プライバシーポリシー

1. Introduction

GEXAURA (“we,” “our,” or “us”), operated by Gexiro Global Enterprises Ltd, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our intelligent dental concierge service.

We comply with the EU General Data Protection Regulation (GDPR), the Gibraltar Data Protection Act 2004, and applicable local data protection laws in the jurisdictions where we operate.

2. Information We Collect

2.1 Information You Provide

• Contact information (name, email, phone number)
• Clinic information (name, address, specialty)
• Patient communication data (appointment requests, inquiries)
• Payment information (processed securely through third-party processors)

2.2 Automatically Collected Information

• Usage data (interactions with our system)
• Technical data (IP address, browser type, device information)
• Conversation logs (for quality assurance and system improvement)

3. How We Use Your Information

We use collected information to:

• Provide and maintain our concierge service
• Process appointments and patient inquiries
• Improve system performance and service quality
• Communicate with you about service updates
• Comply with legal obligations
• Detect and prevent fraud or abuse

4. Data Storage and Security

4.1 Data Location

All data is stored on ISO 27001-certified servers located within the European Economic Area (EEA). We select data center locations based on your clinic's region to ensure optimal performance and compliance.

4.2 Security Measures

• End-to-end encryption for all data transmission (TLS 1.3)
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and multi-factor authentication
• Automated backup and disaster recovery systems

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Third-party vendors who assist in service delivery (under strict confidentiality agreements)
• Legal Requirements: When required by applicable law
• Business Transfers: In the event of a merger or acquisition (with notice to affected parties)

6. Your Rights (GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”)
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain types of data processing
• Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

7. Data Retention

• Patient conversation logs: 12 months (for quality assurance)
• Account information: Duration of service + 3 years (legal compliance)
• Anonymized analytics: Indefinitely (for system improvement)

8. Cookies and Tracking

We use essential cookies for service functionality and optional analytics cookies (with your consent). You can manage cookie preferences in your browser settings.

9. Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect data from minors without parental consent.

10. International Data Transfers

If data transfer outside the EEA is necessary, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Explicit user consent

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on our website.

12. Contact Information

Data Controller: Gexiro Global Enterprises Ltd

Address: Eurotowers, 2 Europort Rd, GX11 1AA Gibraltar

Contact: Contact Form

13. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority, or with the Gibraltar Regulatory Authority (GRA), if you believe your rights have been violated.