PRIVACY POLICY – MEDASSIS LTD.

Last Updated: 26 of February 2026

At Med-Assis LTD. (“Medassis“, “We“, or “Us“), we hold personal privacy in the highest regard and are committed to maintaining the integrity, confidentiality, and security of the personal data we process. We ensure that all personal data is handled responsibly, transparently, and in accordance with applicable data protection laws, and used solely for the purposes described in this Policy. This Policy also includes information regarding the online identifiers and cookies used on our Website (“Cookies“).

In particular, this Policy applies when:

• You visit, use, or register for services available on Our Website (“Website”) or use any features or resources available through it;
• You visit or interact with Us via social media platforms;
• You contact Our operations center, customer service, or medical coordination teams, or We contact you;
• You interact with Us in connection with medical assistance, medical evacuation, repatriation, or related services, whether directly or through an insurance company, assistance company, healthcare provider, or other authorized third party;
• You use, visit, or interact with Us through our application, any other platform, interface, or communication channel.

The Website enables you to learn about Our medical assistance and medical flight services, submit inquiries, and contact Us. However, Our processing of Personal Data extends beyond Website use and includes all activities related to the coordination, provision, and administration of medical assistance services, including emergency response, medical evacuation, repatriation, medical consultation, and coordination with insurers, healthcare providers, and service partners worldwide.

Depending on the specific circumstances, We process Personal Data either:
(i) as a Processor, on behalf of insurance companies, assistance companies, or other entities that act as Controllers and determine the purposes and means of processing; or
(ii) as a Controller, in particular with respect to Personal Data collected directly through the Website, from private individuals engaging Us directly, or in connection with privately funded medical flight services.

Where We act as a Controller, We determine the purposes and means of the processing of your Personal Data. Where We act as a Processor, We process Personal Data strictly in accordance with the instructions of the relevant Controller and applicable data protection laws.

We will process your Personal Data only as described in this Policy, and We will handle any rights you may exercise under applicable data protection law in accordance with the procedures detailed below, taking into account Our role as Controller or Processor, as applicable.

“Personal Data” refers to any information relating to an identified or identifiable individual. Even information that cannot identify you on its own may be considered Personal Data when combined with other available data.

Please read this Policy carefully to obtain a clear understanding of Our practices regarding your Personal Data and how We protect it

COLLECTION OF PERSONAL DATA, PURPOSES, AND LEGAL BASIS FOR PROCESSING

We receive and store any Personal Data that you provide us using the Website or in any other way, as well as Personal Data received from insurance companies, assistance companies, healthcare providers, hospitals, family members, or other authorized parties, as part of the provision of medical assistance services. The categories of Personal Data that We collect and process are described more particularly below.

Aggregated and Analytical data

We may use non-personal aggregated data, including such that was derived from personal data but that was anonymized or pseudonymized to remove its personally identifying characteristics (“Aggregated data”) for statistical, research and planning purposes and may retain the personal data in order to improve the overall quality of Medassis’s products and services.

We retain the right to collect and use personal data and the Aggregated data in order to improve our Website, application, and our services in general.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may share your personal data with third parties as described below:

• Regulators and public bodies: We will follow lawful requirements by authorities to disclose personal data. We may need to disclose personal data in response to lawful requests by public authorities, law enforcement agencies, and regulators including to meet national security, public health, or law enforcement requirements or to comply with a court order or subpoena or other legal obligation.
• Insurance companies and assistance companies: Where medical assistance or medical flight services are provided in coordination with or on behalf of an insurance company, assistance company, or similar entity, Personal Data may be shared with such entities for the purposes of case administration, medical coordination, coverage verification, approvals, claims handling, and compliance with contractual and regulatory requirements.
• Healthcare providers and medical professionals:Personal Data, including health and medical information, may be disclosed to hospitals, clinics, physicians, medical consultants, emergency responders, ambulance services (including air and ground transport providers), and other healthcare professionals or entities involved in the diagnosis, treatment, evacuation, repatriation, or continuation of medical care.
• Service providers and advisors:We may disclose Personal Data to professional advisers such as legal counsel, auditors, accountants, insurers, and consultants, where necessary for the operation of Our business, compliance with legal obligations, or the establishment, exercise, or defense of legal claims.
• Parties to a corporate transaction. We also reserve the right to share and transfer your personal data if we sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, or reorganization). In such events, We will use commercially reasonable efforts to prevent such third parties from disclosing the personal data in contradiction with the terms of this Policy.

Where We act as a Processor on behalf of an insurance company, assistance company, or other Controller, any disclosure of Personal Data described above is carried out solely in accordance with the instructions of the relevant Controller, and the responsibility for providing the applicable privacy notice to data subjects rests with that Controller.

These third parties may access, process, and/or store our (and in turn your) Personal Data while providing their services to us, and they may vary from time to time.

YOUR CHOICE

You may opt-out of our mailing lists and terminate your use of our Website.

You may choose to stop receiving marketing communications from us at any time by using the unsubscribe link included in Our messages. You may also stop using the Website at any time, after which we will no longer collect new Personal Data through your use of the Website, though we will continue to retain and use Personal Data already collected as described in this Privacy Policy. You may additionally request that we refrain from sharing your Personal Data with certain third-party providers or our affiliates, except where such sharing is necessary to provide the services you requested, comply with legal obligations, or protect our rights. Please note that some opt-out requests may affect our ability to provide certain services, and it may take up to ten (10) business days for your request to take effect.

ACCESSING YOUR PERSONAL DATA

At any time, you can request access to your personal data.

If you find that the personal data, We hold about you is not accurate, complete, or up to date, please provide us with the necessary information to correct it.

At any time, you can contact us at: inq@medassis.com and request to access the personal data that We keep about you. We may ask you to provide us with certain credentials to make sure that you are who you claim to be and will make good-faith efforts to locate the personal data that you request to access.

To the extent that you are entitled to a right of access under the applicable law, you can obtain confirmation from us of whether We are processing personal data about you, receive a copy of that data, and subsequently:

• Verify its accuracy and the lawfulness of its processing;
• Request the correction, amendment, or deletion of your personal data if it is inaccurate or if you believe that the processing of your personal data violates applicable law.

We will use judgment and due care to redact from the personal data which We will make available to you, personal data related to others.

YOUR DATA SUBJECT RIGHTS UNDER EU DATA PROTECTION LAWS

For the purposes of this section, “Personal Data” has the meaning given in the General Data Protection Regulation ((EU 2016/679) (“EU GDPR”) and the UK Data Protection Act (“UK GDPR”, together with the EU GDPR and for as long as they remain substantially similar, “GDPR”).

Data Subject Rights

In addition to your rights under other sections of this policy, you have the following rights:

• The right to be informed about the collection and the use of your Personal Data;
• The right to know whether We are processing your Personal Data and to be provided with a copy of such Personal Data held by Us;
• The right to request the rectification of your Personal Data, or completion if it is incomplete;
• The right to erasure (to be forgotten) in certain circumstances;
• The right to restrict the processing of your Personal Data in certain circumstances;
• The right to data portability, which allows you to obtain and reuse your Personal Data for your own purposes across different services, where the Personal Data is processed through automated means and further to your consent or for the performance of a contract with Medassis;
• The right to object to the processing of your Personal Data in certain circumstances;
• Rights in relation to automated decision-making and profiling;
• The right to withdraw consent at any time (where relevant); and
• The right to complain to a data protection supervisory authority of your habitual residence, place of work, or of an alleged infringement of the GDPR.

At any time, you can contact us at: inq@medassis.com and send us a request to exercise your rights. Please note that when you send us such a request, in order to protect your personal data, We will need to verify and reasonably authenticate your identity and location. We may ask you to provide us with credentials to make sure that you are who you claim to be and may ask you for more details to better understand the nature and scope of your request.

We will respond to your request within a reasonable timeframe and notify you of the action We have taken. In some instances, your rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you have any concerns about the way We process your Personal Data, you are welcome to contact our privacy team. We will investigate your inquiry and make good-faith efforts to respond promptly.

INTERNATIONAL DATA TRANSFER

Medassis is based in a jurisdiction that is considered by the European Commission and the United Kingdom to be offering an adequate level of protection for the personal data processed under GDPR.

Due to the nature of our business, and as provided in the disclosure to third parties section above, We may transfer personal data to third parties such as our service providers, and cloud hosting services as needed for the purposes outlined in this Policy. As a result, the personal data We collect may be transferred to and stored in countries outside of the European Union. We make sure that such third parties provide us with adequate confidentiality and security commitments in respect to the storage and processing of your personal data.

While privacy laws may vary between jurisdictions, Medassis has taken steps to ensure that your personal data is treated by its affiliates and service providers securely and lawfully, and following common industry practices, regardless of any lesser legal requirements that may apply in their jurisdiction.

CHILDREN’S PRIVACY

Medassis’s Website and platforms are not directed or designed to attract children under the age of 16, and We do not knowingly collect Personal Data from children through the Website without the involvement or authorization of a parent or legal guardian.

However, as part of the provision of medical assistance, medical evacuation, and related services, Medassis may process Personal Data relating to minors, including health and medical information, where such processing is necessary for the delivery of medical services. Such processing may occur where Medassis provides services directly (including to private customers), or where Medassis provides services in coordination with, or on behalf of, an insurance company, assistance company, or other authorized entity.

In such cases, Personal Data relating to minors is processed solely for the purpose of providing the requested medical services, in accordance with applicable data protection laws, and subject to appropriate safeguards. Where required, such processing is carried out with the involvement or consent of a parent or legal guardian, or as otherwise permitted by law, including in situations involving medical necessity or the vital interests of the data subject.

If We become aware that Personal Data of a child has been collected through the Website or other platform in a manner that is not permitted under applicable law, We will take reasonable steps to delete such data as soon as practicable.

If you believe that We may hold Personal Data relating to a child in a manner that is inconsistent with this Policy: inq@medassis.com

DATA RETENTION

We make every effort to ensure that your Personal Data is processed only for the minimum duration required to fulfill the purposes outlined in this Policy. Different types of personal data are retained for varying periods, depending on the purpose for which the personal data is collected and processed, Our role in the processing activity (Controller or Processor), Our legitimate business needs, and legal or regulatory obligations under applicable laws.

For example, We apply the following criteria when determining how long Personal Data is retained:

• Medical assistance and medical flight services:

Personal Data processed in connection with medical assistance, medical evacuation, repatriation, or related services (including medical and health information) is retained for the period necessary to provide and document the services, manage the relevant case, communicate with insurers, healthcare providers, and other involved parties, and comply with applicable legal, medical, insurance, and regulatory requirements.

Where We acts as a Controller, medical records and related health data are retained in accordance with mandatory medical record-keeping obligations applicable to Medassis, as follows:

• Adult patients: Medical records are retained for a minimum period of seven (7) years from the date of the last entry in the medical record.
• Minor patients: Where services are provided to a minor, medical records are retained for a minimum period of seven (7) years from the date the individual reaches the age of eighteen (18), i.e., generally until the age of twenty-five (25).

Where We act as a Processor, retention is determined in accordance with the instructions of the relevant Controller and applicable law.

• Private customers and direct engagements:

Where Medassis provides services directly to individuals (including privately funded medical flights), Personal Data is retained for the duration of the engagement and thereafter for such period as is necessary for record-keeping, billing, dispute resolution, insurance, and legal defense purposes, in accordance with applicable limitation periods and regulatory requirements.

• Website inquiries and communications:

Personal Data collected through the Website or other communication channels (such as inquiries or contact requests) is retained for the period necessary to respond to the inquiry, manage follow-up communications, and maintain internal records. Where appropriate, such data may be retained under Our legitimate interests for business continuity, compliance, and service improvement, subject to your rights under applicable law.

• Marketing and informational communications:

Personal Data used for marketing or promotional communications is retained until you withdraw your consent or object to such processing, unless further retention is required to comply with legal, regulatory, or evidentiary obligations (for example, to document consent or an opt-out request).

• Legal, regulatory, and compliance obligations:

Personal Data that We are required to retain in order to comply with applicable laws and regulations—such as medical documentation requirements, insurance-related obligations, tax, accounting, auditing, or record-keeping laws—will be retained for the applicable statutory retention periods, even where services are not ultimately provided or have concluded.

• Technical and Analytics Data:

Technical and Analytics Data generated through the Website is retained in accordance with the Cookies Policy and our service providers’ policies. Where possible, we store only aggregated or anonymized data that does not identify you.

We may also maintain your contact information to stay in touch with you Once the applicable retention period ends, your Personal Data will be deleted. For additional information about our data retention practices, you may contact our privacy team at: inq@medassis.com anytime. Please note that We may retain your data without processing it, unless necessary, and only for the period required to fulfill legal obligations.

Aggregated, non-identifiable data will be retained indefinitely, and We will make reasonable efforts to delete or anonymize any potentially identifiable data when it is no longer required.

As long as you continue using our Website or services, We will retain your personal data, unless We are legally required to delete it or choose to do so at our discretion, in accordance with this Policy.

COOKIES AND SIMILAR TECHNOLOGIES

Our Website uses cookies, pixel tags and other forms of online identifiers and tools. This helps us provide you with a good experience when you browse the Website and allows us to improve and customize our Website and the ways we communicate with you. In general, Cookies are small text files sent by a web server to your web browser and saved locally on your end-point device. The cookie allows the server to uniquely identify the browser on each page.

You can find more information about cookies and other online tracking technologies through the following websites:

https://www.allaboutcookies.org

https://www.consumer.ftc.gov/articles/0042-online-tracking

You can also find additional information on how we use tracking technologies by reading the cookies section on your browser’s settings.

Cookies set by the website owner (in this case, Medassis) are called “first-party cookies”. Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics).

Types of Cookies:

There are 3 types of cookies used on the Website: Essential, Analytical, and Targeting.

• Essential cookies are strictly necessary for the Website to run smoothly.
• Analytical cookies are used by us throughout the Website, to learn how you interact with content on the Website and improve its content.
• Advertising and Retargeting cookies are used by us throughout the Website to make advertising messages more relevant to you and based on your interests.

Essential cookies are processed based on our legitimate interest in operating and securing the Website. Analytical and Advertising cookies are used only with your consent.

Some cookies are removed when you close your browser session (temporary), other cookies last for longer periods (persistent) and can be used to recognize your device on different browsing sessions. You can view the expiry date of each cookie, through your browser settings.

You may opt-out of the collection and use of Personal Data for ad targeting by following the directions in the links below:

http://www.aboutads.info/choices 

http://www.youronlinechoices.eu/

For more information about the Cookies we use, please see our Cookie Table:

.

Certain cookies listed above represent groups of cookies deployed by the same third-party provider for similar purposes (for example, Google and YouTube security and authentication cookies), and may include additional technical variants with similar names and functions. Cookie names, durations or vendors may change due to updates by third parties

We will only use cookies for the purposes listed above and update this table when required. Essential cookies are processed based on our legitimate interest in operating the Website. Analytical and Advertising cookies are used only with your consent.

INFORMATION SECURITY

We take technical and organizational measures to ensure the personal data is processed in a manner that ensures appropriate security of data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures provide sound industry-standard security. However, although We make efforts to protect your privacy, We cannot guarantee that our Website or other platforms and interfaces will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

DISPUTE RESOLUTION

Contact us at: info@medassis.com or write to us for every request and complaint. We will make good-faith efforts to resolve any existing or potential dispute with you.

We do periodical assessments of our data processing and privacy practices, to make sure that We comply with this policy, to update the policy when We believe that We need to, and to verify that We display the policy properly and in an accessible manner.

If you have any concerns about the way We process your personal data, you are welcome to contact our privacy team at info@medassis.com or write to us at: Medassis’s address as provided at the end of this Policy.

We will look into your query and make good-faith efforts to resolve any existing or potential dispute with you.

CHANGES TO THIS PRIVACY POLICY

We will update our policy from time to time after giving proper notice.

This Privacy Policy may be updated periodically. Any changes We make to this policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or by way of a pop-up on our Website. We will indicate at the top of the Privacy Policy when it was most recently updated.

Please check back frequently to see any updates or changes to our policy. Note that if We need to adapt the policy for legal requirements, the new policy will become effective immediately or as required by law.

YOUR DATA CONTROLLER

Controller	Contact details
Medassis Ltd.	Swissport Building, 8 Hativa Street Ben Gurion Airport, Lod, Hamerkaz, 7010000, Israel. Please Contact us at: info@medassis.com

CONTACT US

If you have any questions or comments about this Privacy Policy, please contact our Privacy Team at: info@medassis.com.