Privacy Policy
How Cura Welt collects, uses, and protects your personal data when you use our medical tourism facilitation services.
Cura Welt is a global medical tourism facilitation company operating through the website curawelt.com. Our service connects international patients with verified partner clinics in their chosen destination country. We act as an intermediary — identifying, recommending, and coordinating care pathways — but we do not ourselves provide clinical services.
For the purposes of applicable data protection legislation, including the EU General Data Protection Regulation (GDPR) and any equivalent national legislation in force in the jurisdictions where we operate, Cura Welt is the Data Controller in respect of the personal data described in this Policy.
You may contact our data team at any time:
📧 contact@curawelt.com
🌐 curawelt.com/contact
We collect personal data in the following circumstances:
A. Information You Provide Directly
- Full name, email address, phone number, and country of residence
- Nationality and passport information (where relevant for destination requirements)
- Medical condition category, treatment of interest, and preferred destination country
- Budget indications and preferred travel timeframe
- Communications you send us via our contact form, email, or live chat
B. Special Category Data (Health Data)
Because our service relates to healthcare, we may process health-related information you choose to share with us — such as your diagnosis, prior medical history, or treatment needs. This is classified as special category data under the GDPR and is subject to heightened protection. We only collect such data with your explicit consent and only to the extent necessary to identify suitable partner clinics for you.
C. Automatically Collected Technical Data
- IP address, browser type, operating system, and device information
- Pages visited, referral source, time on site, and click patterns (via cookies and analytics tools)
- Geographic region (country-level only, derived from IP)
D. Third-Party Sources
- If you reach us via a partner referral link, we may receive limited data from that referring partner
- Publicly available information to verify clinic partner credentials
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Matching you with suitable partner clinics | Contact info, treatment needs, destination preference | Contract performance / Consent |
| Responding to enquiries and providing support | Name, email, message content | Contract performance / Legitimate interest |
| Sending clinic recommendations and quotes | Contact info, medical category | Consent |
| Service improvement and quality analysis | Anonymised usage data, feedback | Legitimate interest |
| Legal and regulatory compliance | Relevant records as required | Legal obligation |
| Marketing communications (opt-in only) | Email address, preferences | Consent (withdrawable) |
| Website analytics and performance | IP, browser data, session data | Legitimate interest / Consent (cookies) |
We will never sell your personal data, share it for third-party marketing purposes, or use it for any purpose incompatible with those listed above.
Under the GDPR, we are required to identify a valid legal basis for each processing activity. We rely on the following:
- Contractual necessity (Art. 6(1)(b) GDPR): Processing required to respond to your enquiry, provide our facilitation service, and fulfil any agreement with you.
- Explicit consent (Art. 6(1)(a) & Art. 9(2)(a) GDPR): For special category health data and for optional communications. You may withdraw consent at any time without affecting prior processing.
- Legitimate interests (Art. 6(1)(f) GDPR): For general service improvements, fraud prevention, and internal analytics — where these are not overridden by your rights and interests.
- Legal obligation (Art. 6(1)(c) GDPR): Where we are required to retain or disclose data by applicable law.
Where consent is the lawful basis, you have the right to withdraw it at any time by contacting us at contact@curawelt.com.
Cura Welt operates on a commission-based model: partner clinics pay us a facilitation fee. Patients are never charged. This model shapes how we share data:
Partner Clinics
If you request a quote or referral for a specific country, we will share your relevant personal and medical information with the appropriate partner clinic(s) in that country. This is done with your knowledge and, where health data is involved, your explicit consent. Each partner clinic is independently bound by its own applicable data protection and patient confidentiality obligations.
Service Providers (Data Processors)
- Email and CRM platforms (e.g. for sending recommendations)
- Website analytics providers (e.g. anonymised traffic data)
- Cloud hosting and infrastructure providers
- Customer support tools
All processors are bound by data processing agreements consistent with GDPR Article 28 requirements.
Legal & Regulatory Bodies
We may disclose data where required by law, court order, or competent regulatory authority.
We Do Not Share With:
- Advertisers or data brokers
- Insurance companies without your explicit request and consent
- Any party for their own marketing purposes
By nature, our service involves the transfer of personal data to partner clinics and service providers located outside the European Economic Area (EEA). Destination countries may include Turkey, Thailand, India, Mexico, South Korea, the UAE, and others depending on patient preference.
Where transfers involve countries not covered by an EU adequacy decision, we ensure appropriate safeguards are in place, such as:
- EU Standard Contractual Clauses (SCCs) as approved by the European Commission
- Your explicit informed consent to the specific transfer, noting the risks where applicable
- Binding corporate rules or equivalent mechanisms where available
You may request details of the safeguards applicable to any specific transfer by contacting us at contact@curawelt.com.
We retain personal data only for as long as necessary for the purposes described, or as required by law:
| Data Type | Retention Period |
|---|---|
| Enquiry and contact data (no service commenced) | 12 months from last contact |
| Patient facilitation records (service engaged) | 5 years from service completion |
| Health / special category data | Deleted within 30 days if service declined; otherwise up to 5 years |
| Financial and transactional records | 7 years (statutory requirement in most jurisdictions) |
| Marketing consent records | Until consent is withdrawn, then promptly deleted |
| Website analytics (anonymised) | 26 months (standard analytics rolling window) |
After expiry of the applicable retention period, data is securely deleted or irreversibly anonymised.
Depending on your country of residence, you may hold some or all of the following rights in respect of your personal data. We will respond to all valid requests within 30 days:
To exercise any right, please contact us at contact@curawelt.com or via our contact form. We may need to verify your identity before processing your request. There is no charge for exercising your rights, though we may charge a reasonable administrative fee for manifestly unfounded or excessive requests.
Our website uses cookies and similar tracking technologies to operate effectively and understand how visitors interact with our content. We use the following categories of cookies:
| Category | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Core website functionality (session management, security) | No — essential to service |
| Functional | Remembering preferences (language, region) | No — legitimate interest |
| Analytics | Understanding site usage to improve our service (e.g. Google Analytics in anonymised mode) | Yes — via cookie consent |
| Marketing | Delivering relevant advertisements (we do not currently operate ad campaigns) | Yes — currently not in use |
You may manage or withdraw cookie consent at any time via our cookie preference centre (accessible through the cookie banner on first visit). You may also set your browser to refuse all cookies, though this may impair certain site functionality.
Our services are intended for adults aged 18 years and over. We do not knowingly collect personal data from individuals under the age of 18. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at contact@curawelt.com and we will take steps to delete the information promptly.
Where a minor requires medical travel facilitation, a parent or legal guardian must make the enquiry and provide consent on the child's behalf. All such requests are handled with additional care and additional safeguards.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These include:
- TLS/SSL encryption for all data in transit
- Encryption of stored personal and health data at rest
- Access controls and role-based permissions limiting staff access to personal data
- Regular security assessments and penetration testing of our infrastructure
- Data Processing Agreements with all third-party processors
- Staff training on data protection obligations
In the event of a personal data breach that is likely to result in a high risk to individuals, we will notify affected parties and, where required, the relevant supervisory authority within 72 hours of becoming aware of the breach.
Cura Welt is not a healthcare provider. We do not provide medical advice, diagnose conditions, prescribe treatments, or employ clinicians. Any health information you share with us is used solely to match you with appropriate partner clinics — it is not reviewed or assessed for medical purposes by Cura Welt staff.
Medical decisions are made exclusively between you and the treating healthcare professionals at the partner clinic you choose. Cura Welt is not a party to any medical treatment agreement and accepts no responsibility for clinical outcomes.
This Privacy Policy governs only the personal data we collect and process in our capacity as a facilitation intermediary. Any data processed by a partner clinic once you engage their services is subject to that clinic's own privacy and patient data policies, for which Cura Welt is not responsible.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or our service offering. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a notice on our website for at least 30 days following any significant change
- Send an email notification to users who have provided their email address, if the change materially affects their rights
We encourage you to review this page periodically. Continued use of our services after changes have been published constitutes acceptance of the updated Policy.
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
- 📧 Email: contact@curawelt.com
- 🌐 Contact form: curawelt.com/contact
We aim to respond to all data-related requests within 5 business days, and to resolve them fully within 30 calendar days.
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, this is typically the authority in your country of residence. You may also lodge a complaint with the supervisory authority in the country where any alleged breach occurred.
For UK residents, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.