CrewMedi

Privacy Policy

1. Purpose of Collecting and Using Personal Information

Global Travel & Business Co., Ltd (CrewMedi) collects and uses personal information for the following purposes:

  • Membership registration and management
  • Providing medical tourism services and responding to inquiries
  • Processing medical appointments and healthcare service coordination
  • Managing travel arrangements and accommodation bookings for medical purposes
  • Marketing and promotional activities (with explicit consent)
  • Service usage statistics and analysis for service improvement
  • Compliance with legal obligations and regulatory requirements

2. Personal Information Collected

Required Information:

  • Name, email address, contact number, password
  • Passport information and nationality (for international services)
  • Employment details (airline company, crew position) for verification

Medical Information (with explicit consent):

  • Health conditions and medical history relevant to requested services
  • Emergency contact information
  • Insurance information

Optional Information:

  • Address, profile photo, dietary preferences
  • Special accommodation requests

Automatically Collected:

  • IP address, cookies, visit logs, device information
  • Website usage patterns and service interaction data

3. Medical Information Processing

Special Category Data

We process medical and health information only with your explicit consent and solely for providing medical tourism services.

  • Medical information is processed only for healthcare service provision
  • All medical data is encrypted and stored in compliance with healthcare data protection standards
  • Access to medical information is strictly limited to authorized medical professionals and necessary service staff
  • Medical records are shared with partner healthcare facilities only with your explicit consent

4. International Data Transfers

As CrewMedi provides international medical tourism services, your personal information may be transferred to and processed in South Korea and other countries where our healthcare partners are located. We ensure adequate protection through:

  • Standard contractual clauses approved by relevant data protection authorities
  • Adequacy decisions where available
  • Your explicit consent for international medical services
  • Compliance with applicable international data protection regulations (GDPR, CCPA, etc.)

5. Retention and Use Period of Personal Information

  • Account Information: Retained until account deletion or withdrawal
  • Medical Records: Retained for 10 years as required by medical record keeping regulations
  • Service Usage Data: Retained for 3 years for service improvement
  • Marketing Data: Retained until consent withdrawal
  • Legal Compliance Data: Retained as required by applicable laws

After retention periods expire, information is securely deleted unless legally required to be retained longer.

6. Provision of Personal Information to Third Parties

We may share your personal information with:

  • Healthcare Partners: Licensed medical facilities and professionals (with your consent)
  • Travel Partners: Hotels and transportation services for medical tourism arrangements
  • Payment Processors: For secure payment processing
  • Legal Authorities: When required by law or to protect safety

Note: We never sell your personal information to third parties.

7. Data Processing Partners

We work with carefully selected partners for service delivery:

Cloud Hosting: Supabase (Database and authentication services)
Email Services: Professional email service providers for communications
Analytics: Privacy-compliant analytics for service improvement
Customer Support: Secure communication platforms for customer service

All partners are bound by strict data protection agreements and meet our security standards.

8. Your Rights and How to Exercise Them

You have the right to:

  • Access your personal information and obtain copies
  • Correct or update inaccurate information
  • Delete your personal information (right to erasure)
  • Restrict or object to processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time
  • Lodge a complaint with data protection authorities

Additional Rights for EU/EEA Residents:

  • Right to object to automated decision-making
  • Right to be informed about data breaches affecting you

To exercise these rights, contact our Data Protection Officer using the details in section 11.

9. Minors' Privacy Protection

Age Restrictions

Our services are intended for users 18 years and older. We do not knowingly collect personal information from minors under 18 without parental consent. If we become aware of such collection, the information will be deleted immediately.

10. Security Measures

We implement comprehensive security measures including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication and role-based access restrictions
  • Network Security: Firewalls, intrusion detection, and regular security monitoring
  • Regular Audits: Quarterly security assessments and penetration testing
  • Staff Training: Regular privacy and security training for all employees
  • Incident Response: 24/7 security incident response procedures

11. Data Protection Officer and Contact Information

Company: Global Travel & Business Co., Ltd
Data Protection Officer: Kelly Park
Position: Marketing Director & Privacy Officer
Phone: +82-70-8286-9106
Email: crewmedicare@gmail.com
General Inquiries: gtnb2022@gmail.com
Response Time: We aim to respond to all privacy-related inquiries within 72 hours.

12. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify relevant authorities within 72 hours (as required by law)
  • Inform affected users within 72 hours when there is a high risk to their rights
  • Provide clear information about the nature of the breach and steps taken
  • Offer guidance on protective measures you can take

13. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for website functionality (cannot be disabled)
  • Analytics Cookies: To understand website usage and improve services
  • Preference Cookies: To remember your settings and preferences
  • Marketing Cookies: For targeted advertising (with your consent)

Cookie Management: You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect website functionality.

14. Changes to This Privacy Policy

Effective Date: January 1, 2025
Last Updated: September 23, 2025

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website with the revision date
  • Notify users via email for material changes
  • Provide 30 days advance notice for significant changes affecting your rights
  • Maintain an archive of previous policy versions for reference

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of South Korea and applicable international data protection regulations. Any disputes will be resolved in the courts of Seoul, South Korea, except where mandatory local consumer protection laws provide otherwise.