S
Sylk Health
support@sylkhealth.com

Privacy & Compliance

Sylk Health is committed to protecting your privacy and complying with applicable data protection regulations. This page provides information for users in different regions.

Last Updated: December 15, 2024

Jump to Section

GDPR (EU/EEA Users)HIPAA (US Users)Data Security

GDPR Compliance (EU/EEA Users)

Sylk Health is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (EU) 2016/679.

Data Controller

Sylk Health Inc.

Contact

support@sylkhealth.com

Status

Fully Compliant

Your Rights Under GDPR

Right to Access

Article 15

Obtain confirmation of whether we process your data and access to that data

Right to Rectification

Article 16

Request correction of inaccurate personal data

Right to Erasure

Article 17

Request deletion of your personal data ("right to be forgotten")

Right to Restrict

Article 18

Request restriction of processing in certain circumstances

Right to Portability

Article 20

Receive your data in a structured, machine-readable format

Right to Object

Article 21

Object to processing based on legitimate interests or direct marketing

To exercise any of these rights, please contact support@sylkhealth.com. We will respond within 30 days.

Lawful Bases for Processing

Consent

You have given clear consent for us to process your personal data

Used for: Marketing communications, optional services

Contract

Processing is necessary for a contract we have with you

Used for: Booking services, providing requested medical tourism services

Legal Obligation

Processing is necessary to comply with the law

Used for: Tax records, regulatory reporting

Legitimate Interests

Processing is necessary for our legitimate interests

Used for: Fraud prevention, network security, service improvement

Data We Process

  • Identity Data: Name, date of birth
  • Contact Data: Email, phone, address
  • Service Preferences: Appointment types, communication preferences
  • Financial Data: Payment information, transactions
  • Technical Data: IP address, browser data, cookies
  • We do NOT collect health or medical data

Data Retention

  • Active Accounts: Duration of service + 1 year
  • Financial Records: 7 years (tax requirement)
  • Marketing Data: Until consent withdrawn
  • Cookie Data: Per cookie policy (1-24 months)

International Data Transfers

Your data may be transferred outside the EEA. We ensure appropriate safeguards:

Standard Contractual Clauses

EU Commission-approved contracts

Adequacy Decisions

Transfers to countries with adequate protection

Binding Corporate Rules

Internal policies for intra-group transfers

HIPAA Information (US Users)

Important: Sylk Health is NOT a HIPAA-Covered Entity

Sylk Health operates as a marketplace platform that facilitates connections between patients and healthcare providers. We do not collect, store, transmit, or process Protected Health Information (PHI). Therefore, we are not subject to HIPAA regulations.

All medical information and health records are handled directly by healthcare providers who maintain their own HIPAA compliance.

What Sylk Health Does

  • Facilitates appointment scheduling
  • Provides provider information and pricing
  • Processes platform service fees
  • Connects patients with providers
  • Displays general health information

What Sylk Health Does NOT Do

  • Store or access medical records
  • Collect diagnoses or treatment information
  • Handle prescription or medication data
  • Process insurance claims
  • Provide medical advice or treatment

Healthcare Provider Responsibilities

When you receive treatment through providers found on our platform, those healthcare providers are responsible for:

Provider Responsibilities

  • • Maintaining HIPAA compliance for all PHI
  • • Securing your medical records
  • • Obtaining proper consent for treatment
  • • Protecting your privacy rights

Your Rights with Providers

  • • Request copies of your medical records
  • • Ask for corrections to your health information
  • • Request restrictions on data use
  • • File complaints about privacy violations

Data Security

We implement robust technical and organizational measures to protect your information:

Technical Measures

  • TLS encryption for all data transmission
  • Pseudonymization and encryption at rest
  • Regular security testing and audits
  • System availability and resilience

Organizational Measures

  • Staff training and awareness programs
  • Data Protection Impact Assessments
  • Privacy by Design principles
  • Strict access controls and authentication

Data Breach Response

In case of a personal data breach, we will:

  • • Notify supervisory authorities within 72 hours (where required)
  • • Inform affected individuals without undue delay if high risk
  • • Document all breaches and remedial actions taken

Questions?

For privacy or compliance inquiries, contact us at support@sylkhealth.com

Privacy PolicyTerms of ServiceMedical Disclaimer