Legal

Private Policy

Our Privacy Policy

**Last Updated:** July 24, 2025

MedVenture Mexico (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services. By engaging with MedVenture Mexico and using our services, you expressly consent to the practices described in this policy.

1. Introduction

MedVenture Mexico facilitates medical tourism, connecting patients from the United States, Canada, and Mexico with high-quality medical clinics and healthcare providers in Mexico. We understand the sensitive nature of the information you share with us and are dedicated to maintaining your trust.

2. Information We Collect About You

To effectively provide our services, we collect various categories of information. The specific data collected depends on your interaction with us and the services you request.

  • a. Personal Identifiable Information (PII): Data that identifies you as an individual.
    • Contact Details: Name, mailing address, email address, phone number.
    • Demographic Data: Date of birth, gender.
    • Identification: Passport number, national ID (e.g., INE for Mexican citizens, driver’s license for US/Canadian citizens, as required for travel or clinic registration).
    • Emergency Contacts: Name and contact details of individuals to reach in case of an emergency.
  • b. Sensitive Medical Information (Protected Health Information – PHI): Highly sensitive data related to your health.
    • Health Records: Past and present health conditions, surgeries, allergies, medications.
    • Procedural Information: Pre-operative records, post-operative reports, consent forms.
    • Diagnostic Data: Imaging (X-rays, MRIs, CT scans), laboratory results.
    • Immunization Status: Vaccination records.
    • Consultation Notes: Information shared during virtual or in-person consultations.
  • c. Travel and Logistical Information:
    • Flight Details: Airline, flight numbers, dates, times.
    • Accommodation Preferences: Hotel booking requirements.
    • Destination Services: Transportation needs, companion details.
  • d. Financial Information:
    • Payment Details: Credit card numbers, bank account information, billing address (processed via secure, compliant third-party payment gateways).
    • Insurance Information: If applicable, details necessary for coordination or verification (though typically, medical tourism is self-pay).
  • e. Technical and Usage Information:
    • Device & Browser Data: IP address, operating system, browser type, device identifiers.
    • Website Usage: Pages visited, time spent on our site, referral sources, search queries, click patterns.
    • Cookies & Tracking Data: Information collected through cookies, web beacons, and similar technologies (see Section 6).
  • f. Communication Records:
    • Correspondence: Emails, chat logs, messages through our online portal.
    • Phone Calls: May be recorded for quality assurance, training, and record-keeping purposes. You’ll be informed if a call is being recorded.
3. How We Use Your Information (Purposes and Legal Bases)

We use the information we collect for specific purposes, relying on a legal basis for each use:

Purpose Legal Basis Data Used (Examples)
Facilitate Medical Services & Travel Contractual Necessity: Essential to fulfill our service agreement with you. All Personal, Medical, Travel, and relevant Financial Information.
Communicate with You Contractual Necessity / Legitimate Interest: To provide updates, answer inquiries, and manage your journey. Personal (Contact), Communication Information.
Share with Healthcare Providers Explicit Consent / Contractual Necessity: Crucial for your medical treatment; requires your express permission. Medical Information, relevant Personal and Travel Information.
Process Payments Contractual Necessity / Legal Obligation: To complete transactions and comply with financial regulations. Financial Information, relevant Personal Information.
Comply with Legal Obligations Legal Obligation: To meet regulatory, legal, and tax requirements in Mexico, US, and Canada. Any relevant data as required by law (e.g., financial records, certain medical data if subpoenaed).
Improve Our Services Legitimate Interest: To analyze trends and enhance user experience (often with anonymized data). Technical, Usage, and Anonymized/Aggregated Personal/Medical Information.
Marketing & Promotions Consent: With your explicit opt-in consent only. You can withdraw consent at any time. Personal (Contact) Information.
Protect Our Rights & Safety Legitimate Interest / Legal Obligation: To prevent fraud, ensure security, and defend legal claims. Any relevant information required for security, fraud prevention, or legal defense.
4. How We Share Your Information

We share your information only when necessary to provide our services, with your consent, or as required by law. We never sell your personal or medical information to third-party advertisers or marketers.

We may share your data with:

  • Partner Healthcare Providers in Mexico: Your medical and relevant personal information is shared with the clinics, hospitals, and doctors you choose or are referred to, solely for the purpose of your diagnosis, treatment, and care. This is done with your explicit consent.
  • Travel and Accommodation Partners: Airlines, hotels, and local transportation providers to arrange your travel and stay in Mexico.
  • Payment Processors: Secure third-party services (e.g., Stripe, PayPal) to process your financial transactions. We do not store full credit card details on our servers.
  • Service Providers: Third-party vendors who provide services on our behalf, such as IT support, data hosting, analytics, and communication platforms. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal & Regulatory Authorities: If required by law, subpoena, court order, or governmental request (e.g., immigration authorities, health departments), or to protect our rights, property, or safety, and that of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, sale of assets, or other business transaction, your information may be transferred to the acquiring entity. We will notify you of any such transfer and choices you may have.
5. International Data Transfers

As a medical tourism company operating in Mexico with patients from the US and Canada, your information will be transferred to, stored, and processed in Mexico, where our operations are based, and where our partner clinics are located.

We ensure that all international data transfers are protected by:

  • Standard Contractual Clauses (SCCs): Implementing data processing agreements with our partners that incorporate SCCs approved by relevant authorities (e.g., EU, UK, Canada), ensuring robust data protection standards.
  • Binding Corporate Rules (BCRs): If applicable for future expansion or group entities.
  • Encryption & Security Measures: Employing strong encryption (SSL/TLS for data in transit, AES-256 for stored data) and secure data handling practices throughout the transfer process.
  • Due Diligence: Conducting thorough vetting of our partners and service providers to ensure they meet our stringent privacy and security requirements.

By using our services, you acknowledge and agree to the transfer of your information to Mexico.

6. Cookies, Analytics, and Advertising Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and measure the effectiveness of our marketing campaigns. This includes first-party cookies set by our site and third-party cookies set by our analytics and advertising partners.

a. How We Use Cookies and Similar Technologies:

  • Strictly Necessary Cookies: Essential for the website to function correctly (e.g., maintaining your login session).
  • Analytical/Performance Cookies (Google Analytics): We use Google Analytics to help us understand how visitors interact with our website. This tool collects anonymized data, such as which pages are most popular, how long visitors stay on our site, and how they found us. This information helps us improve our website’s performance and design.
  • Functionality Cookies: Remember your preferences (e.g., language, region) to provide a more personalized experience.
  • Advertising & Measurement Cookies (Meta Pixel): To measure the effectiveness of our advertising on Meta platforms (like Facebook and Instagram) and deliver relevant marketing messages, we use tools like the Meta Pixel and Conversions API. These tools may collect information about the actions you take on our site, such as visiting a page or submitting a form. If you provide us with your personal information (e.g., through a form), we may share a secure, hashed (anonymized) version of it with Meta to accurately measure ad performance and create custom audiences. We do not share sensitive personal health information through these tools.

b. Your Choices and How to Opt-Out:

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. You can also manage your preferences through the cookie consent banner on our website. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

You can learn more about how our partners use your data and how to opt out by visiting their respective policy pages:

  • Google: To opt out of Google Analytics, you can use the Google Analytics Opt-out Browser Add-on.
  • Meta (Facebook & Instagram): You can review and adjust your ad settings and preferences directly within your Facebook and Instagram accounts.
  • Industry Opt-Outs: You can learn more about interest-based advertising and opt-out of many participating networks through organizations like the Digital Advertising Alliance (DAA).
7. Data Security

We implement robust technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: SSL/TLS encryption for data transmitted over the internet; AES-256 encryption for data stored on our servers.
  • Access Controls: Strict role-based access controls ensure that only authorized personnel can access sensitive information, based on the principle of least privilege.
  • Physical Security: Secure data centers with controlled access.
  • Regular Audits & Assessments: We conduct periodic security assessments, penetration testing, and vulnerability scans of our systems and engage third-party vendors who also undergo regular security assessments.
  • Employee Training: Our staff receives regular training on data privacy and security best practices.
  • Incident Response Plan: We have a comprehensive plan to detect, respond to, and mitigate data breaches. In the event of a breach, we will notify affected individuals and relevant authorities as required by law.

While we strive to protect your personal and medical information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

8. Your Privacy Rights

Depending on your jurisdiction (e.g., US states like California, Canadian provinces, Mexican federal law, EU/UK GDPR), you may have the following rights regarding your personal and medical information:

  • Right to Access: To request a copy of the personal and medical information we hold about you.
  • Right to Rectification/Correction: To request that we correct any inaccurate or incomplete information.
  • Right to Deletion/Erasure (“Right to Be Forgotten”): To request the deletion of your personal information, subject to certain legal obligations (e.g., medical record retention).
  • Right to Restrict Processing: To request that we limit the way we use your information.
  • Right to Object to Processing: To object to our processing of your information for certain purposes (e.g., direct marketing).
  • Right to Data Portability: To receive your information in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
  • Right to Withdraw Consent: Where we rely on your consent to process your information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: To lodge a complaint with a supervisory authority responsible for data protection in your jurisdiction.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.

9. Data Retention

We retain your personal and medical information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • Medical Records: We are required to retain medical records for a minimum of five (5) years in accordance with Mexican healthcare regulations (NOM-004-SSA3-2012). This period may be longer based on specific medical conditions or legal requirements.
  • Other Data: Other categories of data (e.g., personal contact information, communication records, financial transaction data) are retained for periods necessary to provide services, manage our business, comply with tax laws, and resolve disputes.

After the applicable retention period, your information will be securely deleted or anonymized.

10. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal or medical information from minors without verifiable parental consent. If we become aware that we have inadvertently collected information from a minor without such consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 18, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of any significant changes by posting the updated policy on our website, and if changes are material, we may also notify you via email or a prominent notice on our site. Your continued use of our services after such modifications constitutes your acknowledgment of the updated policy.

13. De-identified or Anonymized Information

We may use de-identified or anonymized information for various purposes, such as research, analytics, and service improvement. When information is de-identified or anonymized, it means that all personal identifiers have been removed, making it impossible to reasonably identify you. This type of data is not subject to this Privacy Policy as it no longer constitutes personal information. We ensure that our de-identification and anonymization processes adhere to industry standards and legal requirements.

14. Links to Third-Party Websites

Our website may contain links to websites operated by third parties, such as partner clinics, travel agencies, or information resources. This Privacy Policy applies only to information collected by MedVenture Mexico. When you click on a link to a third-party website, you will be subject to that website’s privacy policy and practices. We encourage you to review the privacy policies of any third-party sites you visit, as we are not responsible for their content or data handling practices.

15. No Medical Advice

Please note that MedVenture Mexico is a facilitator service and does not provide medical advice, diagnosis, or treatment. The information we share is for coordination purposes only, connecting you with qualified medical professionals. Any medical information or advice you receive will come directly from the licensed healthcare providers in Mexico you choose to engage with. Our role is strictly limited to facilitating your medical tourism journey.

16. Your Responsibilities

While we commit to protecting your privacy, we also rely on you to help us safeguard your information. Please:

  • Provide Accurate Information: Ensure that all information you provide to us is accurate, complete, and up-to-date. Inaccurate information can impact the quality and safety of your medical care.
  • Keep Your Credentials Secure: If you create an account with us, keep your login credentials (username and password) confidential and do not share them with anyone.
  • Review This Policy: Familiarize yourself with this Privacy Policy and reach out if you have any questions or concerns.
17. Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise your privacy rights, please contact us:

MedVenture Mexico
Email: privacy@medventuremexico.com

By choosing MedVenture Mexico, you are entrusting us with your well-being and personal data. We are committed to honoring that trust by maintaining the highest standards of privacy and security.