top of page
MedExcel — Privacy Policy

Last Updated: 21st Dec 2025

1) Who We Are

MedExcel (“MedExcel,” “we,” “our,” “us”) provides educational content in the medical domain via online and hybrid programs, case discussions, and resources. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our websites, learning platforms, mobile experiences, and related services (the “Services”).

2) Scope

This Policy applies to all users of our Services, including learners, faculty, partners, and site visitors. Additional notices may apply to specific programs (e.g., co-branded courses with academic partners).

3) Information We Collect

a) You Provide Directly

  • Account & Profile: name, email, phone, photo (optional), profession, specialty, country, organization.

  • Enrollment & Learning Data: course selections, progress, assessments, certificates, discussion posts, uploaded assignments, survey responses, support requests.

  • Payments: billing name, address, partial payment details (processed by third-party payment processors; we do not store full card numbers).

  • Communications: emails, chat messages, call recordings (for support or quality), testimonials (with consent).

  • Event/Hands-On Registration: identity verification, dietary/ accessibility needs, consent forms.

b) Collected Automatically

  • Device/Usage: IP address, device IDs, browser type, pages viewed, timestamps, clickstream, approximate location (city-level).

  • Cookies & Similar Tech: session cookies, analytics, preference, and advertising cookies (see Cookies below).

c) From Third Parties

  • Partners/Institutions: verification of credentials, enrollment confirmations, certification status.

  • Payment Processors/Email Tools/Analytics: limited metadata to enable transactions, communications, and performance insights.

  • Social/Single Sign-On (if used): profile basics and authorization tokens.

Clinical data caution: Our Services are educational. Do not upload Protected Health Information (PHI) or directly identifiable patient data unless a secure workflow explicitly supports it and appropriate consents are obtained.

4) How We Use Information

  • Provide Services: create/manage accounts, deliver content, track progress, issue certificates.

  • Improve & Personalize: content recommendations, usability studies, service analytics, A/B testing.

  • Support & Safety: user support, fraud prevention, abuse/threat detection, policy enforcement.

  • Compliance: tax, accounting, legal obligations, accreditation requirements.

  • Marketing (opt-out anytime): updates on new courses, events, promotions, newsletters.

  • Research & Reporting: de-identified/aggregated statistics for quality improvement and academic reporting.

AI & automated tools (if any): may assist with report templates, recommendations, or feedback. Outputs require expert review; you remain responsible for clinical decisions.

5) Legal Bases (GDPR/UK GDPR where applicable)

  • Contract: to provide the Services you request.

  • Legitimate Interests: service improvement, security, fraud prevention, limited direct marketing.

  • Consent: non-essential cookies, certain marketing, testimonials, recordings.

  • Legal Obligation: tax, compliance, regulatory requests.

  • Public Interest/Research: de-identified educational analytics, where applicable.

6) Cookies & Tracking

We use:

  • Strictly Necessary: login, security, session continuity.

  • Preferences: language, UI choices.

  • Analytics: site usage (e.g., pages, time on page).

  • Marketing/Ads (if used): retargeting and measurement.

Manage cookies via our cookie banner or your browser settings. Some features may not function without certain cookies.

7) Sharing & Disclosures

We do not sell your personal information. We may share with:

  • Service Providers (Processors): hosting, LMS/VMS, video delivery, assessments, proctoring, analytics, email/SMS, customer support, payment processing.

  • Academic/Accreditation Partners: to deliver/verify certifications, meet program requirements.

  • Event/Venue Operators: for on-site logistics (e.g., hands-on week).

  • Legal & Safety: to comply with law, respond to lawful requests, protect rights/safety.

  • Business Transfers: in a merger, acquisition, or asset sale (your data remains protected per this Policy or successor policy with comparable protections).

  • With Your Consent: testimonials, faculty spotlights, co-branded features.

All processors are bound by confidentiality and data-processing obligations.

8) International Transfers

Your data may be processed in countries different from your residence. We implement appropriate safeguards (e.g., SCCs, DPAs) where required by law.

9) Data Security

We use administrative, technical, and physical safeguards (encryption in transit, access controls, least-privilege, monitoring). No method is 100% secure; report concerns to [security@medexcel.example].

10) Data Retention

  • Account & Learning Records: retained while your account is active and for a reasonable period thereafter (e.g., 7 years) for certification and compliance.

  • Transaction Records: per tax/accounting laws (e.g., 7–10 years).

  • Marketing Data: until you unsubscribe or after a defined inactivity period.

  • De-identified/aggregated data: retained without time limit.

We delete/anonymize data when no longer needed, subject to legal holds.

11) Your Rights

Depending on your jurisdiction (e.g., GDPR/UK GDPR, CCPA/CPRA, India DPDP 2023), you may have rights to:

  • Access/Portability: receive a copy of your data.

  • Rectification: correct inaccurate data.

  • Erasure: request deletion (subject to legal/contractual limits).

  • Restriction/Objection: limit or object to certain processing (including marketing).

  • Withdraw Consent: for processing based on consent.

  • Complaint: with your supervisory authority/regulator.

Exercising rights: Email [privacy@medexcel.example]. We may verify identity before acting.

California (CPRA) Disclosures:

  • We do not “sell” personal information as defined by CPRA.

  • “Sharing” for cross-context behavioral advertising is not conducted unless stated in our cookie banner (opt-out will be provided if used).

12) Children’s Privacy

Our Services are for adults and professionals (18+). We do not knowingly collect data from children. If you believe a minor has provided data, contact us to delete it.

13) Community Conduct & User Content

Discussion forums, case comments, and uploads must avoid PHI and respect confidentiality/IP. Content you post may be visible to other learners/faculty. We may moderate or remove content that violates policies.

14) Third-Party Links & Services

Links or embeds (e.g., video hosts, conferencing tools, social platforms) are governed by those providers’ privacy policies. We are not responsible for their practices.

15) Hands-On Training & Events

For in-person sessions, we may collect additional information for logistics, ID verification, safety, and venue compliance. Where recordings or photos are taken, we will obtain appropriate consent or provide opt-out options where feasible.

16) PHI & Sensitive Data

Do not upload PHI or sensitive data (e.g., patient identifiers, health records) unless (i) a secure, dedicated workflow explicitly supports it, (ii) you have all required legal permissions/consents, and (iii) data is de-identified where possible. You are responsible for compliance with applicable healthcare privacy laws.

17) Changes to this Policy

We may update this Policy. Material changes will be notified via email or prominent site notice. Continued use after the effective date signifies acceptance.

18) Contact Us

bottom of page