Privacy Policy

Privacy Policy

Last updated: July 2025

This “Privacy Policy” explains how we collect, use, protect, and otherwise process the personal information and data of individuals who use https://app.unensayoparami.org (“Website”) and the services provided there; the TherAI mobile application (“ Mobile Application ”), the clinical trial search engine, patient data, the site network, the referring physician network, payment solutions, and other functionalities (“Features”), including patients (“you” / “your”), their physicians and clinic staff, and expert physicians who assess their medical history and identify treatment options. The Website, Mobile Application , and Features are hereinafter referred to as “Solutions.”

The Solutions are operated by Trialtech SL, BiomayBrasil LTDA, and Biomay Software SAS (“Company,” “we,” “us,” or “our”). Un Ensayo para Mí is a data analytics company that provides potential clinical trial match by evaluating a patient’s existing clinical information (collectively, the “Services”).

This Privacy Policy covers only information and data collected or processed through the Solutions and not any other information or data collected or processed by third parties that provide products and services in connection with our Solutions and Services, such as health plan administrators, patient care administrators ("Service Providers"), or third-party websites, solutions, products, or services to which we link that do not display this Privacy Policy. We are not responsible for the content or privacy practices of other online or mobile websites, solutions, or services.

We have updated our Privacy Policy to ensure compliance with the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and various local data protection laws in the countries where the Company operates. This update aims to clearly and transparently inform individuals whose personal information we process, explaining why we need that data, how we use it, their rights, with whom it is shared, and the measures we implement to ensure its security and confidentiality.

The processing of personal data is carried out in compliance with applicable legal regulations, including, but not limited to, the Brazilian General Data Protection Law (LGPD, Law No. 13,709/2018), the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), the Argentine Personal Data Protection Law (Law No. 25,326), and the California Consumer Privacy Act (CCPA).

THE COMPANY IS NOT A MEDICAL PROVIDER, NOR IS IT A “COVERED ENTITY” SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, COMMONLY KNOWN AS “HIPAA.”

I. INFORMATION WE COLLECT

1. Personally identifiable information

Our Solutions and our Service Providers only collect personally identifiable information (“PII,” also referred to as data or personal information in some jurisdictions) for our purposes, as set forth in Section II below. THE CATEGORIES OF PII WE COLLECT FOR OUR PURPOSES AND THE APPLICABLE LEGAL BASIS FOR OUR DATA PROCESSING. PII is collected if you register for an appointment with the Solutions, subscribe to a newsletter, send us a message via social media, or use other features and resources of the Solutions. You can visit our Site anonymously, but that may prevent you from accessing certain features or Services or Solutions.

A. Your patient profile

B. Health provider profiles

C. Service provider profiles

Medical information disclosed to the company:

Through the APIs of the Electronic Medical Record platforms
Through the Electronic Medical Record platform or online pages shared by you
Through the online pages of the Electronic Medical Record platform accessed by the Company's corporate accounts with your authorization to view your PII
Through emails, SMS, WhatsApp or other means of communication

2. Protected health information and confidential personal information

We will collect and store sensitive personal information and data about you.

3. Non-personal identification information

Our website, solutions, and service providers may also collect non-personally identifiable (anonymous) information (“non-PII”) from visitors, including patients, healthcare providers, staff, clinical staff, medical experts, data analysts, and health plan administrators. Non-personally identifiable information is any information that cannot be directly or indirectly associated with you.

4. Cookies

“Cookies” are short computer codes known as cookies, web beacons, and other technologies that collect and store BOTH PII and non-PII when you visit our Solutions or share website content or solutions through a social media account. The following are examples of information that we or third-party service providers collect with cookies:

Cookies that can uniquely identify your browser session and the other website or solution you have visited.
Browser type and operating system
Hardware configuration
Date and time of the visit
Website pages you visited
Website that referred you to the Company
Web pages you visit after leaving the website

The legal basis for the use of cookies is Article 6, paragraph 1, letter f) of the GDPR, Article 7, paragraph IX of the LGPD, Article 14 of the LFPDPPP, and Articles 4 and 6 of Law No. 25,326. Our legitimate interest lies in being able to conduct statistical evaluations of the use of our website and optimize our online offering for users through data processing.

5. Social networks

We may collect information through our presence on social media and networking platforms. You may use social media or other online services to log in to the Solutions. When you do so, information from those services may be made available to us. By associating a social media account with the Solutions, we may collect your PII, such as your username and email address.

6. Patient representatives

A patient may provide written, verbal, email, WhatsApp, or SMS authorization for a person (e.g., a lawyer or relative) to make a request on their behalf. We may deny access if we believe the patient authorizing access has not understood the meaning of the authorization.

Next of kin

Despite the widespread use of the phrase "next of kin," this term is not defined, nor does it have formal legal status. A next of kin cannot give or withhold consent to share information on behalf of a patient. Next of kin do not have the right to access medical records.

Legal Guardians

A court-appointed person to manage the affairs of a patient who is unable to manage their experiences may submit a request. Access may be denied when the general practitioner believes the patient has undergone relevant examinations or investigations and expects the information not to be disclosed to the requester.

7. Information about you from other sources

We collect personal information about you within the Solutions and from other sources, including data from your physicians, medical practice staff, clinical staff, health claims administrators, and patient benefit organizations. We may combine all the information we collect about you to provide you with Services, including data analysis to identify clinical trial and treatment options and, when anonymized, for our research efforts and to improve our Services and Solutions.

II. THE CATEGORIES OF PII WE COLLECT FOR OUR PURPOSES AND THE APPLICABLE LEGAL BASIS FOR OUR DATA PROCESSING

Depending on where you live, how you interact with us, and how we may interact with certain Service Providers, we may collect PII about you as set out in the "Personal Information" column below. You will also find below the purpose of the processing and (for the EEA and UK only) the legal basis we rely on for each type of PII we process about you.

Personal Information: Patient profile data, such as:

First and last name, Address, Home or mobile phone number, Diagnosis, Health insurance account numbers, Medical history, Medical tests, History and treatments, Pathology reports, Your diagnostic images, Your clinical information and data
Purpose: We use your patient profile data to:

(i) communicate with you and your physician about our Services; (ii) register you as a patient; (iii) compile data for your patient profile; (iv) interpret genetic profiling data to provide a range of treatment options for difficult or complex cases; (v) determine your eligibility for assistance programs to cover certain out-of-pocket healthcare costs; (vi) submit claims to your health insurer for reimbursement purposes; and (viii) provide: (a) the Services; (b) guidance and recommendations on a range of treatment options ranging from standards of care to experimental treatments; (c) clinical data supporting the use of off-label drugs; (d) a range of appropriate and convenient clinical trials for you; and (e) consulting and remote access to bioinformatics and molecular expertise to support your patient presentations to tumor boards.
Legal Basis: These processing activities are carried out based on the Company's legitimate interests, as well as the need to comply with contractual or pre-contractual obligations related to the services offered, and, where applicable, on the basis of the data subject's explicit consent. The applicable legal bases include Article 6(1)(f) of the General Data Protection Regulation (GDPR) and the UK GDPR (United Kingdom), which permit the processing of data when necessary for the pursuit of legitimate interests, such as access to solutions, the provision of services, or proper management of the user profile. With regard to the processing of health-related data, this is carried out only with the explicit consent of the data subject, both as a legal basis (Article 6 of the UK GDPR) and as an exception for the processing of special categories of data (Article 9 of the same regulation), in accordance with applicable national regulations.

Likewise, data processing is carried out in accordance with the provisions of Article 7, paragraph IX of the Brazilian General Data Protection Law (LGPD), Article 12 of the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), and Article 6 of Law No. 25,326 on the Protection of Personal Data of Argentina. In all cases, compliance with applicable privacy and data protection laws, including regulations in the European Economic Area (EEA) and Canada, is guaranteed, as set forth in sections 10 and 11 of our Terms and Conditions.

Personal Information: Healthcare provider information, such as:

Doctor's first and last name, Doctor's email address, Doctor's employer, Doctor's address, Doctor's phone number, Doctor's notes
Purpose: We use the healthcare provider's data to:
(i) communicate with the healthcare provider; (ii) register you as healthcare provider staff, expert oncologists, or practice managers assisting or supporting patients.
Legal Basis: These processing activities are carried out based on the Company's legitimate interests, as well as the need to fulfill contractual or pre-contractual obligations related to the services offered. In particular, data processing is necessary to pursue our legitimate interest in interacting with healthcare providers, registering patients, and providing them with the corresponding Services.

The applicable legal bases include Article 6(1)(f) of the General Data Protection Regulation (GDPR) and its equivalent in the United Kingdom (UK GDPR), which permit the processing of personal data when necessary for the legitimate purposes pursued by the controller, provided that the fundamental rights and freedoms of the data subject do not override them. In the case of sensitive data, such as healthcare-related data, processing is additionally based on the data subject's explicit consent, in accordance with Article 9 of the GDPR, as well as applicable national law.

Furthermore, processing is in accordance with Article 7, paragraph IX of the Brazilian General Data Protection Law (LGPD), Article 12 of the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), and Article 6 of Law No. 25,326 on the Protection of Personal Data of Argentina. Compliance with the privacy and data protection provisions established in the European Economic Area (EEA), Canada, and other applicable jurisdictions is also guaranteed, as set out in our General Terms and Conditions, in particular Sections 10 and 11.

Personal Information: Service provider data, such as:

Service provider's first and last name, Service provider's email address, Service provider's employer, Service provider's address, Service provider's phone number, Service provider's work product
Purpose: We use the Service Provider data to:
(i) communicate with the (potential) Service Provider; (ii) evaluate and accept a (potential) Service Provider; (iii) conclude and execute an agreement with the Service Provider.
Legal Basis: These processing activities are carried out based on the Company's legitimate interests, including the need to effectively manage our relationships with service providers and to interact with current or potential suppliers as part of the operation and continuous improvement of our Services. This processing is necessary to achieve these legitimate purposes, while always ensuring a balance with the fundamental rights and freedoms of data subjects.

Personal Information: Cookies
Purpose: In your browser, you can set the option to only accept the storage of cookies when you consent. If you want to accept cookies from Un Ensayo para Mí, but not those of our service providers and partners, please select the "Block third-party cookies" setting in your browser.
Legal Basis: The legal basis for the use of cookies is Article 6, paragraph 1, letter f) of the GDPR, Article 7, paragraph IX of the LGPD, Article 14 of the LFPDPPP, and Articles 4 and 6 of Law No. 25,326. Our legitimate interest lies in being able to conduct statistical evaluations of the use of our website and optimize our online offering for users through data processing.

Personal Information: Social media data, such as: username, email address.
Purpose: To provide access to your patent profile via your other (social media) profile(s)/account(s). The legal basis for processing user data is Article 6(1)(f) of the GDPR, Article 7(IX) of the LGPD, Article 12 of the LFPDPPP, and Article 6 of Law No. 25,326. Our legitimate interest lies in providing the user with services on the website.
Legal Basis: Necessary for the legitimate interest of offering you multiple options to access our Solutions and use other accounts (such as social networks) to log in to our Services and Solutions.

Please note that:

The loss, misuse, alteration, or unauthorized access of your PII, including in particular Sensitive Personal Information, may negatively impact your privacy or well-being depending on the sensitivity and nature of the information.
You may decline to provide your protected health information to the “Solutions,” but you and your healthcare providers will not be able to use our Services.
We do not use cookies that store your sensitive personal information or profile you based on your sensitive personal information.

2. Mobile messaging SMS/MMS/WhatsApp/Push Notifications

We respect your privacy. We will only use your PII to transmit your mobile messages and respond to you if necessary. This includes, but is not limited to, sharing PII with platform providers, phone companies, and other vendors who assist us in delivering mobile messages.

WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR TRANSFER FOR PROFIT ANY TELEPHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE WEBSITE OR SOLUTIONS TO ANY THIRD PARTY.

However, we always reserve the right to disclose any information as necessary to satisfy any law, regulation, or governmental request, avoid liability, or protect our rights or property (see Section III of this Privacy Notice) in accordance with applicable data protection laws. When you complete online forms or provide us with PII in connection with the Services, you agree to provide accurate, complete, and truthful PII. You agree not to use a false or misleading name or a name that you are not authorized to use. We assume, in our sole discretion, that we believe such information is untrue, inaccurate, or incomplete, or that you have chosen to participate in the Program for an ulterior purpose. In that event, we may deny you access to the Program and pursue any appropriate legal remedies.

We, the Service Providers, and any third-party agencies acting on our behalf may contact you and record calls or any communications on such numbers via telephone call, voicemail, Internet-to-telephone message, SMS text message, interactive voice recordings using automatic dialing systems, or artificial or pre-recorded voice messages (“Communications”) regarding orders, delivery updates, requests for transactional feedback, and other informational purposes.

Standard message, data, voice, or other rates may apply to communications you receive from your landline, mobile service, or wireless device carrier.

You can contact the Un Ensayo para Mí DPO. You can also call +529986090097, +541152357848, or +552120180193 for assistance at any time.

You can send any of the following messages in response to a text message to opt out of receiving further text messages from the Company: “Stop” or “Unsubscribe.” After sending one of these messages, you may receive a final text message confirming your opt-out request.

Additional terms and conditions may be provided to you in the future (for example, as part of a subscription confirmation text message), and such terms and conditions will supplement, not replace, these Terms.

BY PROVIDING YOUR TELEPHONE OR CELL PHONE INFORMATION, YOU KNOWINGLY AND VOLUNTARILY AGREE TO INDEMNIFY, DEFEND THE COMPANY AND ITS PARENTS, SUBSIDIARIES, AFFILIATES, PREDECESSORS, SUCCESSORS AND ASSIGNS, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES AND AGENTS, HARMLESS FROM AND AGAINST ANY AND ALL LOSSES, COMPLAINTS, DEMANDS, CLAIMS, CAUSES OF ACTION, LIABILITIES, COSTS, JUDGMENTS, DAMAGES, FINES, PENALTIES, COMPENSATION, ATTORNEYS' FEES AND EXPENSES OF ANY KIND, INCLUDING ANY AND ALL TYPES OF INJURIES OR DAMAGES SUFFERED BY YOU, ARISING OUT OF (OR RELATED TO) THE COMMUNICATIONS. YOU KNOWINGLY AND VOLUNTARILY AGREE NOT TO USE OR CAUSE ANY SUIT, COMPLAINT, CLAIM, OR CHARGE TO BE BROUGHT ON YOUR BEHALF AGAINST THE COMPANY OR ITS SUPPLIERS IN CONNECTION WITH SUCH DAMAGES.

Wireless carriers are not responsible for delayed or undelivered messages, which may occur due to factors beyond the carriers' control.

3. Links to other websites

The Website includes links (the “Linked Sites”) to other websites. By providing access to these Linked Sites, the Company in no way endorses the products or services on these Linked Sites. The Company is not responsible for the privacy practices or content of the Linked Sites at this time. The Company expressly disclaims all responsibility and liability associated with your use of the Linked Sites. We encourage you to review the privacy statements posted on those sites to understand their procedures for using and disclosing personal information.

III. WHEN DO WE SHARE INFORMATION?

1. Service providers

We may transfer personal information to Service Providers, such as third-party contractors, auditors, consultants, or other individuals engaged by the Company to assist in providing financial or operational activities on the Company's behalf, including technical and processing services and website performance analysis.

2. Legal requirements

Under certain circumstances, to comply with laws, regulations, subpoenas, warrants, or other government orders, we may disclose your personal information to respond to any government or regulatory request.

We may transfer PII to other third parties if we receive your permission or are required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with a current judicial proceeding, a court order, legal process served on the Company, or to resolve any perceived fraud or irregularities in any audit of the accuracy of any documentation or information submitted to the Company by you or on your behalf, as the Company deems appropriate.

3.Transfers of commercial assets

Suppose the Company goes through a transaction, such as a merger, being acquired by another entity, bankruptcy, or the sale of all or a portion of its assets. In that event, your PII may be part of the transferred business assets. We cannot guarantee that you will be notified in advance of the transfer, if any, of your PII in connection with such a transition or transfer.

4. Protection of the company and others

We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with the law or a court order; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of our Company, employees, users, or others. This includes exchanging information with other companies and organizations for fraud protection and to reduce the risk of a data breach.

5. Aggregate or anonymous information

We may share your PII and user data in aggregate or anonymous form: to improve our Services, communicate with Service Providers and other third parties, and in our annual report and marketing materials.

6. With consent

Except as set forth above, you will be notified when PII is to be shared with third parties and may prevent the sharing of this information.

7. How we use non-personally identifiable information (non-PII)

We also use non-PII to monitor and improve our Services and website quality, for data research, and for statistical purposes. We use non-personally identifiable information to provide consulting services to other users, for research, and to share, lease, or sell our data and analytics to patient assistance programs, clinical laboratories, cancer screening providers, pharmaceutical manufacturers, and oncologists to improve their professional services, screening, and treatment products, and to educate the public about the Services we provide.

IV. HOW DO WE MANAGE CHILDREN'S DATA?

Children 16 years and older

Subject to local laws, if a mentally competent child is 16 years of age or older, they have the right to request or deny access to their records. If anyone else requests access from this Company, they must first verify with the patient that they are happy for it to be released.

Children under 16 years old

Unless local laws provide otherwise, persons with parental responsibility for a child under 16 years of age have the right to request access to those medical records. A person with parental responsibility is:

the biological mother, or
the biological father (if he is married to the mother at the time of the child's birth, or later) or,
individual parental responsibility by a court.

V. HOW WE PROTECT AND PRESERVE YOUR INFORMATION

We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include encryption-based internet security protocols (SSL), security software, encryption, internal reviews of our data collection, storage, and processing practices, security measures, and physical security measures to protect against unauthorized access to the system.

We do not retain your PII longer than necessary for the purposes of the processing. We delete and destroy individual PII records and all non-PII records in accordance with the Appendix below.

Patient profile data: Ten years after harvesting.

Health provider data: Four years after the end of the relationship.

Service provider data: Four years after the end of the relationship.

Cookies: See our Cookie Notice

Social media data: Ten years after harvesting.

We may retain your PII for the establishment, exercise, or defense of legal claims. In addition, we may retain your PII to make it available to a supervisory authority, investigative authority, court, or other government body for the period specified by law.

We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction. We have several layers of security measures, including:

SSL, access controls, password policy, encryption, pseudonymization , profile-based restriction, IT management, authentication, authorization, VPN, firewalls, incident and vulnerability management, 24/7 security monitoring.

VI. HOW TO CONTROL AND CORRECT YOUR INFORMATION

The Solutions use cookies that collect user data as described in Section I and Section II, as set forth in our Cookie Notice. You may accept or decline cookies. Most browsers automatically accept cookies. You may opt out of providing users with our Service Providers or suppliers by following the opt-out procedures set forth below, but then you may not be able to access some of our Services.

1. Correction of your personal information

To access and maintain accurate, complete, and up-to-date personal information collected online, or to request deletion, you may contact us at privacy@trialtech.es. In some cases, when we are required by law or regulation to retain information to continue administering a service you've requested, to ensure we honor your preferences, or for other necessary business purposes, we may not be able to delete certain personal information about you.

2. Control: Your choices

You have several options to control how your information is shared and used after you provide it.

You choose:

· Store or delete the records you provide to us, as well as the reports returned to you based on the results of your documents.

· The Clinical Trial Compatibility reports you see or choose to see.

· When and with whom you share your information, including your caregivers, family members, authorized relatives, healthcare professionals, or others outside of our Services.

· Delete your account and data from A Trial for Me Clinical Trials Compatibility at any time.

Every person has the following rights when requesting them from the Company:

a) Know whether or not your Personally Identifiable Information (PII) is being processed.

b) If the PII has been processed, request information about it.

c) Know the purpose of the processing of the PII and whether it is being used in accordance with that purpose.

d) Know to which third parties, inside or outside the country, the PII has been transferred.

e) Request correction of your data in case of incomplete or incorrect processing of PII.

f) Request the deletion or destruction of PII in accordance with applicable law.

g) Request that third parties to whom PII has been transferred be notified of the actions taken pursuant to (d) and (e).

h) Oppose the obtaining of a result against you through the automated analysis of the processed data.

i) Request compensation for damages suffered due to the unlawful processing of PII.

3. Your Rights

You have the following rights. Your exercise of them will be processed immediately, and you will not be penalized in any way.

Right to information (Art. 15 GDPR, Art. 18 LGPD, Art. 16 LFPDPPP, Art. 14 Law No. 25,326): The user may, without having to pay anything, request information from Un Ensayo para Mí about what personal data is being processed, what its source is and for what purpose(s) it is being processed and, insofar as relevant, to which recipients or categories of recipients this data is transmitted. Requests for information made electronically will be answered electronically.

Right of revocation (Art. 21 GDPR, Art. 18 LGPD, Art. 8 LFPDPPP, Art. 16 Law No. 25,326): The user may revoke the processing of their data for reasons arising from their particular situation, as long as the data processing is based on the observation of justified interests of Un Ensayo para Mí or a third party (Art. 6, paragraph 1, letter f) GDPR, Art. 7, paragraph IX LGPD, Art. 11 LFPDPPP, and Art. 6 Law No. 25,326), as well as in cases where the data processing is carried out in the public interest (Art. 6, paragraph 1, letter e) GDPR, Art. 7, paragraph III LGPD, Art. 13 LFPDPPP, and Art. 5 Law No. 25,326). If the user files a revocation, Un Ensayo para Mí will no longer process the data, unless it can demonstrate well-founded and legitimate grounds for the processing that prevail over the user's interests, rights and freedoms, or the processing serves to enforce, exercise or defend legal claims.

To the extent that Un Ensayo para Mí processes personal data to provide targeted information about the range of Un Ensayo para Mí services ("Advertising Purposes"), the user has the right to object to the processing of their personal data for such purposes. In the event of an objection to processing for advertising purposes, Un Ensayo para Mí will no longer process the user's personal data for these purposes.

Right to data transfer (Art. 20 GDPR, Art. 18 LGPD, Art. 12 LFPDPPP, Art. 14 Law No. 25,326): The user has the right to request the publication of the personal data that he or she has made available to Un Ensayo para Mí in a structured format that can be read on a common computer, provided that the processing of the data is based on the user's consent (Art. 6, paragraph 1, letter a) GDPR, Art. 7, paragraph I LGPD, Art. 8 LFPDPPP, and Art. 5 Law No. 25,326) or that the processing is carried out for the performance of a contract signed with the user or for the execution of pre-contractual measures (Art. 6, paragraph 1, letter b) GDPR, Art. 7, paragraph V LGPD, and Art. 12 LFPDPPP).

Right to correction (Art. 16 GDPR, Art. 18 LGPD, Art. 16 LFPDPPP, Art. 16 Law No. 25,326): In the event that personal data is incorrect or incomplete, its rectification or completion may be requested.

Right to deletion (Art. 17 GDPR, Art. 18 LGPD, Art. 16 LFPDPPP, Art. 16 Law No. 25,326): The user may demand the immediate deletion of his or her data when (i) the purpose of the data processing has ceased, (ii) the processing is based on the user's consent and this has been revoked, (iii) the user has objected to the processing and no other type of processing has taken place, or (iv) the legal basis for the processing of the data does not exist.

Right to restriction of processing (Art. 18 GDPR, Art. 18 LGPD, Art. 16 LFPDPPP, Art. 16 Law No. 25,326): The processing of personal data may be restricted in specific cases, such as (i) while a data correction is being verified, (ii) when the processing was initially unlawful, or (iii) when the data is no longer required but is needed by the user to exercise legal rights.

Right of appeal (Art. 77 GDPR, Art. 18 LGPD, Art. 18 LFPDPPP, Art. 14 Law No. 25,326): The user has the right to address a supervisory authority with appeals related to the processing of their data.

Right to revoke consent (Art. 7, section 3 GDPR, Art. 18 LGPD, Art. 8 LFPDPPP, Art. 6 Law No. 25,326): The user has the right to revoke at any time a consent given to Un Ensayo para Mí for the processing of their personal data.

4. Learn more about cookies, web beacons, and other technologies

For more information about cookies, including how to reject cookies on your computer by adjusting your web browser settings, follow these links:

All about cookies: www.allaboutcookies.org/cookies/
Google: www.google.com/analytics/learn/privacy.html
Google Chrome: http://www.google.com/chrome/intl/en/more/privacy.html
Microsoft Internet Explorer: www.microsoft.com/info/cookies.htm
Mozilla Firefox: http://support.mozilla.com/en-US/kb/Options+window+-+Privacy+panel
Flash: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

5. Limitation of liability

YOU UNDERSTAND AND AGREE THAT ANY DISPUTE RELATING TO THE SOLUTIONS OR YOUR USE OF THE SOLUTIONS, INCLUDING, BUT NOT LIMITED TO, A DISPUTE OVER PRIVACY, IS SUBJECT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND THE COMPANY'S TERMS OF USE (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS OF DAMAGES CONTAINED THEREIN). A LINK TO THESE TERMS OF USE CAN BE FOUND AT THE BOTTOM OF THE WEBSITE HOME PAGE AND EMBEDDED LINKS WITHIN VARIOUS SECTIONS OF THE SOLUTIONS.

6. Unavailability of the Solution or Services

The Company reserves the right to alter, suspend, or discontinue the Solutions or Services for any reason without prior notice or cause. The Solutions or Services may be temporarily unavailable due to maintenance or computer equipment malfunctions.

VI. AGREEMENT: CHANGES TO THIS PRIVACY POLICY

By using the Solutions or Services, you acknowledge that you have read the data practices described in this Privacy Policy. You agree that your visit and any dispute over privacy are subject to our Terms of Use, including, but not limited to, provisions regarding limitations on the Company's liability and application of the laws of the Government of Spain. The Company may periodically update this Privacy Policy in response to new technologies, changes in applicable laws, or for any other reason at the Company's sole discretion. If we decide to change this Privacy Policy, we will post those changes here so that you are always aware of what information we collect, how we might use it, and whether we will disclose it to anyone. Please review this Privacy Policy periodically to stay informed of any changes. You can tell when this Privacy Policy was modified by looking at the "Last Updated" legend at the top of the page.

VII. LOCAL PROVISIONS

1. Local Provisions: California

If you are a California resident, the following applies in addition to the rest of this Privacy Policy:

Your California Privacy Rights. Under Section 1798.83 of the California Civil Code, California residents who have an established business relationship with us are entitled to request that we provide specific information regarding our disclosure of your personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may submit your request for such information to privacy@trialtech.es. Requests will only be accepted via this email address. We are not responsible for requests made by telephone or any other means.

California Personal Online Privacy Act Disclosures

When you visit our Solutions, our Service Providers may place a cookie on your browser to remember your preferences and collect analytics about your visit. The Solutions do not employ technology to track you across multiple Solutions, nor do they override privacy settings in your web browser or Services.
Our service providers do not track website visitors across multiple websites or override your web browser's privacy settings. If you access our social media sites from the Website or Solutions, please be aware that social media platforms may track you across multiple websites and override your web browser's privacy settings.

2. Local provisions: European Union

If you reside in the European Union, the following applies in addition to the rest of this Privacy Policy:

GDPR by Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
The use of 'PII' in this Privacy Policy has the meaning of 'personal data' under the GDPR.
If we share your personal data with our group companies or with third parties located outside the European Economic Area, we take steps to ensure that appropriate safeguards are in place to ensure the continued protection of your personal data, in particular byentering into the Standard Contractual Clauses adopted by the European Commission (Article 46 (2) (c) GDPR).
For any questions related to your personal data and to exercise all your rights, you can contact the DPO of Un Ensayo para Mí by email at privacy@trialtech.es

VIII. CONTACT DETAILS OF THE CONTROLLER

Contact details of the responsible authority:

Trialtech SL

De losCharcos Avenue 19, 28860, Madrid

Tax Identification Number: ES B01808039

Email: privacy@trialtech.es

Contact details of the data protection officer of the responsible authority:

European Union & Americas:

Data Privacy Office

Espanya Industrial 7, 3° 1

08014 Barcelona

Email: privacy@trialtech.es

Brazil:

Vitor Nyari

RNPPD No: 1877119700101/RJ

Email: vnyari@trialtech.es

Using the contact addresses mentioned above, you can assert the rights mentioned in Section VI.3 both before the responsible authority and your data protection officer. You can also ask questions related to data protection or make suggestions to government agencies in each jurisdiction. Their contact information is provided below:

Spain:

The Spanish Data Protection Agency is the competent supervisory authority. It oversees compliance with data protection law in Spain. Users have the option of contacting the supervisory authority at any time.

Spanish Data Protection Agency

C/ Jorge Juan 6, 28001, Madrid

Tel.: +34 / 900 293 183

Complaints: https://sedeagpd.gob.es/sede-electronica-web/vistas/infoSede/tramitesCiudadano.jsf

Brazil:

The National Data Protection Authority (ANPD) is the competent supervisory authority in Brazil. It oversees compliance with data protection law as established in the General Data Protection Law (LGPD). Users have the option of contacting the supervisory authority at any time.

National Data Protection Authority (ANPD)

SCS, Quadra 09, Lot C, Tower C - Ed. Parque Cidade Corporate, Brasília, Brazil

CEP: 70308-200

Website: https://www.gov.br/anpd

Complaints: https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao-titular-de-dados/denuncia-peticao-de-titular

Mexico:

The National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI) is the competent supervisory authority in Mexico. This body oversees compliance with the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and ensures that those responsible for and in charge of personal data comply with applicable legal provisions.

National Institute for Transparency, Access to Information and Protection of Personal Data (INAI)

Insurgentes Sur 3211, InsurgentesCuicuilco Neighborhood, Coyoacán, CP 04530, Mexico City, Mexico

Telephone: +52 (55) 5004 2400

Website: https://home.inai.org.mx

Complaints: https://www.plataformadetransparencia.org.mx

Argentina:

The Agency for Access to Public Information (AAIP) is the competent supervisory authority in Argentina. This body oversees compliance with the Personal Data Protection Law (Law No. 25,326) and ensures that those responsible for and in charge of personal data comply with applicable legal provisions.

Agency for Access to Public Information (AAIP)

Julio A. Roca 710, 3rd Floor, C1067ABP, Autonomous City of Buenos Aires, Argentina

Telephone: +54 (11) 3988-3968

Website: https://www.argentina.gob.ar/aaip

Complaints: https://www.argentina.gob.ar/servicio/denunciar-incumplimientos-de-la-ley-de-proteccion-de-datos-personales

Terms and Conditions Privacy Policy