Privacy Notice

Last updated: June 2026

Medikout («Medikout» or «we») welcomes you. This Privacy Notice («Privacy Notice») applies to our website («Website»).

The Privacy Notice describes which of your personal data the Medikout Website collects, how it stores, processes, and uses it, and what rights you have when you use the Medikout Website.

Medikout operates as a medical tourism platform that connects patients with dental and aesthetic clinics. We describe all personal data processing activities in this Privacy Notice.

About us

We are the controller of your personal data processed through the Website. This means that we determine the purposes and means of personal data processing.

  • Name: Medikout (Ad Tech Promotions)
  • Registration number: 2299027
  • Address: Muna Aljaziri building, 308, Dubai, UAE
  • Email: info@medikout.com — for general inquiries; privacy@medikout.com — for privacy inquiries

About you

When you visit the Website, you become our user («User»). We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.

  • Support Requester — User who fills out the «Contact Us» form on the Support topic on the Website.
  • Potential Client — User who fills out the «Find My Clinic» form on the Website.
  • Clinic Representative — User who represents B2B client.
  • Patient — User who completes the medical questionnaire on the Website.

Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or the legal representative of such a User, please contact us.

Medikout does not currently provide personal patient accounts or patient dashboards. Account-related data may be processed only for Clinic representatives or authorised business users who have been granted access to clinic-side tools.

Sources of data

We receive your data when you visit the Website, submit forms, or interact with communication channels and clinic-side tools where applicable.

You can change your personal data by exercising your right to rectification or by contacting us directly. Please note that the same lawful basis and storage terms apply to the changed data.

We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.

Lawful bases for processing

To process your personal data, we rely on the following lawful bases:

  • performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Service) with you;
  • legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
  • legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body;
  • consent — for additional specific purposes.

If we collect personal data on the basis of legitimate interest or performance of the contract, we can use it for another purpose after checking that the new purpose is compatible with the original purpose.

When your data processing is based on a legal obligation or performance of the contract, you are obliged to provide your personal data. We need this data to comply with legal requirements or to properly provide you with our services. The failure to provide such data may have negative consequences, such as tax liability, inability to enter into a contract or provide services to you, etc.

Visitors' data

When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimise performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.

Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID.

  • Information about the coarse location (IP address, country) — for the optimization of the performance, debugging, enhancement of the features' proper functioning, administering and improvement of the Website — on the basis of legitimate interest.
  • Technical device information and network information (including IP address, HTTP user agent, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks) — same purposes and lawful basis.
  • Data storage: we store the data for 3 years from its collection.

We also need cookies to operate, support, and improve the Website's functionality:

  • Necessary cookies — information that is necessary for the operation of the Website; improving your experience of using the Website — performance of the contract.
  • Marketing cookies — marketing information used to match relevant advertising to you — consent.
  • Preference cookies — information necessary for operating some services on the Website — consent.
  • Statistics cookies — statistical data used to understand how you interact with the Website — consent.
  • Cookies are stored during the expiry period provided in our Cookie Policy.

Patients' data

When we collect the personal data:

  • Contact data (full name, phone number (WhatsApp), email address, age, gender, type of dental/aesthetic procedure needed, willingness to travel abroad for treatment), budget, preferred timing for the procedure — for matching the patient with suitable clinics, providing personalised clinic recommendations, and facilitating consultation between the patient and the clinic — performance of the contract; legitimate interest.
  • User ID, user category — internal analytics, quality of clinic matching, improvement of the platform's recommendation algorithm — legitimate interest.
  • Personal and medical data is stored for 3 years from the date of collection.
  • Data that is processed based on consent is stored for 3 years from the date of collection, if you do not withdraw consent.

Medical data

In order to provide you recommendation and find a suitable medical professional we need to receive some of your medical data:

  • Medical photos and diagnostic images (CT scans of the jaw, photos of teeth/smile, X-ray images, photos of the face/head), symptoms, documents, prior treatment history, description of the medical condition, duration of condition — for assessment of the patient's dental or aesthetic condition, internal inquiry management, and sharing with matched clinics for the purpose of treatment planning — performance of a contract.

Data received from third parties

We may receive some personal data from third parties, including advertising platforms, analytics providers, affiliate tracking tools, and campaign measurement tools. The amount of data collected and the lawful basis for processing is determined by the respective privacy documents of these third parties. Key third-party sources are listed below:

  • Ad platform data (click identifiers, campaign source, UTM parameters) — Google LLC (Google Ads) — policies.google.com/privacy
  • Ad platform data (click identifiers, campaign source, UTM parameters) — Meta Platforms, Inc. (Meta / Facebook Ads) — facebook.com/privacy/policy
  • Lead management and tracking data (lead ID, status, sub-parameters) — Trackiffy (affiliate tracking platform) — trackiffy.com/privacy

Data sharing with third parties

We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organisational and technical measures to ensure the security of personal data during data transfer to third-party.

  • Analytics tools — we use analytics tools to understand and promote our business.
  • Payment services — we use payment services to process your payments and other transactions.
  • Social networks — we use various social networks to spread information about our activities.
  • Messengers — we use messengers to communicate with you in ways that are convenient for you.
  • Data storage services — we use various cloud services that allow us to securely store data on remote servers.
  • Contractors, service providers — we cooperate with service providers and contractors to provide you with their services, operate, develop and improve the features and functionality of the Website, fulfill your support requests, complete payment transactions, etc.
  • Providers of the services our team use — we use CRM systems, messengers, and other services in our organisation to provide you with our services.
  • State authorities, courts, law enforcement agencies — we may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies to comply with a government request, court order, or applicable law; to prevent unlawful use of the Website; to protect against claims of third parties; to help prevent or investigate fraud.

To get a detailed list of the third-party recipients of your personal data, contact us. To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.

Where Medikout transfers a patient inquiry to a Clinic, that Clinic may act as an independent data controller in respect of its own medical assessment, patient communication, treatment planning, pricing and service provision. Medikout is not responsible for the independent privacy practices of partner Clinics. However, Medikout requires partner Clinics to handle personal data in a lawful and secure manner consistent with applicable data protection law.

Data sharing outside the European Economic Area

The personal data we collect is stored in the European Union.

We may share personal data with the recipients of other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation.

To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.

If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

Data protection

We apply security measures aligned with industry standards for information security. We apply a variety of security measures appropriate to the possible risks.

  • Organisational measures: staff training, internal policies and instructions, non-disclosure agreements (NDA), transfer protection, access control mechanism.
  • Technical measures: two-factor authentication, backups, firewalls, encryption of data, implementation of HTTPS, end-to-end encryption.

Data subjects rights

You, as a data subject (individual), have the right to interact with your data directly or through a request to us. For European Economic Area residents:

  • Right to access — you can request information on whether personal data are being processed, and, where that is the case, access to this personal data and the information required by law.
  • Right to rectification — you can change the data if it is inaccurate or incomplete.
  • Right to erasure — you can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
  • Right to restrict the processing — you may partially or completely prohibit us from processing your personal data in cases provided by law.
  • Right to data portability — you can request all the data you provided to us and request to transfer data to another controller.
  • Right to object — you may object to the processing of your personal data that is collected on the base of legitimate interest.
  • Right to withdraw consent — you can withdraw your consent at any time.
  • Right to file a complaint — if your request was not satisfied, you could file a complaint to the regulatory body.

To exercise your rights, contact us.

For EEA residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority.

For UK residents: we will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner's Office via number 0303-123-1113 or online at www.ico.org.uk/concerns.

Cookies

We use cookies that are needed for the Website's operation. By using cookies, we receive automatically collected data. You can read more in the Cookie Policy.

If you want to turn off cookies, you can find instructions for managing your browser settings in the documentation of your browser (Internet Explorer, Firefox, Chrome, Opera, Microsoft Edge, Vivaldi, Safari, Brave).

Privacy Notice updates

This Privacy Notice is developed according to the General Data Protection Regulation, other applicable privacy laws, and best privacy practices.

Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the Website.

If there are material changes to the Privacy Notice or the Website that affect your data privacy rights, we will notify you by displaying information on the Website and, if necessary, ask for your consent.