Privacy Policy
Protection of Your Personal Health Information
Effective Date: May 2026 | Last Updated: May 2026
1. Introduction
MedLink Access ("we," "us," or "our") operates medlinkaccess.com, a platform connecting patients with healthcare professionals across the MENA region and India. We are fully committed to protecting the privacy and security of your personal data, including health information. Only personal information necessary for the proper functioning of our services is collected, processed, and stored.
This Privacy Policy explains what data we collect, why we collect it, how it is used and protected, and what rights you have. It applies to all users of our website, mobile applications, and related services.
2. Legal Framework
MedLink Access processes personal data in compliance with the following legal frameworks:
- Moroccan Law No. 09-08 of 18 February 2009 relating to the protection of individuals with regard to the processing of personal data
- Decree No. 2-09-165 of 21 May 2009 implementing Law 09-08
- Law No. 05-20 on Cybersecurity (Morocco)
- GDPR-aligned standards, consistent with leading MENA health platforms
Health data is classified as sensitive personal data under Law 09-08 and is subject to the highest level of protection.
3. What Personal Data We Collect
To establish a connection between you and healthcare professionals and to allow you to manage your appointments, the following personal data may be collected:
- Identity information: full name, date of birth, gender, nationality
- Contact details: email address, phone number, postal address
- Medical information: health history, diagnoses, appointment details, and notes from healthcare providers
- Account credentials and login information
- Payment and billing information where applicable
- Technical data: IP address, browser type, device information, and usage patterns
We collect only the minimum personal information necessary for the proper functioning of the service.
4. How We Collect Your Information
We collect your personal information when you:
- Create a unique personal account on our platform
- Book, modify, or cancel a medical appointment
- Submit a health history or medical form
- Contact us for support or respond to optional surveys
- Browse our website (automatically via cookies and analytics tools)
5. How We Use Your Personal Data
5.1 Healthcare Services
We use your data to facilitate medical appointments, coordinate care between you and healthcare professionals on our platform, and support your treatment.
5.2 Platform Operations
We use your data to manage your account, send appointment confirmations and reminders by SMS or email, process payments, and improve our platform services.
5.3 Legal Obligations
We may use or disclose your data when required by Moroccan law, a court order, or a competent public authority.
5.4 Communications
With your consent, we may send you information about our services or health-related updates. You may opt out of marketing communications at any time.
6. Information Security
MedLink Access uses the most secure technological standards to protect your personal data. Our security measures include:
- AES-256 encryption for data at rest and TLS 1.2+ for data in transit
- Multi-factor authentication (MFA) on all systems handling health data
- Role-based access control — minimum necessary access only
- Regular security audits and risk assessments
- Audit logs retained for the legally required period
- Automatic session logoff after inactivity
- Physical access controls on servers and devices containing health data
- Strict confidentiality obligations for all staff and contractors
7. Third-Party Sharing & Data Transfers
We do not sell, rent, or trade your personal data to third parties. We will not share your information without your consent, except in the following situations:
- When required by Moroccan law, a court order, or a competent regulatory authority
- When necessary to provide your medical care
- With trusted sub-contractors bound by confidentiality and data protection obligations
Cross-border data transfers are only made to countries that provide an adequate level of data protection, in accordance with Law 09-08.
8. Your Rights
In accordance with Moroccan Law No. 09-08, you have the following rights. To exercise any of these rights, please contact us at privacy@medlinkaccess.com.
| Right | Description |
|---|---|
| Right to Access | Request a copy of the personal data we hold about you. We will respond within 30 days. |
| Right to Rectification | Request correction of inaccurate or incomplete personal data. We will respond within 60 days. |
| Right to Deletion | Request deletion of your personal data, subject to our legal retention obligations. |
| Right to Object | Object to certain uses of your personal data, including for marketing purposes. |
| Right to Restrict Processing | Request that we limit how we use your data in certain circumstances. |
| Right to Confidential Communications | Request that we contact you only in certain ways or at certain locations. |
| Right to a Copy of This Notice | Request a printed or electronic copy of this Privacy Policy at any time. |
9. Changes to This Privacy Policy
We reserve the right to change this Privacy Policy at any time. Any changes will be posted on our website with an updated effective date. Where changes materially affect how we use your personal data, we will provide advance notice where reasonably possible.
10. Contact Us
If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact our Privacy Officer:
- Website: medlinkaccess.com
- Email: privacy@medlinkaccess.com
- Security concerns: security@medlinkaccess.com
© 2026 MedLink Access — medlinkaccess.com — privacy@medlinkaccess.com