GDPR Compliance Statement

Introduction

At Inquira Technologies B.V. (“Inquira Health,” “we,” “us,” or “our”), we are committed to protecting and respecting your privacy. This GDPR Statement explains how we collect, use, process, and protect your personal data, as well as the rights you have under the General Data Protection Regulation (GDPR).

Data Controller and Data Processor Roles

• Data Controller: For personal data that we collect directly (e.g. when you visit our website, sign up for an account, or otherwise engage with us), Inquira Technologies B.V. acts as the Data Controller, determining the purposes and means of processing.
• Data Processor: When we handle personal data on behalf of our healthcare customers or their technology partners (e.g. EHR providers), we act as a Data Processor. In these cases, the relevant healthcare organization or partner remains the primary Data Controller.

Data Collection and Use

We collect and process personal data only as necessary to provide and improve our services and to meet our legal or contractual obligations. Examples include:

• Account Information: To create and manage your user account
• Usage Data: To better understand how our services are used and to improve functionality and user experience
• Communication Data: To respond to inquiries, provide support, and send essential updates about our services
• Cookies and Tracking (Website): We may use strictly necessary cookies or similar technologies to ensure site functionality and enhance performance. Any optional cookies (e.g. analytics) require your consent

For detailed retention periods, children’s data handling, and cookie policies, please refer to our Product Privacy Policy and Website Privacy Policy.

Legal Basis for Processing

We process your personal data under the following GDPR legal bases:

• Consent: When you have explicitly agreed to receive certain communications (e.g. newsletters) or participate in certain optional features.
• Contract: When processing is necessary to perform our contractual obligations or to take steps at your request prior to entering into a contract.
• Legal Obligation: When processing is required to comply with applicable laws or regulations.
• Legitimate Interests: When processing is needed for our legitimate interests (or those of a third party) and does not override your rights and freedoms (e.g. improving our services, ensuring IT security).

Data Sharing and Transfers

• Third-Party Service Providers: We may share your personal data with trusted sub-processors who help us operate our services (e.g. hosting providers, payment processors). These providers are contractually bound to protect your data in accordance with GDPR standards.
• International Transfers: If we transfer your data outside the European Economic Area (EEA) or your local region, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs). We do not transfer patient or end-user data internationally unless explicitly agreed or required for billing or other lawful purposes.

For a complete list of our sub-processors, please visit our Sub-processor List.

Your Rights Under GDPR

You have several rights regarding your personal data, including:

1. Right to Access: Request a copy of your personal data.
2. Right to Rectification: Correct inaccuracies or complete incomplete data.
3. Right to Erasure (“Right to be Forgotten”): Request deletion of your data when it’s no longer needed for the purposes collected.
4. Right to Restriction: Limit how your data is processed in certain situations.
5. Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
6. Right to Object: Object to processing based on legitimate interests or direct marketing.
7. Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, please contact us at support@inquira.health. We may require proof of identity to ensure we disclose data only to the rightful owner.

Data Security

We implement technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures may include:

• Encryption of data at rest and in transit
• Access Controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection best practices

You can learn more about our security measures in our Trust Center.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal or contractual obligations. When no longer needed, we securely delete or anonymize your data in accordance with our retention policies. For detailed retention schedules, please see our Product Privacy Policy and Website Privacy Policy.

Changes to this GDPR Statement

We may update this GDPR Statement from time to time to reflect changes in our practices or in legal requirements. We will post any updates on this page and, if they are significant, notify you by email or through our services. Please check this Statement periodically to stay informed of any changes.

Contacting Data Protection Officer

For matters relating specifically to data protection, you can reach our Data Protection Officer at:

DPO: dpo@inquira.health

If you believe we have not addressed your concerns or complied with your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority.