Privacy Policy

1. Data Controller

Salamtak GmbH
Beverweg 17
40625 Düsseldorf, Germany
Email: [email protected]
Managing Director: René Nasr

2. General Information on Data Processing

We take the protection of your personal data very seriously. We process your data in accordance with the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection regulations.

This privacy policy explains what personal data we collect, how we use it, and what rights you have regarding your data.

3. Types of Data Collected

When you use our service, we collect and process the following categories of personal data:

3.1 Personal Information

  • Full name
  • Date of birth
  • Email address
  • Phone number (if provided)
  • Country of residence
  • Relationship to patient (if submitting on behalf of someone else)

3.2 Medical Information

  • Medical diagnoses and health conditions
  • Medical history and treatment information
  • Medical documents and images (MRI, CT scans, lab results, etc.)
  • Information about requested medical services (treatment, second opinion, cost estimate)
  • Visa and travel information (if applicable)

3.3 Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Access times and dates
  • Referring website

3.4 Communication Data

  • Messages exchanged through our chatbot "Sara"
  • Language preferences
  • Consent records and timestamps

4. Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR:

  • Consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR): You provide explicit consent for the processing of your personal and medical data when using our service.
  • Contract fulfillment (Art. 6(1)(b) GDPR): Processing is necessary to provide the services you requested.
  • Legitimate interests (Art. 6(1)(f) GDPR): For improving our services, preventing fraud, and ensuring platform security.
  • Legal obligations (Art. 6(1)(c) GDPR): Where required by German or European law.

5. Purpose of Data Processing

We process your data for the following purposes:

  • To analyze your medical condition using AI-powered algorithms
  • To extract ICD codes and relevant medical information from your documents
  • To match you with suitable German hospitals and medical specialists based on quality reports and expertise
  • To create comprehensive, anonymized digital patient files for German healthcare providers
  • To facilitate communication between you and selected medical facilities
  • To provide multilingual support in English, German, Arabic, Russian, and French
  • To assist with visa and travel arrangements (if applicable)
  • To improve our AI algorithms and platform functionality
  • To comply with legal and regulatory requirements
  • To prevent fraud and ensure platform security

6. Data Sharing and Recipients

Your personal data may be shared with the following categories of recipients:

6.1 German Medical Facilities

We share anonymized or pseudonymized patient files with selected German hospitals and specialists that match your medical needs. These facilities are bound by medical confidentiality and GDPR requirements.

6.2 Technical Service Providers

We use trusted third-party service providers for:

  • Cloud hosting and data storage (within the EU)
  • AI and machine learning processing
  • Email communication services
  • Payment processing (if applicable)

All service providers are contractually bound to GDPR compliance and data processing agreements (Art. 28 GDPR).

6.3 Legal Authorities

We may disclose your data to law enforcement or regulatory authorities when required by law or to protect our legal rights.

6.4 No Data Sales

We do not sell your personal or medical data to third parties.

7. International Data Transfers

Your data is primarily processed and stored within the European Union. If data is transferred to countries outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules

8. Data Security

We implement comprehensive technical and organizational security measures to protect your data, including:

  • End-to-end encryption for data transmission (TLS/SSL)
  • Encrypted storage of sensitive medical data
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Pseudonymization and anonymization techniques
  • Secure backup and disaster recovery procedures
  • Employee training on data protection and confidentiality

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy:

  • Active cases: Data is retained while your case is being processed and for up to 2 years after completion to allow for follow-up inquiries.
  • Legal obligations: Certain data may be retained longer to comply with German medical documentation requirements (typically 10 years) or tax laws.
  • Anonymized data: Anonymized data used for research and platform improvement may be retained indefinitely.

After the retention period, your data will be securely deleted or anonymized.

10. Your Rights Under GDPR

You have the following rights regarding your personal data:

10.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your data is being processed and to access your personal data.

10.2 Right to Rectification (Art. 16 GDPR)

You have the right to correct inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to request deletion of your personal data, unless we are required to retain it for legal reasons.

10.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in certain circumstances.

10.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format.

10.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing of your data based on legitimate interests.

10.7 Right to Withdraw Consent (Art. 7(3) GDPR)

You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or the place of the alleged infringement.

The competent supervisory authority for Salamtak GmbH is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf, Germany
Website: https://www.ldi.nrw.de

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

11. Cookies and Tracking Technologies

Our website uses essential cookies necessary for the operation of the platform. We do not use third-party tracking or advertising cookies without your explicit consent.

Essential cookies include:

  • Session management cookies
  • Language preference cookies
  • Security and authentication cookies

12. Children's Privacy

Our service is not directed to individuals under the age of 18. If you are submitting information on behalf of a minor, you must have parental or legal guardian authority to do so. We do not knowingly collect personal data from children without appropriate consent.

13. Automated Decision-Making and Profiling

Our platform uses AI algorithms to analyze medical documents and suggest suitable hospitals. However, all final decisions regarding medical care are made by qualified healthcare professionals, not by automated systems alone.

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you (Art. 22 GDPR).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically.

15. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Salamtak GmbH
Beverweg 17
40625 Düsseldorf, Germany
Email: [email protected]
Phone: +49 (0) 211 [contact number to be added]

Last updated: January 2025

We Value Your Privacy

We use essential cookies to ensure our website functions properly and optional cookies to improve your experience. Essential cookies (for login and chat) are always active. You can choose to accept or reject optional cookies (analytics). Learn more in our Cookie Policy.