Call us now:
Data Protection — GDPR
Privacy Policy
In compliance with Regulation (EU) 2016/679 (GDPR), this page explains how your personal data is processed on this website and within the NeuroVitale Blueprint platform.
01
Data controller
Controller
Dr. Camila Paz Trabucco Leiva
Service scope
Latin America and the European Union — 100% online service
Contact email
visitamedicaonline@gmail.com
Supervisory authority
The competent data protection authority in your country of residence
02
What data we collect and why
We collect only the data necessary to provide the requested services. Each processing activity is detailed below:
| Activity | Data processed | Legal basis | Retention |
|---|---|---|---|
| Online medical consultation | First name, surname, email, date of birth, reason for consultation, relevant medical history | Art. 6(1)(b) GDPR (contract) + Art. 9(2)(h) (healthcare provision) | Minimum 5 years in accordance with applicable healthcare regulations |
| NeuroVitale Blueprint | Name, date of birth, email, genealogical/family data, declared health data | Art. 6(1)(b) GDPR + Art. 9(2)(h) + explicit consent under Art. 9(2)(a) | 5 years from report issuance |
| Payment processing | Email. Card details are processed directly by Stripe — they are not stored by us | Art. 6(1)(b) GDPR (performance of a contract) | 5 years — applicable tax regulations |
| Contact form / waiting list | Name, email, message or reason for request | Art. 6(1)(a) GDPR (consent) | Until the request is resolved + 1 year |
Special category data (Art. 9 GDPR): Health data that you provide for the NeuroVitale Blueprint or during a medical consultation is special category data. We process it only with your explicit and separate consent, under the legal basis of healthcare provision. It is never transferred to third parties for commercial purposes.
03
Data processors
Your data may be processed by the following providers, always with GDPR-compliant safeguards:
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe Europe Ltd. | Payment processing | Ireland (EU) ✓ | Standard GDPR Data Processing Agreement — stripe.com/es/legal/dpa |
| Emergent.host | Hosting and generation of the NeuroVitale Blueprint | Under verification | Data Processing Agreement pending signature |
| SendGrid (Twilio) | Delivery of the Blueprint report by email | United States (Standard Contractual Clauses) | Standard Data Processing Agreement |
| Google LLC | Google Analytics — anonymized visit statistics | United States (Standard Contractual Clauses) | Activated only with prior user consent |
We do not transfer medical or health data outside the European Economic Area without appropriate contractual safeguards.
04
Your rights
You may exercise the following rights by emailing visitamedicaonline@gmail.com with a copy of your identity document:
- Access: know what personal data we process and how.
- Rectification: correct inaccurate or incomplete data.
- Erasure (right to be forgotten): request deletion of your data when it is no longer necessary, except where legal retention obligations apply (medical records: minimum 5 years).
- Portability: receive your data in a structured, machine-readable format.
- Restriction of processing: ask us to suspend the use of your data in certain circumstances.
- Objection: object to processing based on legitimate interest.
- Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
We will respond within a maximum period of 30 calendar days. If you do not receive a satisfactory response, you may lodge a complaint with the competent data protection authority in your country of residence.
05
Security and data breaches
We apply appropriate technical and organizational measures in accordance with Article 32 GDPR: HTTPS/TLS encrypted connections, restricted access to medical data, and internal incident-response protocols.
In the event of a security breach that poses a risk to your rights, we will notify you without undue delay in accordance with Articles 33 and 34 GDPR.
06
Changes and validity
We may update this Privacy Policy to reflect changes in legislation or in our services. Significant changes will be notified by email or by a prominent notice on the website.
Last updated: April 2026.