Privacy Policy

Transtoyou is a digital intermediary platform that connects users with independent, licensed physicians and registered pharmacies. Transtoyou is not a healthcare provider, pharmacy, or prescriber.

We collect and process the following personal data:

We only collect data necessary to deliver our services and store it securely.

Your data is used to:

• Provide healthcare services, consultations, and prescriptions
• Process payments and deliver orders
• Send reminders for consultations, health checks, and orders
• Manage subscriptions, returns, and customer service
• Improve our services and platform functionality
• Run A/B tests and experiments to enhance user experience
• Personalize communication and product recommendations
• Use analytics and browsing behavior to build lookalike and custom audiences, support advertising campaigns, and optimize retargeting via third-party platforms (e.g., Meta, TikTok, Google), only with your explicit consent
• Comply with legal and regulatory obligations
• Prevent fraud and ensure cybersecurity
• Enforce Two-Factor Authentication (2FA) for secure access

Marketing emails are only sent with your explicit consent and always include an opt-out option.

We process personal data under the following bases (as applicable):

For special category data (such as medical information) and biometric data used for identity verification, we rely on the relevant Article 9(2) GDPR / UK GDPR conditions in combination with Article 6(1), including healthcare provision and safety, compliance with legal obligations, and fraud prevention.

Transtoyou uses AI-enabled tools solely to support translations of informational, medical, and legal content on the platform.

AI-assisted translations that relate to medical intakes, prescription pathways, product safety information, or legally binding documents are always subject to mandatory human review, including back-translation checks, to ensure accuracy, clarity for lay users, and compliance with medical and consumer safety duties.

We may send automated emails and notifications that are necessary to provide and secure our services, including messages about:

• Incomplete orders or unpaid subscriptions
• Consultation or health-check reminders where medically or operationally required
• Product availability or delivery updates
• Feedback and review requests
• Account security alerts and identity verification steps

Some service emails may include tracking pixels or monitored links to measure engagement (such as open and click rates) and to improve our communications. We also run A/B tests using pseudonymised or aggregated data to optimize platform and communication performance.

Behavioral segmentation and scoring are only used with your consent and do not produce legal or significant effects (Art. 22 GDPR).

We share personal data only where necessary for service delivery and compliance. This may include:

• Independent physicians who conduct consultations and make clinical decisions
• Registered partner pharmacies that dispense medicines and fulfil orders
• Payment providers and fraud-prevention tools
• Hosting, IT, and security service providers
• Logistics partners and carriers
• Marketing and analytics providers only where you have provided explicit consent
• Public authorities where required by law
• Social login providers (e.g., Google or Meta) when you choose to use social login
• Identity verification providers for one-time ID checks; Transtoyou receives only the verification outcome and necessary metadata

All third parties operate under binding Data Processing Agreements (DPAs).

We never sell your data.

With your explicit consent, we may use your activity data to:

• Personalize offers and content
• Serve targeted ads via third-party platforms
• Create anonymized audiences
• Run retargeting campaigns

You can withdraw your consent at any time via email or the unsubscribe link.

When transferring data outside the EU/EEA or UK:

• We apply Standard Contractual Clauses (SCCs)
• We conduct Transfer Impact Assessments (TIAs)
• Additional safeguards are implemented where required

You have the right to:

• Access your data
• Correct inaccurate data
• Request deletion where legally possible
• Restrict processing in certain cases
• Object to processing, including direct marketing
• Receive your data in a portable format and request transfer where applicable
• Withdraw consent where processing is based on consent
• Not be subject to solely automated decisions with legal or similarly significant effects, where this right applies
• Lodge a complaint with your local authority

You can access, download, and export your account and service-generated data directly through your Transtoyou dashboard.

Where technically feasible, you may also request that Transtoyou transmits this data to a third party designated by you, in line with applicable EU data access and portability rules, including the EU Data Act where relevant.

We use cookies and similar tools to ensure platform functionality, measure usage, run experiments and heatmaps, and personalize content and ads.

Non-essential cookies (including analytics, profiling, and advertising cookies such as Google Analytics, Meta Pixel, and TikTok Pixel) are used only after you provide explicit consent via our Cookie Settings banner.

You can change or withdraw your consent at any time through Cookie Settings in the website footer.

Our platform is not intended for users under 18. We do not knowingly collect data from minors. If discovered, such data will be deleted immediately.

Because Transtoyou is established in the EEA and offers services to users in the United Kingdom without a UK establishment, Transtoyou appoints a UK representative where required under the UK GDPR.

Details are available upon request via privacy@transtoyou.com.

In the event of a data breach:

• We notify authorities within 72 hours
• Affected users will be informed where there is risk
• Remedial actions are taken without delay

This privacy policy is available in multiple languages. In case of discrepancies, the English version prevails.

Content shared on our platform, website, or emails is for general information only and does not constitute medical advice. Always consult a licensed medical professional for personal health concerns.

Transtoyou is not legally required to appoint a Data Protection Officer (DPO) under Article 37 GDPR, as our activities are carried out under the supervision of licensed medical professionals.

However, we have appointed an internal privacy officer who:

• Monitors compliance with our privacy practices
• Maintains the processing register
• Performs Data Protection Impact Assessments (DPIAs)
• Reviews processor agreements

This officer serves as the point of contact for data protection matters within the organization.