top of page

Connecting people with high-quality healthcare providers in different geographies.

Privacy Policy

Introduction

Qalyup is a UK-based platform that connects patients with healthcare providers in other countries. We act as an intermediary – this means we help you find and book appointments with partner clinics abroad and can store your medical records for you. We are not a healthcare provider ourselves, but we facilitate your access to medical care internationally.

 

Your privacy is very important to us. This Privacy Policy explains what personal and health-related information we collect through our public website, how we use and share that information, and how we keep it safe. We handle all personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, which ensure strong privacy protections. This commitment to privacy applies to all our users worldwide – no matter where you are, we will protect your data with the same care and legal standards as we do for UK users.

 

Please read this policy carefully to understand our practices. By using the Qalyup website or services, you agree to the collection and use of your information as described here. If you have any questions, you can contact us using the details in the “Contact Us” section below.

Information We Collect

We only collect information that is necessary to provide you with our services. This includes:

  • Personal Identification Information: Your name, date of birth, and any identification details you provide when registering or filling in forms on our site.

  • Contact Information: Contact details such as email address, telephone number, and mailing address. We use these to communicate with you about appointments or respond to your inquiries.

  • Health and Medical Information: Any health-related details you choose to give us, such as medical history, current conditions, test results, or medical records. For example, you might provide information about your condition or upload medical documents so that we can help find a suitable healthcare provider. This type of data is considered sensitive personal data, and we treat it with special care (we will only collect it if you are willing to provide it and with your clear permission).

  • Appointment and Service Details: Information related to the services you request through Qalyup – for instance, the type of treatment you’re seeking, preferred dates, and the clinic or doctor you’re interested in. We also keep records of appointments or arrangements we book for you, including follow-up notes or correspondence related to your care.

  • Communications: Copies of communications you have with us. If you email us, call us, or use a contact form or chat feature on our website, we may keep those communications. They might include personal and medical details you share while asking questions or getting support.

  • Website Usage Data: Basic technical information collected automatically when you use our site. For example, we might log your IP address, browser type, and cookies that are necessary for the site to work (see “Cookies” below). This information helps us ensure the website functions properly and secure your account. We do not use this data to track your behavior across other sites, and we do not collect any unnecessary usage analytics without your knowledge.

We do not collect any financial information (such as credit card details) through our site, unless it becomes necessary to facilitate a payment that you initiate. In such cases, payments will be processed securely through a third-party provider, such as Stripe, and their own terms and conditions will apply. Should we begin to handle payments directly through the site in the future, we will update this policy accordingly to reflect those changes.

How We Use Your Information

We use your personal and health information only for legitimate purposes connected to our services. Specifically, Qalyup may use the data we collect to:

  • Provide Our Services: We use your information to connect you with healthcare providers and arrange medical services as you request. For example, if you ask us to find a specialist in another country or book an appointment, we will use your provided details (like your name, contact, and relevant medical information) to facilitate that service. This may include matching you with a suitable clinic or doctor and scheduling your appointment.

  • Store and Manage Your Medical Records: With your consent, we may store copies of your medical records or health information on our platform. This is to help you easily share those records with partner clinics at your request and to assist in coordinating your care. We maintain these records so you have a centralized place for your information, accessible to you and (with your permission) to healthcare providers involved in your care.

  • Communicate With You: We use your contact information to communicate with you about the services. This includes sending confirmations of appointments, updates from clinics, responding to your questions, and providing customer support. For example, we might email you through a secure service (like ProtonMail) to give you medical travel instructions or to follow up on your consultation. All communications about sensitive information are handled securely.

  • Share with Partner Clinics (at Your Direction): When you decide to proceed with a consultation or treatment with a specific healthcare provider, we will (with your approval) share the necessary personal and medical information with that clinic or doctor. This is so they understand your case and can provide care. We only do this at your explicit request, such as when you ask us to book an appointment or send your medical records to that provider.

  • Operate and Improve Our Website: We use data like website usage information and essential cookies to run the technical aspects of Qalyup. This helps keep the site secure, load faster, and remember your preferences (for example, keeping you logged in during a session). We may also use aggregated, anonymous information to improve our platform’s usability and services. This does not include any of your identifiable personal or health details – it’s only general data to help us understand what features are useful to users in general.

  • Legal and Regulatory Compliance: In certain cases, we may need to use or keep your information to comply with applicable laws and regulations. For example, UK data protection law may require us to retain records of transactions or communications for a certain period. We may also use your data to fulfill our duties in responding to lawful requests (such as a court order) or to establish, exercise, or defend legal claims if that situation arises.

Our Lawful Basis: We will only use your personal data when we have a valid legal reason under data protection law. Most often, this will be because the data use is necessary to perform the services you request (for instance, using your information to schedule an appointment, which is essentially part of our contract with you), or because you have given consent (for example, you provide and consent to our use of your health information for the purpose of finding you medical care). In some situations, we might have a legal obligation to process data (such as retaining invoices or records for regulatory reasons), or we might rely on our legitimate interests (such as improving our services or ensuring IT security) – but if we do so, we will always consider and respect your rights and interests. If we ever need to use your personal data for a new purpose that isn’t covered here, we will seek your consent or inform you of the new purpose, as required by law.

 

Importantly, we do not use your personal data for any kind of marketing without your permission, and we do not engage in automated decision-making or profiling that could significantly affect you. Every use of your data is tied to delivering our service to you or fulfilling our legal responsibilities, nothing else.

Cookies and Similar Technologies

Cookies are small text files placed on your device to make websites work or work more efficiently. Qalyup uses only essential cookies on our website. This means:

  • Necessary Cookies: These cookies are required for the basic functioning of our site. For example, when you log into your account, an essential cookie keeps you logged in as you navigate between pages. Other essential cookies may be used to remember your preferences (like language or region selection) or to provide basic security and network management. Without these, the site may not function properly.

  • No Tracking or Advertising Cookies: We do not use any cookies for advertising, marketing, or tracking your behavior outside of our interaction. We do not use third-party analytics cookies (such as Google Analytics) or social media trackers on our site. This means we’re not collecting data about your browsing for advertising or sharing your browsing habits with advertisers. Your activity on Qalyup is not profiled or tracked for marketing purposes.

Because we only use essential cookies, we typically will not display the kind of cookie consent banner you might see on other sites for advertising cookies. However, we still want you to know about our cookie use. By using our site, you understand that essential cookies will be set on your device to enable the service to work. You can set your browser to block cookies, but if you do, some parts of our site might not function correctly (for example, you might not be able to log in or book an appointment). For more details about our minimal use of cookies or if you have any specific questions, feel free to contact us.

Sharing Your Information

We treat your personal information with care and confidentiality. We do not sell your data to third parties or share it for random marketing purposes. We will only share your data in the following circumstances:

  • With Partner Healthcare Providers (Clinics/Doctors) – Only at Your Request: This is a core part of Qalyup’s service. If, and only if, you ask us to arrange a consultation or treatment with a specific clinic or doctor, we will share the necessary personal and medical information with that partner provider. For example, if you request an appointment with a specialist overseas, we will forward details like your name, contact information, and relevant medical history to that clinic so they can prepare for your visit and treat you effectively. We will never send your health information to any clinic or doctor without your knowledge and request. You are in control: we act as a messenger, passing along your information to the people you’ve chosen to involve in your healthcare.

  • Sharing with Third‑Party Clinical Services: To provide you with clinical care, your healthcare provider may share your personal data with third‑party organisations, such as diagnostic laboratories. Once your information is transferred, the clinic and the third‑party organisation are solely responsible for its protection and lawful processing. Qalyup accepts no liability for any data handling or processing carried out by these external parties. For further details on how your data is used by our clinical partners, please contact the clinic directly.

  • With Service Providers and Third-Party Tools (for Secure Processing): We use trusted third-party services to help us run Qalyup’s platform and deliver our services to you. These third parties act on our behalf (we refer to them as “data processors”) and they only process your data under our instructions and in compliance with this policy. We ensure they are also compliant with data protection laws. For example, we use ProtonMail as our secure email service to communicate with you and partner clinics. ProtonMail provides end-to-end encryption, which means emails we send or receive through that service are encrypted and secure. We may also use other third-party tools or services, such as secure cloud hosting providers (to store data on protected servers), IT support services, or secure messaging systems for appointments. In all cases, we choose providers that implement strong security measures and we only share the minimum necessary information with them for the task. These providers are contractually obligated to keep your information confidential and to use it solely for providing services to Qalyup (for example, our cloud storage provider will simply store the data and not look at it or use it for any other purpose).

  • With Legal or Regulatory Entities: We might be required to disclose information about you if we are compelled by law or governmental authority. For instance, if a court order, subpoena, or other legal process mandates us to share certain data, or if the Information Commissioner’s Office (ICO, the UK data protection regulator) requests information as part of an investigation, we are legally bound to comply. In such cases, we will only provide the information that is required and will, if law allows, inform you of such disclosure. Similarly, if it’s necessary to share data to enforce our terms of service or protect the rights, property, or safety of Qalyup, our users, or others (such as to prevent fraud or cybercrime), we may do so, but in a manner consistent with data protection requirements.

Aside from the situations above, no one else receives your personal data. We do not share your information with advertisers, social media companies, or any unrelated third parties. If in the future we consider partnering with any new type of third party that would need access to personal data, we will update this Privacy Policy and, if required, seek your consent.

 

When we do share data (for example, with a clinic or a service provider), we always transfer it securely. For instance, when sending your medical records to a clinic, we might use encrypted email (ProtonMail) or a secure file transfer. We also ensure that the recipient understands the confidential nature of the information.

International Data Transfers

Because Qalyup connects you with healthcare providers around the world, it’s important to address how your data might travel internationally. When you ask us to send your personal information or medical records to a partner clinic outside the United Kingdom, that inherently means your data will be transferred to another country’s jurisdiction.

 

We want to assure you that any international transfer of your data will still be handled with care and protection:

  • Your Consent and Request: By requesting an appointment or consultation with an overseas provider, you are effectively consenting to and requesting that we transfer your relevant personal data to that provider in their country. We will only transfer the information necessary for that purpose, and we will inform you what is being sent.

  • Protection Measures: Regardless of the destination country, we send your data through secure channels (for example, encrypted email or secure servers) to keep it safe in transit. We also have agreements or assurances in place with our partner clinics that they will treat your information confidentially and use it only for your care. If the clinic is in a country that the UK deems as having adequate data protection laws (for example, countries in the European Economic Area, or others officially recognized), your data will be protected similar to how it’s protected in the UK. If the clinic is in a country without the same level of data protection laws, we take additional steps – such as using encryption and only sharing data with your explicit instruction – to safeguard your privacy. In many cases, the act of you requesting the service is considered a permitted circumstance for the transfer under UK law, but we still ensure as much security as possible.

  • Clinic’s Own Privacy Practices: Once your information is transferred to a healthcare provider abroad at your request, that clinic will handle your data according to their own privacy policies and the laws of their country. While we require our partners to respect patient confidentiality and privacy, please note that their handling of your data is outside of Qalyup’s direct control. We recommend that you review any clinic’s privacy notice if you want a clear picture of how they manage your data. However, if you need assistance or have concerns about the information we shared with a clinic, you can contact us and we will do our best to help and ensure your data is respected.

In summary, international data sharing will occur only when you choose to use our service to see an overseas provider, and we will always prioritize the security of your information during such transfers. We remain accountable to UK data protection authorities for the protection of your data, even when it’s transferred abroad.

Data Security

We understand that your personal and health information is sensitive, and we take appropriate security measures to protect it. Qalyup has implemented a variety of technical and organizational safeguards to keep your data safe from unauthorized access, loss, or misuse. These measures include:

  • Encryption: Our website is protected by HTTPS, which means that any data you enter on our site (such as filling out forms or uploading documents) is encrypted in transit. This prevents eavesdropping — no one can intercept and read your information as it travels between your device and our servers. We also use encryption where possible for data at rest (stored data), especially for sensitive health records. For example, medical documents you store with us may be encrypted or stored in a secure, access-controlled environment to prevent unauthorized access.

  • Secure Email and Communication: As mentioned, we utilize ProtonMail for email correspondence for medical records, which provides end-to-end encryption. When we send or receive emails containing personal or medical information, the content is encrypted such that only the intended recipients (us and you, or us and the clinic) can read it. This adds an extra layer of security beyond standard email. We apply similar security principles to any other communication tools – ensuring that they are reputable and offer encryption or robust security protocols.

  • Access Controls: Within Qalyup, access to personal data is restricted to only those employees or team members who need to see it in order to perform their duties. We ensure that anyone handling sensitive information is aware of their responsibilities and is bound by confidentiality agreements.

  • Secure Infrastructure: We host our platform and data with WIX, which provides secure, reliable infrastructure providers. Further information can be found on their website: https://www.wix.com/website-security

  • Data Minimization: We collect and keep only the information that is necessary for the purpose at hand. By limiting the data we store, we reduce the risk associated with holding large amounts of personal information. If certain data is no longer needed, we ensure it is safely deleted or anonymized.

While we strive to protect your information with strong measures, it’s important to note that no method of data transmission or storage can be guaranteed 100% secure. However, we continuously work to update and improve our security practices. If there is ever a security breach that affects your personal data, we will follow all applicable laws in notifying you and the authorities, and we will take immediate steps to mitigate the impact.

Data Retention

We will keep your personal information only for as long as it is necessary to fulfill the purposes we collected it for, including to provide you services or to meet any legal, accounting, or reporting requirements.

  • Active Use of Your Data: If you are using Qalyup’s services (for example, you have an ongoing inquiry or upcoming appointment, or you maintain an account with us), we will retain your information so that we can continue to serve you. This makes it convenient for you – for instance, you won’t have to re-enter your details each time you use our service, and we can refer to your medical information for follow-up or additional services as needed.

  • Account Holders: If you register an account on Qalyup, we will retain your data until you decide to close your account or until it’s clear you will no longer use our services. If your account remains inactive for an extended period, we might reach out to confirm if you want us to retain your data or not. You always have the option to ask us to delete your account and personal data (see “Your Rights” below), and we will honor such requests, provided we don’t have a legal obligation to keep the data.

  • Medical Records Storage: If we are storing medical records or health information on your behalf, we will keep those records as long as you want us to (so that you have ongoing access to them and can share them when needed). You can request deletion of specific medical documents or all of them at any time. We may periodically check with you (especially if you have not used our service in a long time) whether you want to continue storing your records with us.

  • After Service Completion or Account Closure: If you have completed the use of our service (for example, your medical trip is done and you inform us you won’t need our assistance further, or you close your account), we will generally either delete or anonymize your personal data. “Delete” means we securely erase it from our systems, and “anonymize” means we alter it such that it can no longer be linked back to you (for instance, keeping a record of how many patients went to a particular clinic without any names or identifiers attached). We might retain anonymized data for statistics or service improvement (e.g., to know how many appointments were facilitated in a year), but that data will not identify you.

  • Legal Retention Requirements: In some cases, we might be required by law to keep certain data for a specified time. For example, financial records (invoices, receipts) or records of consent may need to be stored for a number of years under healthcare regulations or tax laws. Similarly, if there’s a dispute or legal matter, we might need to keep relevant information until it is resolved. In all such cases, we will store the information securely and only use it for those legal purposes.

Once the retention period has expired, or if you request deletion (and no legal requirement prevents it), we will ensure your data is promptly and securely removed from our systems. If complete deletion is not immediately feasible (for example, if backups are involved), we will put your information beyond use – meaning it is isolated from any further active processing – until deletion is possible.

Your Rights

Under UK data protection law, you have several important rights regarding your personal data. We are committed to upholding these rights. Below is a summary of your key rights and how you can exercise them:

  1. Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy is part of fulfilling that right, by explaining who we are, what we do with your information, and with whom it’s shared. If you have any questions about our data practices not answered here, you can always contact us for more information.

  2. Right of Access: You can request a copy of the personal data we hold about you. This is often called a “Subject Access Request.” You are entitled to receive a copy of your information we have, along with an explanation of how we use it. We will provide this free of charge (unless the request is excessive or repetitive, in which case a reasonable fee may be applied as permitted by law) and within the legally required time frame (normally within one month).

  3. Right to Rectification: If any of your information held by Qalyup is inaccurate or incomplete, you have the right to have it corrected. For example, if you notice we have the wrong spelling of your name, or your contact number has changed, you can ask us to update it. We strive to keep all information up-to-date, but we appreciate your help in telling us if something needs fixing.

  4. Right to Erasure: Commonly known as the “right to be forgotten.” You can ask us to delete or remove your personal data in certain circumstances. For instance, if you no longer want to use Qalyup’s services and you wish to close your account, you can request that we delete the personal information we hold about you. We will do so unless we have a specific legal reason to keep it (for example, if we are required to retain certain records for a period of time, or if the data is needed to resolve a dispute). We will inform you of any such reasons if they apply.

  5. Right to Restrict Processing: You have the right to request that we limit the way we use your data in certain situations. This could apply if you have challenged the accuracy of your data and we are verifying it, or if you have objected to our use of your data and we are considering your objection. While processing is restricted, we can still store your data, but not use it in the ways you’ve restricted until the issue is resolved.

  6. Right to Data Portability: You have the right to obtain your personal data from us in a format that is accessible and machine-readable (for example, a CSV or PDF file), so that you can reuse it or transfer it to another service if you wish. For example, if you want to take your medical records that we store and provide them to another healthcare coordinator or directly to a new clinic, we can facilitate that by giving you a copy of your records in a suitable electronic format. Where feasible and upon your request, we may also transfer the data directly to another organization for you. This right applies to information you provided to us and that we process by automated means, where our processing is based on your consent or on a contract with you (which is the case for most of your data with Qalyup).

  7. Right to Object: You have the right to object to certain types of processing of your data. Since Qalyup does not use your data for marketing without consent, it’s unlikely you’d need to object to marketing use. You may object if you believe we are processing your data for something not covered by the purposes you agreed to. If, for example, we were using some data under a “legitimate interest” basis, you can object to that use and we will consider your request. If we ever were to do any direct marketing, you could object or opt out at any time (but again, we currently do not do this).

  8. Right to Withdraw Consent: In cases where we rely on your consent to process your personal data (such as processing your health information or sharing it with a partner clinic), you have the right to withdraw that consent at any time. For example, if you gave us consent to hold your medical records and you later change your mind, you can instruct us to stop holding or using those records. Withdrawing consent will not affect the legality of any processing we carried out before you withdrew, but it means we will stop the particular processing going forward. Do note, if you withdraw consent for us to use information that is necessary to provide our service (for instance, using your medical info to coordinate with a doctor), we may not be able to continue providing that service to you. We will advise you if such a situation occurs so you can make an informed decision.

  9. Right to Complain: If you have any concerns or complaints about how we are handling your personal data, we encourage you to contact us first (see “Contact Us” below) so we can try to resolve the issue. However, you also have the right to lodge a complaint with the relevant supervisory authority. In the UK, that is the Information Commissioner’s Office (ICO). The ICO is the independent authority set up to uphold information rights and they can be contacted via their website (ico.org.uk) or telephone. If you are located in another country, you may have the right to complain to your local data protection authority as well. We will cooperate fully with any official investigations and endeavor to address all concerns.

To exercise any of these rights, you can contact us using the contact information provided in the next section. We will need to verify your identity before fulfilling certain requests (for example, providing access to your data) to ensure that we don’t disclose your information to someone else. We will respond to all legitimate requests as quickly as possible, and at least within the timeframe required by law (usually one month, with the possibility to extend that by two further months for complex requests – but we’ll inform you if an extension is needed).

 

Please note that some rights are not absolute. For example, there may be legal or legitimate reasons we cannot fully comply with a request (such as an erasure request when we are legally required to keep some data). If that is the case, we will explain to you why we cannot meet the request in full and discuss what we can do instead.

 

Our goal is to be transparent and helpful in addressing any questions or requests you have about your data – so don’t hesitate to reach out.

Contact Us

Qalyup is the “data controller” responsible for your personal data (in other words, Qalyup decides how your data is processed and for what purposes, in line with this policy). If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us. We are here to help.

 

Contact details for privacy inquiries and data protection requests: hello@qalyup.com

When you contact us, please describe your question or request in detail, including the email address or other contact information you used to sign up with Qalyup (if applicable), so we can verify your identity and assist you more efficiently. For example, if you are requesting a copy of your data, it helps to state your name and the email associated with your Qalyup account.

 

If you’re not satisfied with our response or believe we are processing your data unfairly or unlawfully, you have the right to contact the ICO as mentioned above. However, we truly appreciate the opportunity to address your concerns first and will do our utmost to resolve any issues.

Updates to This Privacy Policy

We may update or change this Privacy Policy from time to time to reflect changes in our practices, accommodate new services, or ensure compliance with updates in laws and regulations. When we make changes, we will post the updated policy on our website and update the “last updated” date at the bottom of this document. If the changes are significant, we may also notify you directly via email or a notice on our website, especially if you have an account or ongoing relationship with us.

 

We encourage you to review this Privacy Policy periodically to stay informed about how Qalyup is protecting your information. Continuing to use our website or services after a new privacy policy has been posted will indicate that you have read and understood the changes.

 

If we ever were to use your personal data in a materially different way than we’ve described here, we would seek your permission first, where required by law.

 

Last Updated: May 1, 2025.

bottom of page