Privacy Policy

Data Controller: VICTORIA GREEN&HEALTH TOUR S.R.L.

IDNO: 1025600034324

Address: MD-2043, CHIȘINĂU BOTANICA, mun. Chișinău, Doctor Tudor Strișca, 8/7, ap.(of.) 24

E-mail: info@healthbridge.md

Phone: +373 79 311 471

In brief: Health Bridge collects data through forms and the user account, including contact details, passport information and health-related data. Under the current configuration, essential technical cookies are used; non-essential cookies must be activated only after consent has been obtained.

Special protection: health data is a special category of personal data. We ask users to provide only the information necessary for a specific request and, as a rule, process such data on the basis of the user’s explicit consent.

1. About this Policy and the Data Controller

This Privacy Policy explains which personal data is processed when users access healthbridge.md, use a user account, submit contact forms or receive coordination services, the purposes for which the data is used, the parties to whom it may be disclosed and the rights available to the user.

The Data Controller is VICTORIA GREEN&HEALTH TOUR S.R.L., IDNO 1025600034324, address: MD-2043, CHIȘINĂU BOTANICA, mun. Chișinău, Doctor Tudor Strișca, 8/7, ap.(of.) 24. For privacy-related matters, contact us at info@healthbridge.md or by phone at +373 79 311 471.

This Policy applies with due regard to Law of the Republic of Moldova No. 133/2011 on Personal Data Protection, which is in force on the date of this version, Regulation (EU) 2016/679 (GDPR) where it applies territorially, and the new Law of the Republic of Moldova No. 195/2024, which enters into force on 23 August 2026.

2. Personal Data We Collect

2.1. Data submitted through the consultation form

  • first name and last name;
  • e-mail address;
  • phone number and country code;
  • selected service or package;
  • message content and any other information voluntarily entered by the user in the form.

2.2. User account data

  • first name, last name, date of birth and gender;
  • passport series and number or details of another identity document;
  • country and city;
  • e-mail address and phone number;
  • request history, selected services and account settings.

2.3. Health data

  • medical history and descriptions of health conditions;
  • allergies and intolerances;
  • current medicines;
  • diagnoses, test results, medical reports, images and documents, where provided by the user;
  • information required by a clinic or specialist for preliminary assessment and service coordination.

2.4. Contact and communication data

  • correspondence by e-mail, phone, messaging services and website forms;
  • date, time, content and processing status of a request;
  • preferred language and communication channel.

2.5. Technical data

  • IP address, device and browser type, operating system;
  • date and time of access, pages viewed and referring source;
  • security log data, session identifiers and time-zone settings;
  • cookies and similar technologies described in Section 10.

2.6. Data received from third-party services

If a user chooses to sign in or communicate through Google, Telegram or another service, we may receive data authorised by the user and transmitted by the relevant service, such as the user’s name, e-mail address, account identifier and profile image. The scope of data depends on the user’s settings and the permissions granted to the third-party service.

3. Purposes for Which We Use Personal Data

  • to respond to a request and arrange a preliminary consultation;
  • to identify suitable clinics, specialists, medical services and related services;
  • to forward the request to a selected clinic or provider after obtaining the required consent or another valid legal basis;
  • to create and maintain a user account;
  • to coordinate travel, accommodation, transfers, interpretation and other agreed services;
  • to communicate with the user and provide updates on the status of the request;
  • to ensure security, prevent misuse and protect the website;
  • to comply with legal requirements, respond to competent authorities and protect the Company’s rights;
  • to improve the website and analyse its use, solely by using data permitted by law and, where required, after consent to analytics cookies has been obtained;
  • to send marketing communications, solely on the basis of separate consent or another legal basis permitted by law and with an option to unsubscribe.

4. Legal Bases for Processing

Legal basis When it applies Examples
Steps taken at the user’s request / performance of a contractWhere processing is required to respond, prepare an offer, operate an account or provide an agreed service.Contact details, selected service and communication arrangements.
Explicit consentFor health data, medical documents and other cases in which the law requires separate consent.Disclosure of health data to a selected clinic and processing of uploaded medical reports.
Legal obligationWhere retention or disclosure is required by law or by a lawful request from an authority.Responses to competent authorities and maintenance of mandatory records.
Legitimate interestsFor security, prevention of misuse, protection of rights and basic operational analytics, subject to an appropriate balancing assessment.Security logs, account protection and fraud prevention.
Consent to cookies or marketingFor optional analytics, preference or marketing technologies and communications.Visitor statistics, advertising cookies and newsletters, where used.

5. Consent to the Processing of Health Data

Where a user provides health information or medical documents, or asks us to disclose them to a clinic, Health Bridge requests explicit, specific and informed consent unless another lawful basis applies.

Consent may be withdrawn at any time by writing to info@healthbridge.md. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal was received and may limit our ability to continue selecting or coordinating a medical service.

Where required by law, consent to process health data and disclose it to selected clinics and specialists is requested separately from acceptance of the Website Terms of Use.

6. Parties to Whom Personal Data May Be Disclosed

Access is granted only to the extent necessary for the relevant purpose. Recipients may include:

  • authorised Health Bridge employees and representatives;
  • clinics, doctors, laboratories and other medical providers selected by the user;
  • hotels, airlines, transport companies, interpreters, guides and other providers of agreed services;
  • providers of hosting, cloud services, e-mail, CRM systems, technical support, cybersecurity and backup services;
  • authentication or communication providers, such as Google or Telegram, where the user selects the relevant function;
  • professional advisers, auditors, lawyers and insurers where necessary;
  • public authorities, courts and law-enforcement bodies where disclosure is required by law or by a lawful request.

Service providers that process data on our behalf must comply with confidentiality, security and contractual restrictions. Clinics and other independent providers may act as separate data controllers and may provide their own privacy notices.

We do not sell personal data or disclose it to advertising partners without an appropriate legal basis and, where required, the user’s consent.

7. International Data Transfers

Because services may involve clinics, transport providers and tourism providers located in different countries, personal data may be transferred outside the Republic of Moldova and, in some cases, outside the European Economic Area.

Before a transfer, we assess its necessity and the applicable law, limit the amount of data disclosed and use available safeguards, such as an adequacy decision, standard contractual clauses, contractual and technical measures, explicit informed consent or another basis permitted by law.

The user may request additional information about the destination country and the safeguards applied by contacting info@healthbridge.md.

8. Retention Periods

We retain personal data no longer than necessary for the stated purposes, taking into account the nature of the data, the status of the request, legal requirements and potential disputes. Indicative retention periods are as follows:

  • Requests not followed by a contract: up to 24 months after the last substantive contact, unless the user requests earlier deletion and there is no legal basis for longer retention.
  • User account and profile data: for the duration of account activity; after closure, generally up to 30 days in primary systems and for a limited period in protected backup copies.
  • Health information and medical documents: only for the period required to assess and coordinate the request; as a rule, no longer than 3 years after the last interaction, unless longer retention is required by law, contract, the need to protect legal rights or separate consent.
  • Correspondence and documents relating to provided services: for the period required to perform obligations and protect legal claims, generally up to 3 years after the end of the interaction, unless the law requires otherwise.
  • Security logs: generally up to 12 months, unless a longer period is required to investigate an incident.
  • Cookies: according to the periods stated in the cookie table or browser settings.

When a retention period expires, the data is deleted, irreversibly anonymised or isolated until it can be securely removed from backup copies.

9. Data Security

We apply proportionate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, loss and destruction. Measures may include access controls, secure connections, session controls, security logs, backups, contractual confidentiality obligations and training for persons who have access to the data.

No transmission or storage method provides absolute security. In the event of an incident, we assess the risks and notify the competent authority and/or affected individuals where such notification is required by law.

10. Cookies

Cookies are small files or identifiers stored by a browser or used by a server to operate the website. Essential cookies are required for sessions, form protection and security and cannot be disabled through the cookie banner, although the user may restrict them in browser settings, which may prevent the website from functioning correctly.

According to the technical screenshot provided, the following cookies are used on the healthbridge.md domain:

Name Purpose Duration Category Protection
cpsessionMaintains the user’s technical session.SessionEssentialHttpOnly, Secure
healthbridge-sessionApplication session, authentication and state preservation.Until the server-defined expiry timeEssentialHttpOnly, Secure, SameSite=Lax
timezoneStores the time zone to display time correctly.SessionEssential / PreferencesSecure
XSRF-TOKENProtects forms and requests against cross-site request forgery (CSRF).Until the server-defined expiry timeEssentialSecure, SameSite=Lax

The website banner provides the categories “Essential”, “Statistics”, “Marketing” and “Preferences”. According to the current technical screenshot, only the cookies listed above were detected. If analytics, marketing or other non-essential technologies are introduced, this table must be updated and such technologies must be blocked until the user’s consent has been obtained where consent is required.

The user may change their choice through the “Cookie Settings” link on the website and through browser settings. Withdrawal of consent does not affect the lawfulness of cookie use before withdrawal.

11. User Rights

Depending on the applicable law, the user may have the right to:

  • obtain confirmation that personal data is being processed and access that data;
  • correct inaccurate data or complete incomplete data;
  • request deletion where there is no legal basis for continued retention;
  • request restriction of processing;
  • object to processing based on legitimate interests and opt out of direct marketing at any time;
  • receive data provided by the user in a structured, machine-readable format and transmit it to another controller where the right to data portability applies;
  • withdraw consent without affecting the lawfulness of prior processing;
  • not be subject to a decision based solely on automated processing that produces legal effects or similarly significant consequences, where this right applies;
  • lodge a complaint with the competent data protection authority.

To exercise a right, contact us at info@healthbridge.md. We may request reasonable information to verify the person’s identity and protect the data. We will respond within the periods established by applicable law. If a request is complex or numerous requests are received, the period may be extended with notice to the user where permitted by law.

In the Republic of Moldova, the supervisory authority is the National Centre for Personal Data Protection (CNPDCP). A person located in the EU/EEA may also contact the supervisory authority in the place of their habitual residence, place of work or the alleged infringement where the GDPR applies.

12. Automated Decision-Making

Health Bridge does not make decisions concerning users that are based solely on automated processing and produce legal or similarly significant effects. Technical tools may support the selection of options, but final communication and coordination are carried out with human involvement.

13. Personal Data of Minors

The website is not intended for independent use by children. Personal data relating to a minor must be provided by a parent, legal representative or another person with lawful authority. We may request evidence of such authority and may delete data if we determine that it was provided without a proper legal basis.

14. Links and Third-Party Websites

The website may contain links to clinics, partners, social networks and other websites. Their processing of personal data is governed by their own privacy policies. Before submitting data on a third-party website, users are advised to review its terms and privacy information.

15. Changes to this Policy

We may update this Policy when legislation, website functions, providers or processing activities change. The current version is published on the website with its revision date. In the case of material changes, we may use additional notification methods and request consent again where required.

16. Legal Framework

This Policy has been prepared with due regard to Law of the Republic of Moldova No. 133/2011 on Personal Data Protection, Law No. 284/2004 on Information Society Services, applicable civil and consumer-protection rules, Regulation (EU) 2016/679 (GDPR), and the transition to Law of the Republic of Moldova No. 195/2024 on Personal Data Protection from 23 August 2026.

Contact Information

VICTORIA GREEN&HEALTH TOUR S.R.L.

IDNO: 1025600034324

Address: MD-2043, CHIȘINĂU BOTANICA, mun. Chișinău, Doctor Tudor Strișca, 8/7, ap.(of.) 24

E-mail: info@healthbridge.md

Phone: +373 79 311 471

Website: healthbridge.md