary organizational and technical measures to protect personal data and information related to medical confidentiality from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions.

6.4. In cases where interaction with Medical Institutions requires data storage outside the territory of the Republic of Uzbekistan, the Service Provider ensures that such institutions or other persons on whose resources the data is stored comply with confidentiality requirements and provide a level of protection not lower than that established by the legislation of the Republic of Uzbekistan.

7. User Rights

7.1. The User has the right to:

  • 7.1.1. Obtain from the Service Provider information concerning the processing of their personal data and information related to medical confidentiality, including information on the fact of processing, purposes, methods, storage periods, categories of data, and third parties to whom such data is transferred.
  • 7.1.2. Request clarification, updating, modification, or supplementation of their personal data and information related to medical confidentiality if such data is incomplete, outdated, inaccurate, or excessive.
  • 7.1.3. Request the destruction of their personal data and information related to medical confidentiality upon achieving the purposes of processing or in the event of withdrawal of consent to their processing, except in cases where data storage is mandatory under the legislation of the Republic of Uzbekistan.
  • 7.1.4. Withdraw consent to the processing of personal data and information related to medical confidentiality, including consent to their cross-border transfer, by sending a written or electronic notice to the Service Provider.
  • 7.1.5. Restrict the methods and forms of processing of their data, provided this does not hinder the performance of the Service Provider’s obligations and does not contradict the requirements of the legislation of the Republic of Uzbekistan.

7.2. The User exercises their rights in the manner established by the legislation of the Republic of Uzbekistan and this Policy.

8. Final Provisions

8.1. This Policy is made publicly available on the Platform and applies to all Users from the moment of its publication, unless otherwise provided in the Policy itself.

8.2. The Service Provider has the right to amend this Policy unilaterally. The new version of the Policy enters into force upon its publication on the Platform, unless another effective date is specified in the publication.

8.3. The User is solely responsible for monitoring the current version of the Policy published on the Platform and bears the risk of consequences arising from failure to familiarize themselves with it after amendments are made.

8.4. Continued use of the Platform after the amendments to the Policy have entered into force constitutes the User’s consent to its new version.

8.5. If any provision of this Policy is declared invalid or unenforceable, the remaining provisions shall remain in force and enforceable.

8.6. All relations related to the processing of personal data and information related to medical confidentiality that are not regulated by this Policy shall be governed by the legislation of the Republic of Uzbekistan.

Service Provider Details

Limited Liability Company «MEDAPP»
TIN: 312319171
Legal address: Republic of Uzbekistan, Syrdarya Region, Gulistan City, “Yangi Hayot” Mahalla, Uzbekistan Avenue, Building 11
Bank: JSC «Aloqabank», Gulistan Branch
Settlement account: 20208000807282604001
Website: www.medmapp.uz