Legal

Privacy Policy

Last updated: 18 May 2026

⚠ LEGAL REVIEW REQUIRED — This is a structured scaffold, not legal advice. Every clause below marked [CLIENT/COUNSEL TO SUPPLY] must be completed and the whole document approved by qualified counsel for each operating jurisdiction (EU/UK GDPR, UAE, KSA/GCC, India DPDP, etc.) before go-live.

1. Who we are (Data Controller)

Meddilink ("we", "us"). Registered legal entity name, company registration number, registered office address, and country of incorporation: [CLIENT/COUNSEL TO SUPPLY].

Privacy / Data Protection contact: compliance@meddilink.com — appoint and confirm a DPO / EU representative where required: [CLIENT/COUNSEL TO SUPPLY].

2. What personal data we collect

  • Enquiry & demo data: name, work email, clinic / company, country, message (Contact, Demo forms).
  • Recruitment data: name, email, phone, role, CV / résumé, optional message (Careers form).
  • Marketing data: email (newsletter).
  • Usage & device data: via cookies/analytics — see the Cookie Policy.

We do not intentionally collect patient/features/clinical health data through this marketing website. [CLIENT/COUNSEL TO SUPPLY: confirm scope].

3. Lawful basis & purposes

  • Contact / demo / sales enquiries: legitimate interest and/or steps prior to entering a contract.
  • Recruitment: steps prior to a potential employment contract / legitimate interest.
  • Newsletter / marketing: consent (opt-in; withdrawable at any time).
  • Analytics & non-essential cookies: consent via the cookie banner.

Region-specific lawful-basis confirmation: [CLIENT/COUNSEL TO SUPPLY].

4. Processors & third parties

We share data only with vetted processors under appropriate agreements: HubSpot (CRM & forms), Google Tag Manager & Google Analytics 4, Microsoft Clarity (analytics/heatmaps), CookieYes (consent), Google reCAPTCHA (anti-spam), YouTube (embedded video), Cloudflare (hosting/CDN). Full processor list, locations, and DPAs: [CLIENT/COUNSEL TO SUPPLY].

5. International transfers

Data may be processed outside your country (incl. the processors above). Transfer safeguards (SCCs / adequacy / equivalent): [CLIENT/COUNSEL TO SUPPLY].

6. Retention

We keep personal data only as long as necessary for the purposes above. Specific retention periods per data category: [CLIENT/COUNSEL TO SUPPLY].

7. Your rights

Subject to applicable law you may request access, rectification, erasure, restriction, portability, or object to processing, and withdraw consent at any time. To exercise any right, contact compliance@meddilink.com. You also have the right to lodge a complaint with your supervisory authority. Identity-verification & response-time process: [CLIENT/COUNSEL TO SUPPLY].

8. Security

We apply technical and organisational measures appropriate to the risk (encryption in transit, access controls, security headers). This does not constitute a guarantee or certification — see our Compliance-Ready positioning. Detail: [CLIENT/COUNSEL TO SUPPLY].

9. Changes

We may update this policy; the "Last updated" date will change and material changes will be notified as required by law.

Questions: compliance@meddilink.com · See also Cookie Policy, Terms, DPA.