Article 1 : Purpose

HERE UP LLC. (“Medibook”, “Company”, “we”, “our”, or “us”) values the privacy of our users worldwide and complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA) in the United States, and other relevant international frameworks.

This Privacy Policy (“Policy”) explains how we collect, use, store, and share your personal information when you use Medibook services (“Services”).

The Company establishes this Policy to ensure the lawful, fair, and transparent processing of personal information of users (“Users”) who use Medibook, a global medical and wellness platform.

​

Article 2 : Principles of Processing

• Personal information is collected only for specified and legitimate purposes.

• Data is not shared with third parties without consent, except as required by law.

• Medibook operates as a booking-based intermediary platform, not as an insurer, broker, or medical institution, and does not guarantee outcomes or marketing claims of partner institutions.

​

Article 3 : Information We Collect

Depending on your use of Services, we may collect:

1. Account Information: Email, password, name, contact, country, date of birth.

2. Verification Information: ID, date of birth, phone number, gender, nationality.

3. Service Use Data: Reservation details, payment records, communication logs.

4. Device & Usage Data: Cookies, IP, browser/device info, access logs.

5. Payment Information: Card number, billing address, bank account, transaction history.

​

Article 4 : How We Collect Data

• Directly from you (when registering, making reservations, contacting support).

• Automatically through cookies, device logs, analytics tools.

• From third parties (e.g., payment processors, partner institutions, authentication providers).

​

Article 5 : How We Use Data

• To provide, improve, and personalize Services.

• To process reservations and payments.

• To verify identity and prevent fraud.

• For service improvement and customer support.

• With your consent, for marketing, promotions, and events.

​

Article 6 : Sharing of Personal Information

We may share data in the following limited circumstances:

• Service Providers (e.g., Stripe, Wix, PG providers for payment processing).

• Partner Institutions (to confirm reservations, provide medical services).

• Legal Obligations (when required by applicable law).

Medibook does not sell personal information in exchange for money. However, under the CCPA, certain data sharing for advertising or analytics may be deemed a "sale". Users may opt out (see Article 14).

​

Article 7 : Data Retention

• Personal information is retained only as long as necessary for service provision.

• Fraud prevention data: up to 1 year after account termination.

• Legal recordkeeping (e.g., contracts, payments): retained per local laws (typically 3–5 years).

• Inactive accounts may be archived or deleted after 1 year of non-use.

​

Article 8 : International Data Transfers

As a U.S.-based company operating globally, we may transfer data to servers in the United States and other countries. We use safeguards (e.g., Standard Contractual Clauses, encryption, and security protocols) to protect data across borders.

​

Article 9 : User Rights

Depending on your jurisdiction, you may have the right to:

• Access and request a copy of your personal data.

• Correct or delete your data.

• Withdraw consent for processing.

• Restrict or object to data use.

• Port your data to another provider.

​

Article 10 : CCPA Rights (California Residents)

If you are a California resident, you have the right to:

• Request access to the categories and specific pieces of personal information we have collected.

• Request deletion of your data (subject to exceptions).

• Opt out of the “sale” of personal information.

You can exercise your rights by clicking the “Do Not Sell My Personal Information” link on our website/app or by contacting us at medibook.media@medibook.com.

​​​

Article 11 : GDPR Rights (EEA/UK Residents)

If you are located in the EU/EEA/UK, we process your data under lawful bases such as contract necessity, legitimate interests, legal obligations, or consent. You may contact us at medibook.media@medibook.com. to exercise GDPR rights.

​

Article 12 : Security Measures

We employ administrative, technical, and organizational safeguards, including:

• Encryption of passwords and sensitive data.

• Firewalls, intrusion detection, and monitoring.

• Access controls and staff training.

​

Article 13 : Cookies and Tracking

• Users may choose to accept, refuse, or be notified about cookies.

• Refusal may limit some functionality of the Services.

​

Article 14 : Children’s Privacy

Our Services are not directed to children under 16 years of age (or the minimum age required by applicable local law, which may be between 13 and 16).

We do not knowingly collect personal information from children below this age.

If we learn that we have collected such data without verified parental consent, we will delete it promptly.

​

Article 15 : Governing Law & Dispute Resolution

• B2B disputes: Resolved via Singapore International Arbitration.

• B2C disputes: Governed by the consumer protection laws of the user’s place of residence, with Delaware law as default.

• Mandatory local consumer protection laws will prevail where applicable.

​​

Article 16 : Contact

If you have questions or wish to exercise your privacy rights, please contact:

Privacy Officer

MEDIBOOK

Email: medibook.media@medibook.com.

​

Addendum

This Policy is effective as of September 1, 2025. Updates will be notified at least 7 days in advance (30 days if materially impacting user rights).

​​​

​