compliance
Privacy Policy
CRO
TAG 2
Tag 3

About us

  • Company: IOMED MEDICAL SOLUTIONS, S.L.
  • Postal address: C/ Sant Antoni Maria Claret, nº 167, 08025 Barcelona, Spain
  • Tax Identification Number (NIF): B66774969
  • DPO: GRUPO ATICO34 SL, email: dpo@iomed.health

IOMED is the data controller responsible for the processing of personal data described in this Policy.

For What Purposes Do We Process Your Personal Data?

  • Directly Collected Personal Data
Purpose of Processing Sub-purpose Categories of Personal Data Legal Basis for Processing
Customer and Supplier/Data Holder Management Contract management: onboarding, offboarding, monitoring contractual relationship Identifying data: name, surname, position;
Contact data: postal address, email;
ID/Tax identification number;
Signature 		Execution of a contract
Accounting, billing, and tax obligations Invoice information, financial data Financial data;
Identifying data;
Bank account information 		Compliance with legal obligation
Supplier Management: Inspectors Evaluation of quality of tasks Identifying data;
Work performance data;
Contact information;
Annotations in pseudonymized hospital notes 		Legitimate interest
Event Management Coordination, hosting, and management of participation in events and webinars Identifying data: name, surname;
Contact data: country, corporate email;
Employment details 		Consent
Commercial communications Sending emails about services, promotions, or products Name, surname;
Contact data;
Job title 		Consent
Marketing activities Surveys, webinar recordings, user profiling Identifying data;
Preferences;
Behavior;
Recordings 		Consent (Art. 6.1.a GDPR) or Legitimate interest (Art. 6.1.f GDPR)

  • Website Users, Digital Communication, and Newsletter Subscribers
Purpose of Processing Sub-purpose Categories of Personal Data Legal Basis for Processing
Newsletter Management N/A Contact Information: Corporate Email Address Consent
Website Management Management of inquiries through website Identifying data: Name, Surname;
Contact info;
Employment details;
Message content 		Execution of pre-contractual measures
Prospects Management Manage information requests about IOMED products/services Name, Surname;
Corporate Email Address 		Execution of pre-contractual measures
Communication & Promotion Communication about IOMED activities Name, Surname;
Image;
Signature on Image Authorization 		Legitimate interest; Consent for image use
Social Media Management Interaction with social media users and audience statistics Name, Surname;
Image;
Signature on Image Authorization 		Consent

  • Job Applicants
Purpose of Processing Sub-purpose Categories of Personal Data Legal Basis for Processing GDPR Article 9 (if applicable)
Staff Selection Management of recruitment Name, Surname;
Contact info;
CV data;
Professional experience;
Interview details;
Position and contract info 		Execution of pre-contractual measures; Legitimate interest N/A (or consent if data from LinkedIn)

  • Indirectly Collected Personal Data (Patients & Healthcare Professionals)
Purpose of Processing Sub-purpose Categories of Personal Data Legal Basis for Processing GDPR Article 9 (if applicable) Source
AI Development Creation of training databases Patient data: identification, contact, health data;
Pseudonymized dataset;
Health data of relatives;
Healthcare professional data 		Legitimate interest; Scientific research Processing necessary for scientific research Private healthcare centers

Retention of Personal Data

Personal data will be retained only as long as necessary to fulfill the purposes described above and to comply with applicable legal, tax, accounting, or contractual obligations. For newsletters, data is retained until consent is withdrawn.

Data Security Measures

IOMED implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. Access is limited to authorised personnel and third parties under confidentiality obligations. Security incidents are handled promptly, with notification to affected individuals and authorities as required by law.

Sharing of Personal Data

Third parties that may access data include:

  • Financial institutions (e.g., for invoice payments)
  • Investors and potential investors
  • Service providers under data processing agreements (e.g., accountants, cloud hosting, email services)
  • Public authorities when legally required (e.g., tax or law enforcement agencies)

International Transfers

  • Data may be transferred outside the EEA if:
  • The destination country is deemed adequate by the European Commission, or
  • Appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

User Rights

You have the following rights under GDPR:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion under certain conditions
  • Restrict processing in specific cases
  • Object to processing, including for direct marketing
  • Data portability
  • Opt out of automated decision-making
  • Withdraw consent at any time

Requests can be sent to dpo@iomed.health or by post to our company address. Complaints can also be submitted to the Spanish Data Protection Agency (AEPD).

Cookies and Tracking

Some data is collected via cookies. For more details, consult our Cookies Policy.

Intellectual Property Rights

All website content, software, and services provided by IOMED are protected under copyright and intellectual property laws. Users may not reproduce, modify, or distribute content without prior written consent. Users must respect third-party software rights and comply with applicable laws.

Hosted Information

IOMED performs regular backups but is not liable for accidental deletion or loss caused by users. Data restoration is only included if the loss is attributable to IOMED.

Commercial Communications

IOMED will not send unsolicited promotional communications. Communications related to prior contractual relationships are allowed. Users can opt out at any time.

External Links

IOMED is not responsible for the privacy policies of external sites linked from our website. Users are advised to review the privacy terms of any external site visited.

Contact

Questions regarding this Privacy Policy or personal data can be directed to our DPO at: dpo@iomed.health

This Privacy Policy has been formally approved and signed by IOMED’s Management, reaffirming our commitment to quality, regulatory compliance, and continuous improvement.

Signed by IOMED’s CEO (22/Oct/2025)

Mr. Rohit Mistry

Keep Updated!
Join our newsletter to receive updates and news about the healthcare data sector.
IOMED Medical Solutions, S.L. will process your data to send you its newsletter, based on your consent. Data may be shared with our IT, marketing, and advertising service providers. International data transfers will occur. You may withdraw your consent by clicking the unsubscribe link included in each newsletter. You have the right to access, rectify, delete, restrict, or request the portability of your data by sending an email to dpo@iomed.health or to the postal address indicated in the additional information available at: https://www.iomed.health/policies/privacy-policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About
R + D + I
EHDS
Life at IOMED
Peer-reviewed Scientific Publications
Data Space Platform
Data Space Enablement
Data Space Mediation
Our Technology
Explore DSP Mediation Features
For Whom
Healthcare Organizations
Contract Research Organizations
Life Science Companies
Use Cases
What´s New
News
Blog
Contact Us
LINKEDIN
GITHUB
YOUTUBE
Copyright © 2024 IOMED
Compliance
Privacy Policy
Cookie Policy
Legal Notice
Quality Policy
DPO
Security Policy