Privacy Policy
GENERAL INFORMATION
Effective date:
11 September 2025
Controller (for PrimumAI’s own data):
PrimumAi Limited (CRO 777714)
Processor (for Clinic patient data):
PrimumAi Limited
DPO & Privacy contact
harsh@primumai.eu
Lead supervisory authority:
Data Protection Commission (Ireland)
Table of Contents
- 1. Scope & Roles
- 2. Contact Details & DPO
- 3. Personal Data We Process (Controller role)
- 4. Our Purposes & Legal Bases
- 5. Special Category Data
- 6. Children
- 7. Sharing & Sub-processors
- 8. International Transfers
- 9. Security (Summary)
- 10. Retention
- 11. Your Rights
- 12. How to Make a Request
- 13. AI Transparency
- 14. Cookies & Consent
- 15. Changes
- 16. Complaints
PrimumAI — Privacy & Cookies Policy (Ireland/EU)
1. Scope & Roles
- Processor role:patient data handled for Clinics. Clinic is Controller; PrimumAI follows instructions.
- Controller role:our own business data (accounts, billing, service emails, product telemetry, website analytics/consents, vendor management, security logs). We do not act as Controller for patient records.
2. Contact Details & DPO
- Email:harsh@primumai.eu (also for deletion requests)
- Office:Apartment 31, Block B02, Roselawn, Knocksinna Court, Blackrock, Co. Dublin, A94 A4T8
3. Personal Data We Process (Controller role)
- Identity/contact; account/usage; support tickets; billing (no card numbers stored); website/consent info. No patient records.
4. Our Purposes & Legal Bases
- Contract:provide service, support, billing.
- Legitimate interests:security, availability, product improvement (aggregated).
- Legal obligations:tax, lawful disclosures.
- Consent:marketing comms, non-essential cookies.
5. Special Category Data
- Not as Controller. As Processor, handle patient health data on Clinic instructions under Art 9(2)(h).
6. Children
- Service targets professionals. Clinics remain responsible if minors’ data is entered. Age of digital consent in IE = 16.
7. Sharing & Sub-processors (Controller role)
- AWS EU, Microsoft Azure EU, AWS SES/SNS, Twilio (EU endpoints), analytics (consent-based), payment providers (if used). All under DPAs. Live sub-processor list available.
8. International Transfers
- EEA by default. If transfer required: SCCs + TIAs + supplementary measures. Regions listed in Annex C.
9. Security
- We apply Annex B TOMs: encryption, MFA, RBAC, tenant isolation, logging/monitoring, incident response.
10. Retention
- Controller data:kept during account, then deleted/anonymised; backups purge within 30–45 days. Billing follows statutory rules.
- Processor data:retained only as instructed by Clinic. Requests for deletion should be sent to harsh@primumai.eu.
11. Your Rights (Controller data)
- Access, rectification, erasure, restriction, portability, objection, withdraw consent. Request via harsh@primumai.eu. One month to reply (extensions possible).
12. How to Make a Request
- Send email to harsh@primumai.eu. We verify identity, assess scope, act, and confirm. For patient data, contact your Clinic (we assist them).
13. AI Transparency
- AI suggestions are drafts; clinician approves. EU region AI services configured to not train on Clinic data. Clinics can disable AI features.
14. Cookies & Consent
- Essential cookies only. Analytics/performance cookies off by default, require opt-in. Consent stored.
- Examples:app_session (necessary); consent_state (necessary); analytics_id (consent).
15. Changes
- We update this policy and notify of material changes.
16. Complaints
- Contact harsh@primumai.eu. You may escalate to the Data Protection Commission (dataprotection.ie). We will cooperate fully.
Let’s Connect With Us
By doctors who’ve felt the grind, for doctors who deserve the time.
Copyright © PrimumAi 2024 | Built by PrimumAi