Privacy Policy 

[Effective Date: January 2, 2025] 

At Cure & Travel, a service of Horizonius Ltd. (“we,” “our,” or “us”), we are deeply committed to maintaining the privacy and protection of your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you engage with our website, services, or communication channels, in compliance with UK and EU data protection laws, including the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and the evolving requirements of the Data Use and Access Bill (DUAB)12. 

  1. Application of This Notice

This Privacy Policy applies to any personal data we collect through our website (https://www.cureandtravel.com), communications via email, telephone, or other means when you access our healthcare travel services. This policy applies to all individuals whose data we process, regardless of their location (including EU citizens)2. By using our services, you consent to the terms outlined in this policy. 

  1. Types of Data We Collect

We may collect the following categories of personal data: 

  • Personal Identification: Your full name, date of birth, address, contact number, email, passport details, and other identifiers necessary for arranging travel and healthcare services. 
  • Health Information: Sensitive data such as your medical history, treatment preferences, and any other health-related details, which are gathered only with your explicit consent. 
  • Payment Data: Information related to your billing details, credit or debit card numbers, and other financial information required to process payments securely. 
  • Technical Data: Data related to your usage of our website, such as your IP address, device type, browser, and cookies, which help improve user experience and are used for analytics. 
  • Communication Records: Details of any interactions you have with us via phone, email, or online forms. 

Important Note: Please only share the personal data you are comfortable with. If you provide data belonging to third parties, ensure you have their consent to do so. 

  1. Legal Basis for Data Processing

We process your data based on the following legal grounds: 

  • Contractual Requirements: To provide the travel and healthcare services you have requested. 
  • Consent: For processing sensitive data, such as your health information, we obtain your explicit, freely given, specific, informed, and unambiguous consent5. You have the right to withdraw your consent at any time. 
  • Legal Obligations: To comply with regulatory and legal requirements under UK and EU law3. 
  • Legitimate Interests: For purposes such as improving customer service, maintaining website functionality, and sending relevant service updates, provided these interests are not overridden by your rights and freedoms. We conduct Legitimate Interest Assessments (LIAs) to ensure that our interests are balanced against your rights. These include fraud prevention, network and information security, and the administrative handling of supplier relationships. 
  • Recognized Legitimate Interests: As permitted under UK GDPR, EU GDPR and the DUAB, we may also process data under specific “Recognized Legitimate Interests,” such as public safety or emergency response, as defined by law. 
  1. How We Use Your Data

Your personal information is used for the following purposes: 

  • Providing Services: Coordinating your medical and travel bookings and ensuring smooth execution of your plans. 
  • Customer Support: Responding to your queries, assisting with complaints, and providing post-treatment assistance. 
  • Payment Management: Processing financial transactions securely and preventing fraudulent activity. 
  • Marketing: Sending you updates and promotional offers related to our services, only if you have opted in. 
  • Website Improvement: Using aggregated data to enhance user experience and functionality. 
  • Legal Compliance: Ensuring adherence to applicable laws, responding to legal requests, and protecting our rights. 
  • National Security, Public Safety, or Emergency Response: As necessary to address situations that threaten national security, public safety, or require emergency response, in compliance with the Data Use and Access Bill. 
  1. Use of Cookies and Similar Technologies

We employ cookies and similar technologies to enhance user experience and gather information on how our website is used. These allow us to: 

  • Identify you when you return to our website. 
  • Personalize your browsing experience. 
  • Track traffic and usage statistics. 

We use analytics cookies to understand how our website is used and to improve its functionality. Where analytics cookies are strictly necessary for the provision of our service, we rely on legitimate interest as the lawful basis for processing. For all other non-essential cookies, we will obtain your consent before placing them on your device. You have the right to withdraw your consent at any time. 

You can manage cookie preferences through your browser settings, but disabling cookies may affect certain features of our website. 

  1. Sharing Your Data

We will not sell or lease your personal information to third parties for their marketing purposes. However, we may share your data with: 

  • Healthcare Providers: Clinics or doctors involved in your treatment. 
  • Travel Providers: Airlines, accommodation providers, or other services necessary for your trip. 
  • Service Providers: Payment processors, IT companies, and other third-party vendors who support our operations. 
  • Legal Compliance: If required to do so by law or court order, or to protect our rights. 
  • In the event of a business transfer (e.g., merger or sale), your data may be transferred as part of that process, in accordance with data protection laws. 
  • Public Authorities: Where required by law for national security, public safety, or emergency response purposes, as outlined in the Data Use and Access Bill. 

We ensure that all third parties with whom we share your data have appropriate data protection measures in place, as required by GDPR. 

  1. International Data Transfers

Your data may be transferred outside of the UK and the European Economic Area (EEA) to service providers or healthcare partners based in other countries. We ensure that any such transfers are safeguarded through appropriate measures to comply with UK and EU data protection standards, including assessments to confirm that the data protection standards in the destination country are not materially lower than those in the UK and EU4. We utilize the International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), and the EU Standard Contractual Clauses (as updated) to ensure adequate protection for your data when transferred internationally. We continuously monitor legal and regulatory developments in this area and will update our transfer mechanisms as necessary to maintain compliance. 

  1. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law3. Specifically: 

  • Personal Identification Data: Retained for up to 7 years post-service completion to comply with legal and regulatory requirements. 
  • Health Information: Retained for 10 years post-treatment, as required by healthcare regulations. 
  • Payment Data: Retained for 7 years to comply with financial and tax obligations. 
  • Technical Data: Retained for 13 months for analytical purposes. 

Once the data is no longer needed, it will be securely deleted or anonymized. We have implemented data retention policies to ensure that personal data is not kept longer than necessary3. 

  1. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights concerning your personal data: 

  • Right of Access: You may request a copy of the personal data we hold about you4. 
  • Right to Correction: You can update or correct any inaccuracies in the data we hold3. 
  • Right to Erasure: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected3. 
  • Right to Restrict Processing: You can ask us to limit how we process your personal data in specific situations. 
  • Right to Object: You can object to certain data processing activities, including direct marketing. 
  • Right to Data Portability: You may request a transferable copy of your data. 
  • Right to Withdraw Consent: You can withdraw your consent at any time, though it does not affect the lawfulness of processing based on consent before its withdrawal. 
  • Right to be informed: You have the right to be provided with clear, transparent, and easily understandable information about how we use your information and your rights4. 
  • Rights related to automated decision making including profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. 

To exercise any of these rights, please contact us at privacy@cureandtravel.com. We will respond within one month. To process your request, we may need to verify your identity. We commit to facilitating the exercise of your rights in accordance with GDPR requirements3. 

  1. Data Protection Measures

We employ strong security measures to protect your personal data, including: 

  • SSL Encryption for secure transactions. 
  • Firewalls and Intrusion Detection Systems to protect our systems. 
  • Access Controls to limit internal access to sensitive data. 
  • Regular Security Audits to assess and improve our security practices. 
  • Employee Training to promote data privacy best practices. 
  • Data encryption and pseudonymization to protect data integrity and confidentiality3. 

While we implement industry-standard security measures, please note that no system is entirely immune to breaches. In the event of a data breach, we will notify the appropriate supervisory authorities and affected individuals in accordance with GDPR requirements. 

  1. Children’s Privacy

Our services are not intended for individuals under the age of 16. If we learn that we have unintentionally collected data from a child, we will promptly delete it. 

  1. External Links

Our website may contain links to third-party sites for your convenience. We are not responsible for their privacy practices and encourage you to review their policies. 

  1. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any updates will be posted on our website and will be effective immediately. We encourage you to check this page periodically. If we make significant changes, we will notify you via email or through a prominent notice on our website. The “Effective Date” at the top of this policy indicates when it was last revised. We will maintain an archive of past versions of this policy. 

  1. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please reach out to: 

Cure & Travel by Horizonius Ltd. 

124 City Road, EC1V 2NX, London, UK 

Email: privacy@cureandtravel.com 

Phone (UK): +44 7960 033188 

 

Our Data Protection Officer (DPO) can be contacted at privacy@cureandtravel.com. 

If you believe your data protection rights have been violated, you also have the right to file a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk or with a relevant supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. 

By continuing to use our services and website, you confirm that you have read and understood this Privacy Policy. 

Thank you for trusting Cure & Travel by Horizonius Ltd. with your personal information. We are committed to providing you with secure and efficient healthcare travel assistance. 

124 City Road, EC1V 2NX, London, UK 

Email: privacy@cureandtravel.com 

Phone (UK): +44 7960 033188 

Our Data Protection Officer (PRIVACY) can be contacted at privacy@cureandtravel.com. 

If you believe your data protection rights have been violated, you also have the right to file a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk or with a relevant supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. 

By continuing to use our services and website, you confirm that you have read and understood this Privacy Policy. 

Thank you for trusting Cure & Travel by Horizonius Ltd. with your personal information. We are committed to providing you with secure and efficient healthcare travel assistance.