Privacy Policy – Vigintake

1. Introduction

Vigintake S.L. is committed to protecting your personal data and ensuring transparency about how we collect, process, and store it. This privacy policy outlines your rights and our responsibilities under the General Data Protection Regulation (GDPR), the Spanish Organic Law 3/2018 on Data Protection and Digital Rights Guarantee (LOPDGDD), and other applicable privacy regulations.

2. Data collected

Data collected via the app

• Social media and e-commerce – Public comments, reviews, and associated usernames.
• Market authorization holders – Data provided for patient safety pharmacovigilance case intake.

Types of data collected may include:

• Public usernames and profile data
• Public comments and reviews
• Health-related content included in social media posts or reviews

Data collected via the website

In addition to the data collected via the app, the Vigintake website collects additional data through:

• Navigation data: We automatically receive your device’s IP address when you visit our website to analyze general trends and improve the service. This information is not shared with third parties without consent. For more information, please see our cookie policy at https://vigintake.com/cookies
• Purpose: To analyze user navigation behavior and generate statistical insights using cookies and other tracking technologies.
• Form submissions – Users may voluntarily provide their name, surname, phone number, company, and email address when filling out contact or demo request forms on the website.
• Purpose: To respond to inquiries, provide requested information about our services, and facilitate business communications.

All collected data is processed in accordance with GDPR, LOPDGDD, and other relevant data protection regulations.

3. Use of data

We process personal data for:

• Pharmacovigilance compliance, including identifying potential adverse drug reactions.
• AI processing and analysis to automate literature and review analysis.
• Regulatory compliance to meet legal obligations under EMA and FDA regulations.

4. Legal basis for processing

We process your personal data based on:

• Legitimate interest (Article 6.1.f GDPR) – Monitoring drug safety.
• Legal obligation (Article 6.1.c GDPR) – Required reporting for pharmacovigilance.
• Consent (Article 6.1.a GDPR) – If explicitly provided.

5. Data retention

We retain personal data only as long as necessary for its intended purpose and regulatory compliance. After this period, data is securely deleted.

6. Rights under GDPR and Spanish Law

You have the right to:

• Access and correct your personal data.
• Request the erasure of your data (right to be forgotten).
• Object to or restrict data processing in certain cases.
• Request data portability, receiving a structured file of your data.

To exercise your rights, contact dpo@vigintake.com.

7. Protection of data

We implement:

• Encryption of stored and transmitted data.
• Strict access controls with multi-factor authentication.
• Secure data storage with regular security audits.
• Regular employee training on data protection obligations.

8. Sharing & third-party access

We do not sell personal data. Data may be shared:

• With regulatory authorities for pharmacovigilance compliance.
• With service providers processing data on our behalf under strict GDPR agreements.

9. International data transfers

All personal data is stored and processed on the Google Cloud Platform in Belgium, (EU). Any transfer of data outside the European Economic Area (EEA) will only occur under legal safeguards such as Standard Contractual Clauses approved by the European Commission.

10. Data breach policy

In the event of a data breach:

• We will notify authorities, including the Spanish Data Protection Agency (AEPD), within 72 hours if required.
• Affected individuals will be informed if there is a high risk to their rights and freedoms.

11. Automated Decision-Making and AI

We use artificial intelligence techniques to support triage and suggestions based on data analysis. However, all decisions are reviewed and approved by human experts, and no final decision is made solely by AI. Data subjects have the right to request human intervention and express their views regarding automated processes.

12. Cookie Policy

Our use of cookies and similar tracking technologies is described in detail in our cookie policy, accessible at https://vigintake.com/cookies.

13. Contact & complaints

For privacy-related questions or to exercise your data protection rights, contact us at dpo@vigintake.com. If your complaint is not resolved satisfactorily, you may also contact:

Agencia Española de Protección de Datos (AEPD)

Address: C/Jorge Juan, 6, 28001 Madrid, Spain

Phone: +34 901 100 099 / +34 91 266 35 17

Website: https://www.aepd.es

15. Data Protection Impact Assessment (DPIA)

We conduct and maintain Data Protection Impact Assessments for all high-risk processing activities involving personal data. Summaries or full DPIA documents are available upon request to demonstrate compliance.