Infosphere Technologies is committed to the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page explains the legal basis on which we process personal data and the rights available to data subjects in the EU/EEA.
1. Data Controller
The data controller for personal data processed via the MedResearch AI platform is Infosphere Technologies. For any data-protection request, contact skouras@infosphereco.com.
2. Legal Bases for Processing
- Contract — to provide the Platform and your account.
- Legitimate interests — to secure, maintain and improve the service, balanced against your rights.
- Consent — for optional communications and non-essential analytics, which you may withdraw at any time.
- Legal obligation — where processing is required by law.
3. Your GDPR Rights
Access
Obtain a copy of the personal data we hold about you.
Rectification
Correct inaccurate or incomplete data.
Erasure
Request deletion of your data ("right to be forgotten").
Portability
Receive your data in a structured, machine-readable format.
Restriction
Limit how we process your data in certain cases.
Objection
Object to processing based on legitimate interests.
4. International Data Transfers
Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. For on-premise deployments, your research content remains within your own infrastructure and is not transferred to us.
5. Data Breach Notification
In the event of a personal-data breach likely to result in a risk to your rights, we will notify the competent supervisory authority within 72 hours where required, and affected individuals without undue delay.
6. Data Retention
We retain personal data only for as long as necessary for the purposes described in our Privacy Policy, after which it is deleted or irreversibly de-identified.
7. How to Exercise Your Rights
Send your request to skouras@infosphereco.com. We will respond within one month, as required by the GDPR. You also have the right to lodge a complaint with your local supervisory authority.
This document is provided for transparency and should be reviewed by a qualified data-protection professional before commercial reliance.