Privacy policy

From the moment you (hereinafter, the "User") browse, process your registration, log in, contact us by telephone, or access certain sections of the Website and use the Services and/or provide data through various forms, your data will be processed. This includes information regarding your health status (and, where applicable, that of related third parties), which is considered sensitive information.

This Privacy Policy has been drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, "GDPR"), as well as the Spanish Organic Law 3/2018, of December 5 (hereinafter, "LOPDGDD") and other applicable regulations.

As our company is headquartered in Spain, we apply the principles and guarantees of the GDPR to all personal data we process, regardless of the User's country of residence. We believe this regulatory framework provides the highest standard of protection for your rights and freedoms.

This Policy informs you on how your Personal Data may be collected, used, disclosed, and how you can access it. Please read it carefully. This Policy shall apply unless specific conditions are associated with any of the Services.

1.- Who is the Data Controller and how to contact us?

Name of the Controller: Medinamis MGMT (hereinafter, "Medinamis")
Tax ID (CIF): B66852443
Address: Plaça Jardins de Toquio, 1, 2A - 08034 Barcelona
Email: info@medinamis.com

2.- What personal data do we process?

  • Health data: Collected through the User's responses to the web self-assessment questionnaire, telephone appointments, or video conferences. These can include age, sex, family model, and clinical data necessary for the provision of the service (e.g., infections, genetic alterations, etc.).
  • Data for commercial communications or scheduling: Name, telephone number, and email address.
  • Data to inform the User of the self-diagnosis result (potential treatment recommendations—which do not substitute medical evaluation—countries, and specialized private clinics): Name, email, and country of residence. Note: If you do not provide the required information, you will not be able to register, and consequently, we will not be able to provide our Services. We do not require your full legal name nor do we verify your identity; you may use an alias if you prefer not to be identified.
  • Voluntary data: Any other information you voluntarily provide through the website.

3.- For what purposes do we process your personal data?

  • Provision of Service: To perform a pre-evaluation through a self-diagnosis form, telephone appointment, or video conference based on User responses. This includes issuing a recommendation report on potential assisted reproduction treatments, permitted countries, and a list of specialized private clinics. This processing may involve basic User profiling based on responses. However, it does not involve automated decision-making with legal effects or significantly affecting the User under the terms of Article 22 of the GDPR.
  • Legal Compliance: To comply with applicable legal requirements, specifically regarding data protection, tax, and health regulations.
  • Commercial Communications: Sending information, advertising, or other commercial actions via email or equivalent electronic means regarding our services.
  • Customer Support: Managing requests for information, complaints, suggestions, or the exercise of data protection rights.
  • Website Improvement: Enhancing navigation on our website and social media through the use of cookies, as detailed in our Cookie Policy.

All data will be treated confidentially and will be adequate and relevant for the purposes stated above.

4.- Legal Basis for Processing

PurposeLegal Basis
Provision of Service
  • Explicit consent provided at the time of submitting personal data through website forms or self-diagnosis responses (in the form or by phone or video call).
  • Given that the service involves processing special categories of data (health data), the User grants explicit consent for such processing to generate the requested guidance report.
  • The data will be treated confidentially and will be adequate and relevant for the purposes stated above.
Legal ComplianceCompliance with a legal obligation applicable to the Controller.
Commercial Communications
  • Legitimate Interest for users who have provided their data on this website/social media or are existing clients, pursuant to Article 21.2 of Law 34/2002 (LSSI).
  • In all other cases, it is based on express consent.
  • You may object at any time to the processing of your data for this purpose, free of charge.
Customer Support (handling requests for information, complaints, suggestions, claims, and the exercise of data protection rights)
  • Legitimate Interest in assisting you with requests for information, complaints, suggestions or claims regarding our services.
  • Legal obligation when your enquiry relates to the exercise of your rights.
Website ImprovementLegitimate Interest for necessary cookies and consent for all others.

5.- How long do we retain your data?

  • Provision of Service: Health data and recommendations will be kept for 24 months from your last login or interaction. After this period, MEDINAMIS will block the data, making it available only in an anonymized form for profiling and market research. The data you have provided to register on our website or platform will remain available until you withdraw your consent.
  • Legal Compliance: For the period established in the applicable legislation in each case.
  • Commercial Communications: Until you revoke consent or exercise the right to object/erase.
  • Customer Support: For the time necessary to address the request and as established by law.
  • Website Improvement: Until you revoke consent and for the period established by law.

6.- To whom do we communicate your data?

Currently, no communication of personal data to third parties is planned, except for the database provider (MariaDB Server), where data is encrypted. Should third-party communication become necessary, MEDINAMIS will execute the required Data Processing Agreements as mandated by privacy regulations.

All information provided to us will be treated confidentially and in strict compliance with the necessary security obligations to prevent access by unauthorized third parties.

All data is stored within the European Economic Area (EEA); no international transfers are performed.

7.- Payments and External Payment Platforms

Credit/debit card data is managed directly by Stripe through its secure payment gateway (to execute the service purchase contract). This ensures that your financial data is handled with the highest level of security and confidentiality.

MEDINAMIS does not store or have access to your full card details or banking information, as such data is processed directly by the payment service provider under its own security measures and privacy policies.

MEDINAMIS only receives confirmation from the payment provider as to whether the transaction has been approved or declined, together with a transaction identifier in order to associate it with your user account.

Please note that under no circumstances are any health data you may have provided disclosed to payment providers/platforms.

WE RECOMMEND USERS TO REVIEW THE PRIVACY POLICY OF THE PAYMENT PROVIDER, STRIPE, BEFORE COMPLETING THE TRANSACTION.

8.- Security Measures

In accordance with the provisions of current personal data protection regulations, we comply with all requirements of the GDPR and the LOPDGDD for the processing of personal data, and expressly with the principles set out in Article 5 of the GDPR, whereby data are processed lawfully, fairly and transparently in relation to the data subject, and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected and processed.

Likewise, we have implemented appropriate technical and organizational policies to apply the security measures required by applicable regulations in order to protect the rights and freedoms of data subjects, such as data encryption throughout the processing lifecycle and anonymization after the retention period, among others.

In particular, MEDINAMIS has adopted the legally required levels of data protection security and has implemented all necessary means and measures to prevent loss, misuse, alteration, and unauthorized access. However, the User should be aware that security measures on the Internet are not infallible. Consequently, it cannot be guaranteed that unauthorized third parties acting unlawfully may not become aware of the type, conditions, characteristics and circumstances of the use that Users make of the Website. WE SHALL NOT BE HELD LIABLE FOR ANY DAMAGES OF ANY KIND THAT MAY ARISE FROM THE KNOWLEDGE THAT UNAUTHORISED THIRD PARTIES, ACTING UNLAWFULLY, MAY OBTAIN REGARDING THE TYPE, CONDITIONS, CHARACTERISTICS AND CIRCUMSTANCES OF THE USE OR ACCESS THAT USERS MAKE OF THE WEBSITE AND ITS SERVICES.

9.- What are your rights?

You have the right to:

  • Withdraw consent at any time.
  • Access, rectify, port, and erase your data.
  • Limit or object to processing.
  • Not be subject to automated individual decision-making.

These rights are free of charge and can be exercised by emailing info@medinamis.com.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at https://www.aepd.es.

10.- Legal Disclaimer

The self-assessment service is provided for informational and guidance purposes only and is based exclusively on the information the user provides.

a. Age of majority

The User declares and guarantees they are over 18 years of age at the time of accessing and using the service. Otherwise, they must refrain from using it.

b. Accuracy and updating of data

The User undertakes to provide truthful, accurate, complete and up-to-date information in the forms provided.

We are not responsible for any consequences arising from the submission of false, inaccurate, incomplete or outdated data, including, without limitation, the lack of adequacy or accuracy of the report generated.

In the event that data relating to a third party are entered, the User shall be solely responsible for obtaining or having obtained the necessary consents—or for relying on another valid legal basis under applicable regulations—to process and share such data with MEDINAMIS.

c. Informational nature

The report generated involves the automated processing (based on criteria previously defined by specialized personnel) of the data provided by the User, including health data, for the sole purpose of providing recommendations to the User for the identification of possible treatments, as well as countries where such treatment is permitted and a non-exhaustive list of private clinics that provide it, thereby facilitating the search for specialized professional care. The report:

  • Does not constitute medical advice or diagnosis under any circumstances and is for informational purposes only for the user.
  • Does not replace the assessment, diagnosis, advice or treatment by a healthcare professional.
  • Cannot be considered a sufficient basis for making medical decisions.

d. Limitation of liability

MEDINAMIS does not guarantee the accuracy, completeness or suitability of the results obtained, as these depend exclusively on the information provided by the user.

Accordingly, it assumes no liability for:

  • Decisions taken by the user based on the report.
  • The lack of suitability of the results to the user's actual situation.
  • Any damage or loss arising from the use of the service.

Use of the service is undertaken under the sole responsibility of the user.

Our Privacy Policy is subject to periodic changes. The latest version of our Privacy Policy can be found on our website.