π‘οΈ PRIVACY POLICY
Last Updated: October 2025
1. INTRODUCTION
Dr. Serge Tunitski Medical Clinic (hereinafter β 'we', 'our', 'Clinic') is committed to protecting the confidentiality and security of personal data of our patients and website visitors.
This Privacy Policy describes how we collect, use, process, and protect your information in accordance with:
- Israeli Privacy Protection Law
- General Data Protection Regulation (GDPR)
- Medical ethical standards
By using our website and services, you agree to the terms of this Policy.
2. WHAT DATA WE COLLECT
2.1. Data you provide directly:
- Personal data: first name, last name, ID, contact information (phone, email, address)
- Medical information: medical history, symptoms, diagnoses, examination results, medical images
- Demographic data: age, gender, marital status
- Financial data: payment information (when making payments)
2.2. Data collected automatically:
- Technical data: IP address, browser type, operating system, device information
- Usage data: page views, visit time, on-site activity history
- Cookies and similar technologies (see section 5 for details)
2.3. Data from third parties:
- Information from other medical institutions (upon your request)
- Data from insurance companies
- Referral information from referring physicians
3. HOW WE USE YOUR DATA
3.1. Main processing purposes:
We use your data to provide medical services and treatment, maintain medical records, schedule appointments and manage schedules, communicate with patients about treatment, improve quality of medical services, marketing communications (with your consent), and fulfill legal obligations.
3.2. Processing of medical data:
Specially protected medical data is processed based on:
- Explicit consent (Art. 9(2)(a) GDPR)
- Provision of medical services (Art. 9(2)(h) GDPR)
- Protection of vital interests (Art. 9(2)(c) GDPR)
4. DATA SHARING WITH THIRD PARTIES
4.1. Internal sharing:
Your data may be shared among Dr. Serge Tunitski Clinic staff exclusively for medical purposes and to the extent necessary to provide services.
4.2. External recipients:
We may share data with the following categories of recipients:
- Medical specialists: consultants, laboratories, diagnostic centers
- Technical providers: hosting providers, IT support
- Administrative services: accounting, insurance companies
- Government authorities: as legally required
4.3. International transfers:
Data is primarily stored in Israel. When transferring to third countries, we ensure protection through adequate EU decisions, standard contractual clauses, and certified protection mechanisms.
5. SPECIFIC THIRD-PARTY SERVICES
5.1. Communication and messenger services:
- WhatsApp Business (Meta Platforms, Inc.) - online consultations and appointment booking
- Telegram Messenger (Telegram FZ-LLC) - patient communication
- Facebook Messenger (Meta Platforms, Inc.) - customer service
- Viber (Rakuten Viber) - messenger communications
- WeChat (Tencent Holdings) - for international patients
- Line (LINE Corporation) - Asian market
- Signal (Signal Foundation) - secure communications
- Slack (Salesforce) - internal team communications
5.2. Social media and platforms:
- Facebook (Meta Platforms, Inc.) - marketing and patient acquisition
- Instagram (Meta Platforms, Inc.) - medical education
- YouTube (Google LLC) - educational medical content
- LinkedIn (Microsoft Corporation) - professional communications
- Twitter/X (X Corp.) - news and updates
- TikTok (ByteDance Ltd.) - medical educational content
- Pinterest (Pinterest Inc.) - visual medical content
- Reddit (Reddit Inc.) - participation in medical communities
5.3. Analytics services:
- Google Analytics (Google LLC) - web analytics and statistics
- Yandex.Metrika (Yandex LLC) - user behavior analysis
- Microsoft Clarity (Microsoft Corporation) - session recording
- Hotjar (Hotjar Ltd) - heat maps and interaction analysis
- Amplitude (Amplitude Inc.) - product analytics
- Mixpanel (Mixpanel Inc.) - user journey analysis
- Adobe Analytics (Adobe Inc.) - advanced web analytics
5.4. Marketing and advertising services:
- Google Ads (Google LLC) - contextual advertising and retargeting
- Facebook Pixel (Meta Platforms Inc.) - conversion tracking
- LinkedIn Insight Tag (Microsoft Corporation) - audience analysis
- TikTok Pixel (ByteDance Ltd.) - TikTok advertising
- Twitter Pixel (X Corp.) - Twitter/X retargeting
- Pinterest Tag (Pinterest Inc.) - conversion tracking
- Criteo (Criteo SA) - dynamic retargeting
- Google Marketing Platform (Google LLC) - campaign management
5.5. Technical and infrastructure services:
- Google Tag Manager (Google LLC) - tag management
- Cloudflare (Cloudflare Inc.) - CDN and security
- Vercel Analytics (Vercel Inc.) - performance monitoring
- Sentry (Sentry Inc.) - error monitoring
- New Relic (New Relic Inc.) - application performance
- Google Fonts (Google LLC) - web fonts
- Font Awesome (Fonticons Inc.) - icons and graphics
- Google Workspace (Google LLC) - email and documents
5.6. Content management and CRM services:
- HubSpot (HubSpot Inc.) - CRM and marketing automation
- Salesforce (Salesforce Inc.) - customer relationship management
- Mailchimp (Intuit Inc.) - email marketing
- SendGrid (Twilio Inc.) - transactional emails
- Calendly (Calendly LLC) - online appointment booking
- Acuity Scheduling (Square Inc.) - schedule management
- Typeform (Typeform SL) - online forms and surveys
- JotForm (JotForm Inc.) - form creation
5.7. Payment and financial services:
- Stripe (Stripe Inc.) - online payment processing
- PayPal (PayPal Holdings Inc.) - electronic payments
- Square (Square Inc.) - payment solutions
- Apple Pay (Apple Inc.) - mobile payments
- Google Pay (Google LLC) - mobile payments
5.8. Medical specialized services:
- Electronic Health Records systems - electronic medical records systems
- Medical imaging platforms - medical imaging platforms
- Telemedicine platforms - telemedicine platforms
- Medical billing services - medical billing services
5.9. Additional potential services:
- Zoom (Zoom Video Communications) - video conferencing
- Microsoft Teams (Microsoft Corporation) - corporate communications
- Google Meet (Google LLC) - video meetings
- Dropbox (Dropbox Inc.) - cloud file storage
- Google Drive (Google LLC) - cloud storage
- OneDrive (Microsoft Corporation) - cloud storage
- Notion (Notion Labs Inc.) - project management
- Trello (Atlassian) - task management
5.10. Consent management and compliance:
- OneTrust (OneTrust LLC) - cookie consent management
- Cookiebot (Usercentrics A/S) - consent management
- Termly (Termly Inc.) - policy generator
- iubenda (iubenda s.r.l.) - legal solutions for websites
INTERNATIONAL DATA TRANSFER
Please note that many of the listed services may store and process data outside Israel, including the USA, EU countries, and other jurisdictions. We ensure protection of your data through:
- Standard contractual clauses of the EU
- Certificates of compliance with international standards
- Data Processing Agreements (DPAs)
- Privacy Shield principles (where applicable)
CONSENT MANAGEMENT
You can change your preferences regarding the use of cookies and tracking at any time through the control panel on our website or directly in your browser settings.
6. COOKIES AND TRACKING TECHNOLOGIES
6.1. Essential cookies (functional):
- Session cookies for website operation
- Security cookies
- Shopping cart/appointment booking cookies
6.2. Analytics cookies (require consent):
- Google Analytics (anonymized data)
- User behavior analytics
- Visit statistics
6.3. Marketing cookies (require explicit consent):
- Retargeting technologies
- Social media pixels
- Advertising platforms
You can manage cookie settings through the control panel on our website.
7. DATA SECURITY
We apply comprehensive security measures to protect your data:
7.1. Technical measures:
- π Data encryption during transmission (SSL/TLS)
- π‘οΈ Secure servers with restricted access
- π Regular backup
- π 24/7 security monitoring
7.2. Organizational measures:
- Signing confidentiality agreements with employees
- Restricting access to medical records on a 'need to know' basis
- Regular employee data protection training
- Periodic security audits
7.3. Medical confidentiality:
Medical records are protected in accordance with Israeli Patient Rights Law, medical ethics, and internal confidentiality protocols.
8. DATA RETENTION PERIODS
We retain your data only for the necessary period:
8.1. Medical records:
- 7 years from the date of last visit (Israeli legal requirement)
- For minors β until age 25
- Certain medical documents β permanently
8.2. Personal data:
- Until consent withdrawal or 3 years of inactivity
- Marketing data β until consent withdrawal
8.3. Technical data:
- Cookies β up to 24 months
- Server logs β up to 12 months
9. YOUR RIGHTS
In accordance with GDPR and Israeli legislation, you have the right to:
9.1. Basic rights:
- β Right to access β obtain a copy of your data
- β Right to rectification β update inaccurate data
- β Right to erasure β request data deletion ('right to be forgotten')
- β Right to portability β receive data in machine-readable format
9.2. Additional rights:
- βΈοΈ Right to restriction of processing β temporarily suspend processing
- π« Right to object β to processing for marketing
- β Right to withdraw consent β at any time without consequences
- π€ Right to human intervention β in automated decision-making
9.3. Rights exercise procedure:
To exercise your rights, contact our Data Protection Officer (contact details below). We will respond within 30 days.
10. CONTACTS AND RESPONSIBILITY
10.1. Data Controller:
Dr. Serge Tunitski Medical Clinic
- π Eli Landau 7, Herzliya, Israel
- π 0507377870
- βοΈ [email protected]
11. POLICY CHANGES
We may update this Privacy Policy. We will notify you of significant changes through:
- π§ Email (for existing patients)
- π Website notification
- π Banner when entering the website
Changes take effect 30 days after publication.
12. LEGAL INFORMATION
This Policy is governed by the laws of the State of Israel. All disputes are subject to resolution in Israeli courts.