Skip to content
Login / Sign up

Privacy Policy

Last updated: July 29, 2025

1. Who is responsible for processing your data?

Gemedata Inc. is responsible for processing your personal data for the purpose of providing you with the services of our website and History.

Gemedata, Inc. is a company domiciled at 2646 South Governors Ave #26461, Dover, DE 19904, United States, and its Employer Identification Number (EIN) is EIN 36-5132321 (hereinafter, "Gemedata").

At Gemedata we are committed to the fundamental right to the protection of your personal data and this privacy policy aims to inform you about your rights under the General Data Protection Regulation ("GDPR").

2. Gemedata as the data controller

Gemedata acts as the data processor insofar as it processes your data as a provider of a platform service (Historia) contracted by the dental clinics that supervise it.

This Privacy Policy does not apply to the processing of your personal data by clinics that have contracted Histora, but it does apply to the information provided here and, specifically, to the particular use that patients make of Histora outside of our service to dental clinics and the consent they give us for Gemedata's own purposes. If you wish to exercise your data protection rights in relation to the activities carried out by these clinics, you may do so in accordance with this Privacy Policy or in accordance with the privacy policies and notices of the clinic that has contracted Histora.

3. What information do we process?

1) Data that you provide directly:

We collect information about you when you contact us through the channels enabled for this purpose, such as contact forms.

When you contact us through these channels, we will ask for your first and last name, email address, professional details, telephone number, and company name. We may also request your national identity card, foreign resident card, or passport if we deem it necessary to authenticate and identify you, preventing any type of fraud or unauthorized access.

All fields marked with an asterisk (*) on the forms provided through our channels are mandatory. Failure to complete any of these fields may prevent us from providing the requested services. You must provide truthful information; impersonation or the use of aliases or anonymous names is prohibited.

If you are a patient and are using Histora's services, we will process your identification, contact, and health data as data controllers in order to allow the free transfer of your data to other clinics that have contracted Histora's services, as well as other functionalities that you expressly authorize us to use, in accordance with section five of this policy.

As a platform service provider, we process your data in a properly pseudonymized form as data processors, minimizing your identification to the greatest extent possible. Gemedata may use your fully de-identified, aggregated, and anonymized data for medical research purposes. You can find more information about this anonymization process in section five of this policy.

When providing any data that may be requested through the channels, you may not choose offensive expressions, or expressions that coincide with trademarks, trade names, or names or pseudonyms of publicly relevant or famous people for whose use you are not authorized.

To ensure that the information provided is always up-to-date and error-free, you must notify Gemedata as soon as possible of any changes to your personal data.

Furthermore, by clicking the "Accept" (or equivalent) button incorporated in these forms, you declare that the information and data you have provided in them are accurate and truthful.

2) Data obtained indirectly:

When you browse, different cookies and other tracking devices may be installed on your device, as explained in our Cookie Policy.

4. What is the origin of the data?

We consider that all data processed by Gemedata has been provided by you freely.

If the personal data you provide belongs to a third party, you guarantee that you have informed them of this Privacy Policy and obtained their authorization to provide the data to Gemedata for the purposes indicated above. You also guarantee that the data provided is accurate and up-to-date, and you are responsible for any direct or indirect damage or loss that may be caused as a result of failing to comply with this obligation.

5. For what purpose and on what legal basis do we process the data?

Gemedata acts as the data controller for the following purposes and in accordance with the following legal bases:

Based on the management of the contractual or pre-contractual relationship:

  • To provide you with the services you have requested, should you continue to contract any of our products and services.
  • To attend to your requests for information on any matter in which we can help you.
  • We will contact you if we detect any suspicious activity, such as an attempt to log in to your Google account from an unusual location. In your case, we may terminate your service for violating the Patient Terms and Conditions of Use or the License Agreement, if you are a healthcare professional.

Based on Gemedata's compliance with its legal obligations:

  • To allow users to exercise their rights recognized in the GDPR (access, rectification, erasure, objection, restriction of processing and portability), as well as in other national or European data protection regulations.
  • To comply with the obligations set forth in the tax, accounting and fiscal regulations, as well as in the legislation on the protection of consumers and users, information society services and electronic commerce, and any other sectoral or general regulations that are applicable to the activity carried out by Gemedata.

Based on the specific, free and unambiguous consent that you may give us at the time of collecting your data:

  • In your case, to keep you informed about products, services and events not related to contracted products, whether our own or those of third parties, always sent through Gemedata by electronic means.
  • If you so wish, and with your explicit consent, we can transfer your data to the clinic of your choice, so that you can continue receiving your medical treatment at any clinic that has contracted our services.
  • With your explicit consent, we can completely dissociate your data from your patient account and from you personally, securely anonymizing your data and preventing any subsequent identification. If we are unable to fully dissociate your data, we will request additional consent for the use of this data for the same purposes.
  • [OPTIONAL] If you agree, we will process your data collected through cookies or similar technologies, provided they are not essential for providing you with the service properly. For more information, please see our Cookie Policy.

Based on the existence of a legitimate interest on the part of Gemedata:

  • To keep you informed, if you are a clinic staff member, about Gemedata products and services related to those previously contracted and that may be of interest to you.
  • Conduct regular reviews of our services and carry out satisfaction surveys in order to evaluate and improve the quality of the service we provide.
  • To conduct analyses on the use of our products and services in order to implement improvements, new functionalities, and compile statistics that can help us continue to grow.
  • Conduct internal reviews and, where appropriate, contact the affected party if suspicious activities are detected or there are well-founded suspicions regarding possible fraud or identity theft.
  • [OPTIONAL] To monitor network traffic and identify suspicious requests that may compromise security, as well as to allow you to connect to our products and services. For more information, please visit our Cookie Policy.

However, if you do not wish your data to be processed for these purposes, you can object at any time by contacting us at info@gemedata.com as indicated in the Exercising Your Rights section of this Privacy Policy.

6. To whom is personal data communicated?

All transfers of personal data that we carry out are necessary for the fulfillment of the stated purposes, or are carried out to comply with a legal obligation:

  • To the public administrations and the administration of justice, and to the bodies responsible for enforcing the law in compliance with the legal obligations that apply to us.
  • Companies that provide IT services, tools or IT infrastructure on which the services provided by Gemedata are based, such as hosting providers, back-end, databases, CRMs, email service companies, etc.
  • Clinics with which you freely and knowingly wish to share your information as a patient.

In this regard, we inform you that any transfer that takes place will be carried out taking into account all necessary legal safeguards. Furthermore, we guarantee that we sign specific contracts with all our service providers in accordance with applicable regulations.

Gemedata is based in the United States of America and guarantees that your data is processed under a similar level of protection and that the necessary precautions are taken to ensure that data can be transferred securely. This is achieved either because the provider offers adequate safeguards, such as signing the European Commission's Standard Contractual Clauses, or because one of the exceptions included in the regulations applies. Similarly, Gemedata establishes additional safeguards in the contracts it signs with its suppliers who may access your personal data.

If you are a patient and freely and knowingly choose to share your data with a clinic that has contracted Histora's services, the legal basis for this transfer will be your explicit consent given before the transfer. You can revoke this consent at any time by stopping the receiving clinic's access to your personal data through your profile's privacy settings. This does not prevent Gemedata from using Standard Contractual Clauses or other mechanisms established by law to provide greater security for your personal data in the country where the receiving clinic is located.

7. Exercising your rights

We inform you that you can exercise the following rights:

  • Right of access to your personal data to know which data is being processed and the processing operations carried out with it.
  • Right to rectification of any inaccurate personal data.
  • Right to erasure of your personal data, where this is possible.
  • Right to request the limitation of the processing of your personal data when the accuracy, legality or necessity of the data processing is doubtful, in which case, we may retain the data for the exercise or defense of claims.
  • Right to object to automated decision-making, including profiling.
  • Right to object to the processing of your personal data when the legal basis that allows us to process them, according to section 4 above, is legitimate interest.
  • Right to data portability, when the legal basis that allows us to process them among those indicated in section 4 above is the existence of a contractual relationship or your consent.
  • Right to revoke the consent given to Gemedata.

You can exercise your rights at any time and free of charge in the following ways:

  • By sending an email to info@gemedata.com using the email address you used to register or contact us and indicating the right you wish to exercise.
  • By sending a written request to Gemedata's registered office at 2646 South Governors Ave #26461, Dover, DE 19904, United States, indicating the right you wish to exercise.

In addition, when you receive any communication from us, by clicking on the unsubscribe section that will be contained in that communication, you can unsubscribe from all previously agreed-upon marketing communications.

When you exercise your rights, and only if we have doubts about your identity, we may request additional information to verify your identity.

We also inform you that you have the right to file a complaint with the Spanish Data Protection Agency if you believe that we have committed an infringement of data protection legislation in relation to the processing of your personal data.

Furthermore, we inform you that you can register on the Robinson List at www.listarobinson.es: the advertising opt-out system managed by the Spanish Association of Digital Economy (ADIGITAL); or on the StopAdvertising List of the Spanish Association for Digital Privacy at https://listastoppublicidad.com/es/home; where you can register to show your opposition to the use of your data for the purpose of sending you commercial communications.

8. Data retention period

We will process your data until you exercise your right to erasure, objection, or when you wish to withdraw your consent, except when your data is necessary to manage the service.

Once the service has ended, they will only be available if there is a legal obligation (derived from a request from the State Security Forces or Courts of Justice), if we need to defend ourselves against possible claims or if you exercise your rights.

9. Security and confidentiality

In order to prevent unauthorized access or unauthorized disclosure of personal data, we have taken appropriate technical and physical measures, as well as management processes, to safeguard and secure the information we collect from you.

10. Minors

Children under 14 years of age may not use the services available through our website without the prior authorization of their parents, guardians, or legal representatives, who will be solely responsible for all actions taken through the site by the minors under their care, including completing forms with the personal data of said minors and, where applicable, checking the corresponding boxes. In this regard, and to the extent that Gemedata has no ability to verify whether users are minors or not, parents and guardians must implement the necessary mechanisms to prevent their children from accessing the website and/or providing personal data without their supervision, and Gemedata accepts no liability in this respect.

11. Privacy policy update

We make every effort to keep our privacy policy fully up to date. If we make changes, these will be clearly and specifically identified, to the extent possible, within our relationship with you (for example, we may communicate changes via email).

This privacy policy was reviewed and published on July 29, 2025.

12. Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Histora by Gemedata
2646 South Governors Ave #26461
Dover, DE 19904, USA
Email: info@gemedata.com