Compliance
At Aimedis, compliance is a core part of how we build, operate, and maintain our digital services — covering privacy, health data, security, governance, and applicable regulatory requirements.
Table of Contents
- 01Our Compliance Commitment
- 02Privacy and Data Protection
- 03Health-Related Information
- 04Healthcare Privacy and Service Context
- 05Security and Risk Management
- 06Governance and Accountability
- 07Third-Party Providers and Processing Relationships
- 08International Data Transfers
- 09Cookies, Analytics, and Digital Transparency
- 10Data Rights and Requests
- 11Accessibility
- 12Incident Reporting
- 13Related Policies and Notices
- 14Continuous Improvement
- 15Changes to this Page
01Our Compliance Commitment
We are committed to operating our website and services in a manner that supports:
- privacy and data protection compliance
- appropriate handling of health-related and other sensitive data
- confidentiality and integrity of information
- risk-based technical and organizational safeguards
- transparency for users, patients, customers, and partners
- ongoing review and improvement of internal compliance practices
Our approach is designed to support trust, accountability, and responsible operation across our digital products and services.
02Privacy and Data Protection
Aimedis processes personal data in accordance with applicable data protection requirements, including the EU General Data Protection Regulation (GDPR) and, where relevant, applicable U.S. privacy laws and other local legal frameworks.
We apply data protection principles that include:
- lawfulness, fairness, and transparency
- purpose limitation
- data minimization
- accuracy
- storage limitation
- integrity and confidentiality
- accountability
We process personal data only where there is an appropriate legal basis and only to the extent necessary for legitimate business, operational, healthcare-related, contractual, legal, or security purposes.
Further details are set out in our Privacy Policy.
03Health-Related Information
Where our services involve health-related information or other sensitive data, we apply enhanced care in relation to collection, access, use, disclosure, retention, and protection.
Depending on the service, the data processed may include:
- medical or symptom-related information submitted by users
- images or uploads
- demographic details relevant to service delivery
- treatment-related communications
- billing or insurance-related information where applicable
We process such information only where a valid legal basis exists, including explicit consent where required, performance of healthcare-related services where applicable, compliance with legal obligations, or other lawful grounds recognized under applicable law.
04Healthcare Privacy and Service Context
Healthcare-related privacy obligations may vary depending on the nature of the service, the role of the participating entities and professionals, and the jurisdiction in which the service is provided.
For that reason, the privacy and compliance framework applicable to a specific Aimedis service may differ depending on whether the relevant activity concerns:
- general website use
- support or administrative communication
- healthcare-related interactions
- consultations or telehealth-related workflows
- patient-facing or partner-facing services
Where required, service-specific privacy notices, contractual terms, or operational controls apply in addition to this general Compliance page.
05Security and Risk Management
We maintain technical and organizational measures designed to protect personal data and other sensitive information against unauthorized access, misuse, loss, alteration, or disclosure.
These measures may include, as appropriate:
- encryption in transit
- role-based or otherwise limited access controls
- authentication and authorization procedures
- system monitoring, logging, and audit-supporting controls
- secure hosting and infrastructure practices
- internal confidentiality and access management procedures
- incident response and remediation processes
- vendor due diligence and contractual safeguards
Our safeguards are designed using a risk-based approach and may be updated over time to reflect operational, legal, and technical developments.
06Governance and Accountability
We take compliance seriously at both organizational and operational levels. Depending on the service and applicable requirements, this may include:
- internal ownership of privacy and compliance responsibilities
- documented policies and procedures
- review of data processing activities
- contractual controls with service providers
- access management and confidentiality obligations
- incident handling and escalation processes
- periodic updates to policies, notices, and operational controls
Where required by law, we support additional governance measures such as records of processing, processor agreements, and service-specific privacy documentation.
07Third-Party Providers and Processing Relationships
We may engage selected third-party providers to support hosting, infrastructure, communication services, payment processing, analytics, customer support, and related operational functions.
Where a third party processes personal data on our behalf, we seek to implement appropriate contractual safeguards and require processing to be carried out in line with applicable legal requirements.
Where relevant, the legal role of a third party may differ depending on the context. A provider may act as a processor, independent controller, or, in some cases, part of a shared or coordinated compliance arrangement, depending on the nature of the service and the applicable law.
08International Data Transfers
Because Aimedis may operate internationally and work with providers in multiple jurisdictions, personal data may be transferred to and processed outside the country in which it was collected.
Where required by applicable law, we use appropriate transfer mechanisms and safeguards for international data transfers. These may include:
- adequacy decisions
- standard contractual protections
- supplementary technical and organizational measures
- other lawful transfer mechanisms recognized under applicable law
10Data Rights and Requests
Depending on the jurisdiction and the applicable legal framework, individuals may have rights in relation to their personal data, including the right to:
- access personal data
- request correction of inaccurate data
- request deletion where applicable
- object to certain processing
- request restriction of processing
- withdraw consent where consent is the legal basis
- request portability where applicable
- opt out of certain communications or data uses where applicable
- lodge a complaint with a competent authority or regulator
Requests may be submitted to contact@aimedis.com
We may take reasonable steps to verify identity before fulfilling a request.
11Accessibility
We support the goal of making our website and digital services accessible and usable for as broad a range of users as reasonably possible.
If you experience difficulty accessing content or functionality on our website, or if you need assistance, you may contact us at contact@aimedis.com
We review accessibility-related feedback as part of our broader commitment to continuous improvement.
12Incident Reporting
If you have a privacy, security, or compliance-related concern, or if you wish to report a suspected issue relating to our website or services, please contact us:
We review relevant reports and address them in accordance with our internal procedures and applicable legal obligations.
14Continuous Improvement
Compliance is not a one-time exercise. We review and update our policies, notices, and controls from time to time to reflect changes in law, technology, business operations, service design, and risk environment.
15Changes to this Page
We may update this Compliance page from time to time. The most current version will be published on this page together with the revised effective date.
Compliance questions? Contact us or email contact@aimedis.com