Privacy Policy
Last updated: July 8, 2026
This Privacy Policy explains how Individual Entrepreneur VIKTOR ROZENKO, identification number 345782879, operating the Vizito service (“Vizito,” “we,” “us,” or “our”), collects, uses, stores, shares, and protects personal data.
This Privacy Policy applies to:
- the Vizito website at vizi.to;
- appointment-booking pages created using Vizito;
- accounts created by independent medical specialists;
- individuals who use Vizito to request or manage appointments;
- communications with our support team; and
- related Vizito services and functionality.
For questions or requests relating to privacy, contact us at:
Email: support@mail.vizi.to
1. About Vizito
Vizito is an appointment-booking and scheduling platform intended primarily for independent medical specialists.
Vizito allows specialists to:
- create a public booking page;
- publish their services, prices, location, and availability;
- receive appointment requests;
- manage appointments;
- accept documents uploaded by patients;
- provide downloadable calendar files and links for adding appointments to calendar applications; and
- communicate appointment-related information by email.
Vizito provides administrative and scheduling software. Vizito is not a healthcare provider and does not provide medical advice, diagnosis, or treatment.
2. Who this Privacy Policy applies to
This Privacy Policy applies to:
- independent medical specialists who register for and operate a Vizito account;
- patients and other individuals who request, book, cancel, or otherwise manage appointments;
- people who book appointments on behalf of another person;
- visitors to vizi.to; and
- people who contact Vizito for support or other enquiries.
Vizito is currently intended primarily for specialists operating in Georgia and the Dominican Republic.
People and specialists in other countries may be technically able to access the service, but Vizito does not currently represent that it is specifically adapted to, officially supported in, or legally compliant with the healthcare or professional regulations of every country.
Specialists are responsible for ensuring that their use of Vizito complies with the laws and professional requirements applicable to them.
3. Our role and the specialist’s role
The party responsible for personal data depends on why the data is being processed.
3.1 Patient and appointment information
When a specialist uses Vizito to collect and manage information about patients or appointments, the specialist ordinarily determines:
- what information is requested;
- why the information is collected;
- how it is used;
- how long it needs to be retained; and
- whether it is included in the specialist’s medical or administrative records.
In these circumstances:
- the specialist ordinarily acts as the data controller; and
- Vizito ordinarily acts as the specialist’s data processor or service provider.
Vizito processes that information to provide the service, according to the specialist’s instructions, our agreement with the specialist, and applicable law.
Questions concerning medical treatment, medical records, diagnoses, professional confidentiality, or a specialist’s independent use of patient information should be directed to the relevant specialist.
3.2 Information processed for Vizito’s own purposes
Vizito acts as a data controller when we determine why and how information is used, including for:
- creating and administering specialist accounts;
- providing customer support;
- securing and maintaining the service;
- preventing fraud, abuse, and unauthorised access;
- analysing and improving the platform;
- administering future paid subscriptions or transactions;
- complying with legal obligations; and
- establishing, exercising, or defending legal claims.
4. Personal data we collect
The information we collect depends on how Vizito is used.
4.1 Information about specialists
When a specialist creates or operates a Vizito account, we may collect:
- first and last name;
- email address;
- account login and authentication information;
- professional title or profession;
- professional biography or description;
- profile photograph;
- practice, office, or appointment address;
- services offered;
- service descriptions;
- prices;
- working hours and availability;
- appointment duration and scheduling preferences;
- account settings;
- support communications;
- technical and security information connected to the account; and
- records of use of the service.
A specialist is responsible for ensuring that information published on their booking page is accurate, lawful, and not misleading.
Vizito does not presently state that it independently verifies every specialist’s qualifications, licences, professional registration, or right to practise.
4.2 Information about patients and appointment bookers
When a person uses Vizito to request or manage an appointment, we may process:
- name;
- email address;
- selected specialist;
- selected service;
- requested or confirmed appointment date and time;
- booking status;
- cancellation or rescheduling information;
- documents uploaded during the booking process;
- appointment-related communications;
- information identifying the booking; and
- technical information associated with use of the booking page.
The nature of a selected specialist or service may reveal or imply information concerning a person’s health, even where no diagnosis or medical history is provided.
Uploaded documents may also contain health information, identification information, test results, referrals, images, or other sensitive data.
Users should upload only documents that are reasonably necessary for the relevant appointment and that the specialist has requested or is authorised to receive.
Users should not upload:
- unrelated medical records;
- unnecessary identification documents;
- payment-card information;
- passwords;
- documents relating to another person without authority;
- unlawful content; or
- information that is not necessary for the appointment.
4.3 Information about people booking for another person
A person may request an appointment for another individual only where they are authorised to do so, including where they are:
- the person’s parent or legal guardian;
- an authorised caregiver;
- a legal representative;
- acting with the person’s permission; or
- otherwise legally entitled to arrange the appointment.
The person making the booking is responsible for ensuring that they are authorised to provide the other person’s information.
4.4 Technical and usage information
When someone accesses Vizito, we may automatically collect:
- IP address;
- browser type and version;
- operating system;
- device type;
- preferred language;
- approximate location derived from the IP address;
- date and time of access;
- pages visited;
- features used;
- referring page or website;
- session and cookie identifiers;
- application errors;
- performance information;
- security events; and
- login and account activity.
4.5 Support and communications
When someone contacts us, we may collect:
- their name and contact details;
- the contents of their message;
- attachments they send;
- previous correspondence;
- account or booking information reasonably necessary to investigate the request; and
- records of how the request was resolved.
Users should avoid sending medical records or other sensitive information to Vizito support unless it is necessary to investigate a specific technical or privacy issue.
4.6 Payment information
Vizito’s payment and subscription arrangements are still being determined.
If paid subscriptions or payment functionality are introduced, this Privacy Policy may be updated to identify the relevant payment provider and explain how payment information is processed.
Unless expressly stated otherwise, Vizito does not intend to store complete payment-card numbers. Payment-card information would ordinarily be collected and processed directly by an authorised third-party payment provider under that provider’s own privacy terms.
5. How we use personal data
We may use personal data to:
- create and manage specialist accounts;
- operate public specialist booking pages;
- display specialist services, prices, availability, and appointment locations;
- allow people to request, book, cancel, or reschedule appointments;
- provide appointment information to the relevant specialist;
- allow specialists to manage their schedules;
- prevent scheduling conflicts and double bookings;
- generate downloadable .ics calendar files;
- generate links that allow users to add appointment details to Google Calendar or another calendar application;
- send booking confirmations, cancellations, rescheduling notices, and reminders by email;
- allow documents to be provided to the relevant specialist;
- authenticate users;
- maintain account and platform security;
- detect fraud, spam, abuse, and unauthorised access;
- provide customer and technical support;
- identify and repair errors;
- maintain backups and platform reliability;
- analyse how the platform is used;
- improve the usability, functionality, and performance of Vizito;
- communicate important operational, security, legal, or account information;
- administer future subscriptions and payments;
- comply with applicable law;
- enforce our Terms of Service and agreements; and
- establish, exercise, or defend legal claims.
Vizito does not use patient information to diagnose medical conditions, select treatments, or make clinical decisions.
6. Legal grounds for processing
The legal ground for processing depends on the information, purpose, and circumstances.
6.1 Performance of a contract or requested service
We may process information where necessary to:
- create and operate a specialist account;
- provide Vizito’s scheduling functionality;
- process an appointment requested by a user;
- provide customer support; or
- fulfil our contractual obligations.
6.2 Legitimate interests
Where permitted by law, we may process information for legitimate interests, including:
- operating and improving Vizito;
- protecting the security of the platform;
- preventing fraud and abuse;
- understanding how the service is used;
- maintaining necessary business records;
- communicating with existing users; and
- protecting our legal rights.
We consider the possible effect of this processing on the rights and interests of affected individuals.
6.3 Consent
We may rely on consent where consent is required, including for:
- optional cookies or analytics;
- certain communications;
- optional features;
- particular processing of sensitive information; or
- processing for which another legal basis is not available.
Consent may be withdrawn at any time. Withdrawal does not affect processing that lawfully occurred before consent was withdrawn.
6.4 Compliance with legal obligations
We may process information where necessary to comply with:
- accounting and taxation requirements;
- court orders;
- lawful requests from public authorities;
- data-protection requirements;
- security and breach-reporting duties; and
- other applicable laws.
6.5 Legal claims and vital interests
Where permitted by law, information may be processed where necessary to:
- establish, exercise, or defend a legal claim;
- protect a person’s life or physical safety; or
- respond to an emergency.
6.6 Health information and other sensitive data
Information concerning a person’s health may be subject to additional legal protection.
When Vizito processes health-related appointment data on behalf of a specialist, the specialist is responsible for identifying and documenting an appropriate legal ground for collecting and using that information.
Depending on the circumstances and applicable law, this may include:
- the individual’s explicit consent;
- the provision or administration of healthcare;
- compliance with the specialist’s legal or professional duties;
- protection of vital interests;
- establishment, exercise, or defence of legal claims; or
- another ground permitted by law.
Vizito does not assume that a patient’s acceptance of this Privacy Policy, by itself, provides the specialist with every consent or legal ground required for medical treatment or medical-record processing.
7. Email communications
Vizito may send transactional emails concerning:
- booking requests;
- appointment confirmations;
- appointment reminders;
- cancellations;
- rescheduled appointments;
- account verification;
- account security;
- service changes; and
- support requests.
These emails are operational communications and are not necessarily marketing communications.
Appointment emails should contain only the information reasonably necessary to identify and manage the appointment. Email is not guaranteed to be completely confidential, and specialists should avoid including detailed diagnoses, test results, or unnecessary medical information in email notifications.
Vizito currently does not send appointment notifications by SMS, WhatsApp, push notification, or automated telephone call.
If additional communication channels are introduced, this Privacy Policy will be updated where appropriate.
8. Calendar files and links
Vizito may provide:
- downloadable .ics calendar files; and
- links that open an appointment template in Google Calendar or another calendar application.
Using such a file or link may transmit appointment information to the calendar provider selected by the user.
Vizito does not currently connect directly to, read from, or synchronise with a user’s Google Calendar or other external calendar account.
The relevant calendar provider processes information under its own privacy policy and terms. Users should consider whether appointment information should be stored in their personal or shared calendar.
9. Cookies and in-house analytics
Vizito uses an internally developed analytics solution rather than a third-party advertising or analytics platform.
We may use cookies, local storage, server logs, and similar technologies to:
- maintain user sessions;
- authenticate accounts;
- remember preferences;
- protect against abuse;
- measure platform performance;
- identify errors;
- understand which features are used;
- count visits and interactions; and
- improve Vizito.
Our analytics may process technical and usage information such as:
- pages viewed;
- features used;
- session information;
- approximate location;
- device and browser information;
- referring page; and
- timestamps.
We do not use patient appointment data to build third-party advertising profiles.
Strictly necessary technologies may operate where they are required to provide or secure the service.
Where applicable law requires consent for non-essential cookies or analytics, we will request that consent before activating the relevant technology.
Users may be able to control certain cookies through their browser settings. Blocking essential cookies may prevent parts of Vizito from functioning correctly.
10. How we share personal data
We do not sell patient medical or appointment information.
We may share personal data in the following circumstances.
10.1 With the selected specialist
When a person requests an appointment, the relevant booking information and uploaded documents are made available to the selected specialist.
The specialist may use and retain that information under their own privacy notice, professional duties, medical-record obligations, and applicable law.
10.2 Infrastructure and service providers
We use service providers to operate Vizito, including:
- Vercel, for website hosting, content delivery, deployment, and related infrastructure;
- DigitalOcean, for cloud infrastructure, application hosting, databases, storage, backups, or related technical services; and
- Resend, for sending transactional emails.
These providers may process limited personal data to provide their services, maintain security, prevent abuse, and comply with law.
We require service providers to process personal data only for authorised purposes and subject to appropriate contractual and security obligations where required.
The precise infrastructure and providers used may change as Vizito develops. We may replace a provider or add another provider where reasonably necessary to operate the service.
10.3 Legal disclosures
We may disclose information where we reasonably believe this is necessary to:
- comply with applicable law;
- respond to a binding court order;
- respond to a lawful request from a competent public authority;
- cooperate with a data-protection authority;
- investigate suspected fraud, criminal activity, or security incidents;
- protect users, specialists, Vizito, or other persons;
- prevent serious harm; or
- establish, exercise, or defend legal claims.
Where legally permitted, we will assess and seek to limit requests that are excessive, invalid, or disproportionate.
10.4 Business transactions
If Vizito or its assets are involved in a merger, acquisition, financing, restructuring, insolvency, or sale, personal data may be disclosed to professional advisers and transaction participants where reasonably necessary.
Any recipient would be required to respect the confidentiality and lawful use of the information.
10.5 At the user’s direction
We may disclose information when a user requests or clearly authorises the disclosure.
11. Data location and international transfers
Vizito’s primary application and data-hosting infrastructure is intended to be located in the European Union.
However, our providers may operate internationally, use personnel or subprocessors in multiple countries, or process limited technical, account, security, or communication information outside the European Union.
Where personal data is transferred internationally, we will use safeguards required by applicable law where applicable, which may include:
- contractual data-protection commitments;
- standard contractual clauses;
- transfer assessments;
- encryption and access restrictions;
- data localisation settings; or
- another legally recognised transfer mechanism.
The use of an EU hosting region does not necessarily mean that every category of technical or support data remains exclusively within the European Union.
12. Data retention
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy.
The actual period may depend on:
- the specialist’s instructions;
- whether an account remains active;
- the nature of the information;
- applicable legal or professional retention requirements;
- security needs;
- an unresolved complaint or dispute; and
- whether the data is contained in a temporary backup.
We generally apply the following maximum or indicative periods unless a longer or shorter period is justified:
12.1 Specialist account information
We may retain specialist account and profile information for the duration of the account and for up to 12 months after account deletion, where necessary to:
- complete deletion processes;
- handle support requests;
- prevent fraud or abuse;
- resolve disputes; or
- comply with legal obligations.
Public profile information will normally cease to be publicly available when the account is deleted, subject to reasonable technical processing time and temporary caching.
12.2 Appointment information
Appointment information may be retained while the specialist’s account is active and for up to 12 months after the appointment date, unless:
- the specialist deletes it sooner;
- the specialist instructs us to retain it for a different period;
- the specialist’s legal or professional obligations require a different period;
- a patient validly requests deletion; or
- retention is required for a dispute, investigation, or legal obligation.
Vizito is not intended to serve as the specialist’s permanent medical-record system unless expressly stated otherwise.
Specialists should export or separately retain any information that they are legally required to maintain as part of a medical record.
12.3 Uploaded documents
Uploaded documents may be retained while reasonably necessary for the appointment and for up to 12 months after the appointment date, unless deleted sooner by the specialist or account holder.
Specialists should download and move documents into an appropriate medical-record system where continued retention is legally or professionally required.
12.4 Cancelled appointments
Information about a cancelled appointment may be retained for up to 12 months after cancellation for scheduling history, support, fraud prevention, and dispute resolution.
12.5 Security and access logs
Security, authentication, and access logs may be retained for up to 12 months, unless a longer period is reasonably necessary to investigate a security incident, fraud, abuse, or legal claim.
12.6 Support communications
Support requests and related communications may be retained for up to 24 months after the request is resolved, unless longer retention is necessary for an ongoing dispute or legal obligation.
12.7 Analytics information
In-house analytics and usage records may be retained for up to 24 months.
Aggregated or anonymised information that no longer identifies an individual may be retained for longer.
12.8 Financial records
If paid services are introduced, billing, transaction, tax, and accounting records may be retained for the period required by applicable financial and taxation laws.
12.9 Backups
Deleted information may remain in encrypted or access-restricted backups for up to 90 days before being overwritten or permanently removed through the normal backup cycle.
Information in backups will not ordinarily be restored except where required for disaster recovery, security, or service continuity.
12.10 Legal exceptions
We may retain particular information beyond the periods above where reasonably necessary to:
- comply with law;
- respond to a lawful authority;
- investigate fraud or misuse;
- protect platform security;
- resolve a dispute; or
- establish, exercise, or defend legal claims.
13. Account deletion
Specialists may delete their Vizito account using the account-deletion control provided within the platform.
Deleting an account will initiate the deletion or deactivation of:
- the specialist’s public booking page;
- account information;
- appointment information controlled through the account;
- uploaded documents; and
- related platform data.
Deletion may not be immediate in every system. A reasonable period may be required to:
- process deletion across active systems;
- expire cached copies;
- complete queued email or technical processes; and
- remove data through the backup cycle.
Certain limited information may be retained where required for security, legal compliance, fraud prevention, dispute resolution, or legal claims.
Before deleting an account, specialists are responsible for exporting any appointment or patient information they are legally or professionally required to retain.
Account deletion does not delete information that:
- the specialist previously downloaded or copied elsewhere;
- a patient or another party independently retained;
- was transmitted through email;
- was added by the user to an external calendar; or
- is held by a third-party provider under that provider’s lawful retention obligations.
14. Data security
We use reasonable technical and organisational safeguards designed to protect personal data against:
- unauthorised access;
- accidental loss;
- unlawful disclosure;
- misuse;
- alteration; and
- destruction.
Depending on the service and processing activity, safeguards may include:
- encrypted network communications;
- authentication and account-access controls;
- restricted infrastructure access;
- separation of customer data;
- system monitoring and logs;
- backups;
- software updates;
- vulnerability management;
- confidentiality obligations;
- service-provider reviews; and
- incident-response procedures.
No internet-based service or storage method is completely secure. We cannot guarantee absolute security.
Specialists are responsible for:
- maintaining the confidentiality of their account credentials;
- using a strong and unique password;
- protecting devices used to access Vizito;
- preventing unauthorised access to their account;
- protecting downloaded patient data and documents;
- ensuring that published appointment locations are appropriate; and
- promptly notifying us of suspected unauthorised access.
15. Personal-data breaches
If we become aware of a personal-data breach, we will investigate it and take reasonable measures to contain and remedy the incident.
Where Vizito processes patient information on behalf of a specialist, we will notify the affected specialist where required and provide information reasonably necessary for the specialist to comply with applicable breach-notification duties.
Where required by law, we or the relevant specialist may also notify:
- the competent data-protection authority; and
- affected individuals.
16. Privacy rights
Depending on applicable law and the circumstances, an individual may have the right to:
- receive information about the processing of their personal data;
- obtain confirmation that their personal data is being processed;
- access their personal data;
- receive a copy of their personal data;
- correct inaccurate or incomplete information;
- request deletion of personal data;
- request restriction or suspension of processing;
- object to certain processing;
- withdraw consent;
- request portability of certain information;
- obtain information about recipients of personal data;
- obtain information about international transfers;
- object to certain automated decisions; and
- submit a complaint to a competent data-protection authority.
These rights are not absolute. A request may be restricted or refused where permitted by law, including where continued processing is necessary for:
- legal compliance;
- professional medical-record obligations;
- protection of another person’s rights;
- platform security;
- fraud prevention;
- public interest;
- healthcare purposes; or
- legal claims.
17. How to exercise privacy rights
17.1 Requests concerning appointment data
Where a request concerns appointment or patient information controlled by a specialist, the individual should ordinarily contact that specialist directly.
When Vizito receives such a request, we may:
- direct the requester to the specialist;
- forward the request to the specialist;
- assist the specialist in responding;
- restrict access while the request is reviewed; or
- take another action authorised by the specialist or required by law.
Vizito will not ordinarily alter or delete specialist-controlled information independently unless the specialist authorises the action or the law requires it.
17.2 Requests concerning Vizito-controlled data
Requests relating to information controlled directly by Vizito may be sent to:
The requester should describe:
- who they are;
- the account, appointment, or information concerned;
- the right they wish to exercise; and
- any information reasonably necessary to locate the relevant data.
We may request additional information to verify identity and protect personal data against unauthorised disclosure.
We will respond within the period required by applicable law.
18. Children and appointments for minors
Vizito does not request or require the age or date of birth of the person making an appointment unless a specialist separately chooses to request that information outside Vizito.
A person under the age legally required to provide valid consent should not independently use Vizito to provide personal or health-related information unless permitted by applicable law.
Appointments for a minor should ordinarily be requested by:
- a parent;
- a legal guardian;
- an authorised caregiver; or
- another person legally entitled to act for the minor.
The person making the booking confirms that they are authorised to provide the minor’s information and arrange the appointment.
Specialists are responsible for:
- determining whether they provide services to minors;
- confirming the identity and authority of a parent or guardian where necessary;
- obtaining legally required consent for treatment;
- complying with professional rules concerning minors;
- limiting the information collected to what is necessary; and
- appropriately protecting the minor’s medical information.
Vizito should not be used to collect unnecessary sensitive information about a minor.
If we learn that information relating to a child was submitted without appropriate authority or in violation of applicable law, we may restrict or delete it.
19. Automated decision-making
Vizito does not use patient information to make solely automated decisions that determine:
- medical diagnosis;
- access to treatment;
- treatment selection;
- medical risk;
- insurance eligibility; or
- another decision producing a comparable legal or significant effect.
We may use automated processes for limited technical purposes such as:
- detecting suspicious account activity;
- preventing spam or abuse;
- identifying application errors;
- suggesting available appointment times; and
- prioritising security alerts.
20. Medical disclaimer and emergencies
Vizito provides appointment-booking and administrative software only.
Vizito does not:
- provide medical advice;
- diagnose medical conditions;
- prescribe or recommend treatment;
- provide emergency services;
- guarantee a specialist’s qualifications;
- guarantee the availability or quality of medical services;
- supervise the specialist–patient relationship; or
- guarantee any medical result.
Any medical or professional relationship is formed directly between the specialist and patient.
Vizito must not be used to request emergency assistance or obtain urgent medical advice.
In an emergency, users should contact the applicable local emergency service immediately.
21. Third-party services
Vizito may contain links to or interact with third-party services, including:
- external calendar applications;
- email services;
- infrastructure providers; and
- websites linked by specialists.
Those third parties process information under their own privacy policies and terms.
Vizito is not responsible for the privacy, security, content, or availability of a service that we do not control.
22. Marketing
Vizito may send specialists information about product updates, features, or offers where permitted by law.
Recipients may opt out of marketing emails by using the unsubscribe method in the message or contacting us.
Opting out of marketing does not prevent us from sending necessary:
- appointment communications;
- account messages;
- security notices;
- legal notices;
- billing notices; or
- service announcements.
Vizito will not use patient appointment information for unrelated third-party advertising.
Vizito does not sell patient health information or appointment information.
23. Changes to this Privacy Policy
We may update this Privacy Policy to reflect:
- changes to Vizito;
- new functionality;
- new communication or payment methods;
- changes to service providers;
- legal or regulatory developments; or
- improvements to our privacy practices.
The updated version will be published on this page with a revised “Last updated” date.
Where a change materially affects how personal data is processed, we may provide additional notice by email, through Vizito, or by another appropriate method.
24. Contact
Questions, complaints, and privacy requests may be sent to:
Individual Entrepreneur VIKTOR ROZENKO
Identification number: 345782879
Service: Vizito
Website: vizi.to
Email: support@mail.vizi.to
Questions relating to medical treatment, diagnoses, medical records, or a specialist’s use of patient information should be directed to the relevant specialist.