Skip to main content

Web and Histora Privacy Policy

1. Who is responsible for processing your data?

Gemedata Inc. is responsible for processing your personal data for the purposes of providing you with the services of our Website and Histora.

Gemedata, Inc. is a company domiciled at 2646 South Governors Ave #26461, Dover, DE 19904, United States, and its Employer Identification Number (EIN) is EIN 36-5132321 (hereinafter, "Gemedata").

At Gemedata we are committed to the fundamental right to the protection of your personal data and this privacy policy is intended to inform you about your rights under the General Data Protection Regulation ("GDPR").

2. Gemedata as data processor

Gemedata acts as a data processor insofar as it processes your data as a provider of a Platform service (Histora) contracted by the dental clinics that supervise you.

This Privacy Policy will not apply to the processing carried out on your personal data by the clinics that have contracted Histora, but it will apply to what is reported here and, specifically, to the particular use that patients make with Histora outside of our service to dental clinics and the consent you give us for Gemedata's own purposes. If you wish to exercise your rights regarding data protection in relation to the activities carried out by these clinics, you can exercise your rights regarding data protection in accordance with what is established in this Privacy Policy or in accordance with the privacy policies and notices of the clinic that has contracted Histora.

3. What information do we process?

1) Data you provide directly:

We collect information about you when you contact us through the channels enabled for this purpose, such as contact forms.

When you contact us through said channels, we will request your name and surname, email, professional data, telephone number and company name. We may also request your ID, NIE or passport in case we consider it necessary to authenticate and identify you solely, avoiding any type of fraud or unauthorized access.

All fields that appear marked with an asterisk (*) in the forms provided to you in the channels will be mandatory, so that the omission of any of them could result in the impossibility of providing you with the requested services. You must provide truthful information; identity theft or the use of aliases or anonymous names is prohibited.

If you are a patient and are using Histora services, we will process your identifying, contact and health data as controllers for the purpose of allowing you the free transfer of your data to other clinics that have contracted Histora services, as well as other functionalities that you expressly authorize us, in accordance with section five of this policy.

As a provider of a Platform service, we process your duly pseudonymized data as data processors, reducing your identification to the maximum extent possible. Gemedata may use your completely dissociated, aggregated and anonymous data for medical research purposes. You can obtain more information about said anonymization treatment in section five of this policy.

You may not, when providing any data that may be requested in the channels, choose injurious expressions, coinciding with trademarks, trade names, names or pseudonyms of publicly relevant or famous characters for whose use you are not authorized.

So that the information provided is always updated and does not contain errors, you must communicate to Gemedata, as soon as possible, the modifications to your personal data that occur.

Likewise, by clicking on the "Accept" button (or equivalent) incorporated in said forms, you declare that the information and data that you have provided in them are accurate and truthful.

2) Data obtained indirectly:

When you browse, different cookies and other tracking devices may be installed on your device, as we explain in our Cookie Policy.

4. What is the origin of the data?

We consider that all data processed by Gemedata has been provided by you freely.

In case the personal data provided belongs to a third party, you guarantee that you have informed them of this Privacy Policy and have obtained their authorization to provide the data to Gemedata for the purposes indicated above. Likewise, you guarantee that the data provided is accurate and updated, and you are responsible for any damage or harm, direct or indirect, that could be caused as a consequence of non-compliance with such obligation.

5. For what purpose and with what legitimizing basis do we process the data?

Gemedata acts as data controller for the following purposes and in accordance with the following legitimizing bases:

Based on the management of the contractual or pre-contractual relationship:

  1. Provide you with the services you have requested, in case you continue with the contracting of any of our products and services.
  2. Attend to your requests for information on any matter in which we can help you.
  3. Communicate with you if we detect any suspicious activity, such as an attempt to log into your Google account from an unusual location. Where appropriate, we may communicate the termination of the service for violating the Terms and Conditions of Use for Patients or the License Agreement, if you are a healthcare professional.

Based on compliance with Gemedata's legal obligations:

  1. Allow users to exercise their rights recognized in the GDPR (access, rectification, deletion, opposition, limitation of processing and portability), as well as in other national or European data protection regulations.
  2. Comply with the obligations provided for in tax, accounting and tax regulations, as well as in legislation on consumer and user protection, information society services and electronic commerce, and any other sectoral or general regulations that are applicable to the activity developed by Gemedata.

Based on the specific, free and unequivocal consent that, where appropriate, you grant us at the time of collecting your data:

  1. Where appropriate, keep you informed about products, services and events not related to contracted products, our own or third parties, always sent through Gemedata by electronic means.
  2. In case you so wish, and granting the corresponding explicit consent, we may transfer your data to the clinic you wish, for the purpose of being able to continue receiving your medical treatment at any clinic that has contracted our services.
  3. With your explicit consent, we may completely dissociate your data from your patient account and from you, anonymizing your data in a secure manner, preventing any subsequent identification. In case we cannot proceed completely with said dissociation with respect to your data, we will ask for additional consent for the use of this data for the same purposes.
  4. [OPTIONAL] If you accept it, we will process your data collected through cookies or similar technologies, provided they are not essential to provide you with the service correctly. For more information, consult our Cookie Policy.

Based on the existence of a legitimate interest on the part of Gemedata:

  1. Keep you informed, if you are clinic staff, about Gemedata's products and services, related to those previously contracted and that may be of interest to you.
  2. Carry out periodic reviews of our services and conduct satisfaction surveys in order to evaluate and improve the quality of the service we provide.
  3. Perform analytics on the use of our products and services in order to implement improvements, new functionalities and compile statistics that can help us continue growing.
  4. Carry out internal reviews and, where appropriate, contact the affected party in the event that suspicious activities are detected or there are founded suspicions in relation to possible fraud or identity theft.
  5. [OPTIONAL] Perform network traffic control and identify suspicious requests that may compromise security, as well as allow you to connect to our products and services. For more information, visit our Cookie Policy.

However, if you do not want your data to be processed for these purposes, you can object at any time by contacting us through info@gemedata.com as indicated in the Exercise of Rights section of this Privacy Policy.

6. To whom are personal data communicated?

All transfers of personal data that we make are necessary for the fulfillment of the indicated purposes, or are made to comply with a legal obligation:

  1. To public administrations and administration of justice, and to law enforcement agencies in compliance with the legal obligations that apply to us.
  2. Companies providing computer services, tools or computer infrastructure on which the services that Gemedata provides are based, such as hosting providers, back-end, databases, CRMs, emailing service companies, etc.
  3. Clinics with which, freely and informedly, you want to share your information as a patient.

In this regard, we inform you that any transfer that occurs will be carried out taking into account all the necessary legal safeguards. Likewise, we guarantee that we sign specific contracts with all our service providers as established by regulations.

Gemedata is established in the United States of America, and guarantees that your data is processed under a similar level of protection and that the necessary precautions are taken to guarantee that data can be transferred safely, either because the provider offers adequate guarantees, through, among others, the signing of Standard Contractual Clauses of the European Commission, or one of the exceptions included in the regulations is met. Similarly, Gemedata establishes additional protection measures in the contracts it signs with its providers that may access your personal data.

If you are a patient, and you decide to share your data freely and informedly with a clinic that has contracted Histora services, the legal basis for said transfer will be your explicit consent given prior to the transfer. You may revoke that consent at any time, interrupting access by the recipient clinic to your personal data, through the privacy settings of your profile. This does not constitute an obstacle for Gemedata to resort, through a contract, to Standard Contractual Clauses or other mechanisms established in the regulations to provide greater security to your personal data in the country where the recipient clinic is established.

7. Exercise of your rights

We inform you that you may exercise the following rights:

  1. Right of access to your personal data to know which are being processed and the processing operations carried out with them.
  2. Right to rectification of any inaccurate personal data.
  3. Right to deletion of your personal data, when this is possible.
  4. Right to request the limitation of the processing of your personal data when the accuracy, legality or necessity of data processing is doubtful, in which case, we may retain the data for the exercise or defense of claims.
  5. Right to oppose automated decision-making, including profiling.
  6. Right to object to the processing of your personal data when the legal basis that enables us to process it, according to section 4 above, is legitimate interest.
  7. Right to portability of your data, when the legal basis that enables us to process it among those indicated in section 4 above is the existence of a contractual relationship or your consent.
  8. Right to revoke the consent granted to Gemedata.

You may exercise your rights at any time and free of charge in the following ways:

  1. By sending an email to info@gemedata.com using the email address with which you registered or communicated with us and indicating the right you wish to exercise.
  2. By sending a written request to Gemedata's registered office at 2646 South Governors Ave #26461, Dover, DE 19904, United States; or to Gemedata's representative in the Union at the address ____________., indicating the right you wish to exercise.
  3. In addition, when you receive any communication from us, by clicking on the unsubscribe section that will contain that communication, you may unsubscribe from all sending of commercial communications previously accepted.

When you exercise your rights, and only in case we have doubts about your identity, we may request additional information to verify your identity.

Likewise, we inform you that you have the right to file a complaint with the Spanish Data Protection Agency if you consider that we have committed an infringement of data protection legislation regarding the processing of your personal data.

In addition, we inform you that you can sign up for the Robinson List at www.listarobinson.es: the advertising exclusion system managed by the Spanish Digital Economy Association (ADIGITAL); or in the StopPublicidad List of the Spanish Association for Digital Privacy at https://listastoppublicidad.com/es/home; in which you can register in order to show your opposition to the use of your data for the purpose of sending you commercial communications.

8. Data retention period

We will process your data until you exercise your right to deletion, objection or when you want to withdraw your consent, except when your data is necessary to manage the service.

Once the service is finished, they will only be available in case there is a legal obligation (derived from a request from the State Security Forces and Bodies or from Courts and Tribunals), in case we need to defend ourselves against possible claims or in case you exercise your rights.

9. Security and confidentiality

In order to prevent unauthorized access or unauthorized disclosure of personal data, we have taken appropriate technical and physical measures, as well as management processes to safeguard and secure the information we collect from you.

10. Minors

Children under 14 years of age may not use the services available through our website without prior authorization from their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the site by the minors in their charge, including the completion of forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them. In this regard, and to the extent that Gemedata does not have the capacity to control whether users are minors or not, parents and guardians must enable the necessary mechanisms to prevent them from accessing the website and/or providing personal data without their supervision, with Gemedata not accepting any responsibility in this regard.

11. Privacy policy update

We make our best efforts to keep our privacy policy fully updated. If we make changes, these will be clearly identifiable in a clear and specific manner, as possible in the relationship we have established with you (for example: we can communicate the changes by email).

This privacy policy has been reviewed and published on July 29, 2025.