Legal

1. Data Controller

Connectoma Neurotech S.L. (hereinafter, "Connectoma") is the data controller responsible for processing personal data collected through this website and official communication channels.

• Tax ID (NIF): B70752785
• Registered office: Calle Padilla 26, 28006 Madrid
• Contact email: info@connectoma.com

You may contact our data protection officer at info@connectoma.com for any matter related to the processing of your personal data.

2. Categories of Data We Process

Connectoma may collect the following categories of personal data:

• Identification data: first and last name.
• Contact data: email, phone number, postal code or city.
• Communication data: messages and files you provide through the contact form, email, phone or WhatsApp, together with associated metadata (date, time, sender number/identifier) and, where applicable, transcripts of those conversations when they are recorded in our CRM to provide continuity of care.
• Interaction data from our corporate accounts on social media and professional platforms (e.g., Meta —Facebook/Instagram—, LinkedIn), limited to what those platforms make available to us when you interact with our profiles or ads.
• Browsing data: IP address, cookie identifiers and other technical data, only if you consent to their use through the cookie banner.

During phone communications, Connectoma may request general information to provide you with appropriate assistance.

Health-related data (Art. 9 GDPR)

If you share health-related information with us through any channel (form, email, phone or WhatsApp), Connectoma will process such data with the following reinforced safeguards:

• Legal basis: processing is based on Article 9(2)(h) GDPR (processing necessary for the purposes of preventive medicine, medical diagnosis, the provision of health care and the management of health-care systems and services), in connection with Article 9(3) GDPR and with Spanish Law 41/2002, of 14 November, on patient autonomy and rights and obligations regarding clinical information and documentation.
• Professional secrecy: health data is processed under the responsibility of professionals bound by an obligation of secrecy, or by persons subject to an equivalent obligation of confidentiality under Article 9(3) GDPR and the applicable healthcare legislation.
• Exclusive purpose: it is used solely to handle your request, guide you regarding our services and, where appropriate, coordinate referral to a clinical centre. It is never used for advertising, commercial profiling, nor shared with third parties beyond the staff and processors strictly needed for that purpose.
• Data minimization: we will process only the health data strictly necessary to handle your request. Please do not include detailed clinical information in open web forms; if you need to share sensitive data, we will indicate a secure channel.

We will not share your health data with social networks, advertising platforms or analytics tools. Health data categories are never sent to Meta, LinkedIn, Google or other third-party platforms.

3. Purposes of Processing

Your data is used for the following purposes:

• Handling and managing information or contact requests.
• Communications arising from the request or the established relationship.
• Sending information about services or activities (only with your consent).
• Site improvement and anonymous statistical analysis, through cookies and analytics tools (all with your consent).
• Compliance with legal obligations and maintaining site security.

4. Legal Basis

The legal bases that allow processing are:

• Consent of the data subject (Art. 6.1.a GDPR) for the use of forms, non-essential cookies and informational communications.
• Legitimate interest of Connectoma (Art. 6.1.f GDPR) in managing necessary communications with users and ensuring site security.
• Compliance with legal obligations (Art. 6.1.c GDPR) applicable to Connectoma.

5. Data Retention

Data will be retained for the following periods according to the purpose of processing:

• Contact requests: up to 12 months after the last interaction.
• Commercial communications (newsletter): until you withdraw your consent.
• Cookies: as indicated in the Cookie Policy.

Once these periods have elapsed, your data will be securely deleted or anonymized for statistical purposes, unless it must be kept blocked due to a legal obligation.

6. Recipients and Data Processors

Personal data will not be shared with third parties except where legally required or where necessary to provide the service you have requested.

The following service providers, acting as data processors, may have access to your data under contracts in compliance with Article 28 GDPR:

• Hosting: Vercel Inc. (USA) — website hosting.
• Analytics and advertising: Google Ireland Ltd. (Google Analytics, Google Ads, Google Tag Manager).
• Social media advertising and audiences: Meta Platforms Ireland Ltd. (Facebook, Instagram, Meta Pixel / Conversions API) and LinkedIn Ireland Unlimited Company (LinkedIn Ads and Insight Tag). These providers may act as joint controllers for certain operations (e.g., page insights or ad measurement); in those cases we rely on the joint-controller arrangements made available by those platforms.
• CRM and internal management: Notion Labs, Inc. (USA) — recording and follow-up of communications and requests received through our channels (forms, email and WhatsApp) so that we can assist you.
• Messaging channel: WhatsApp Ireland Ltd. / Meta Platforms Ireland Ltd. — when you contact us via WhatsApp, the content and metadata of the conversation (phone number, date, time and messages) are processed by Meta/WhatsApp under their own privacy policy and may be stored in our CRM to provide continuity of care.
• Email marketing: MailerLite Ltd. (Ireland) — sending commercial communications where you have provided consent.

We recommend reviewing the privacy policies of Meta (facebook.com/privacy/policy), WhatsApp (whatsapp.com/legal/privacy-policy-eea), LinkedIn (linkedin.com/legal/privacy-policy), Google (policies.google.com/privacy) and Notion (notion.so/Privacy-Policy) for full details of their processing activities.

7. International Transfers

Some technology providers (e.g., Vercel Inc., Google LLC, Meta Platforms, Inc., LinkedIn Corporation or Notion Labs, Inc.) may carry out international transfers outside the European Economic Area.

Such transfers are covered by Standard Contractual Clauses approved by the European Commission and/or the EU-US Data Privacy Framework, which guarantee a level of protection equivalent to the European standard. You may request a copy of the applicable safeguards by writing to info@connectoma.com.

8. User Rights

You may exercise your rights of access, rectification, erasure, objection, restriction and portability at any time by writing to info@connectoma.com. To verify your identity we will preferably use less intrusive means; only where there is reasonable doubt may we request an identity document, which will be deleted immediately after verification.

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal. Providing your data is voluntary; however, not doing so may prevent us from handling your request.

If you believe that the processing does not comply with regulations or we have not properly addressed your request, you may file a complaint with the Spanish Data Protection Agency (AEPD: www.aepd.es).

9. Minors

Our services are not directed at minors under 16 years of age.

If we detect that we have received data from a minor without proper authorization, we will delete it immediately.

10. Data Security

Connectoma applies appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of personal data, in compliance with the GDPR and Organic Law 3/2018 (LOPDGDD).

11. Changes to the Privacy Policy

Connectoma may update this policy when necessary to adapt it to regulatory, technical or service changes.

The current version will always be available on this website with its update date.

1. What Are Cookies

Cookies are small files stored on your device when you visit our website. They are used to improve user experience, remember preferences and analyze site usage.

2. Types of cookies used

Cookies are grouped into the following categories, which you can accept or reject independently from the settings panel:

• Technical cookies (necessary): essential for the basic functioning of the site and browsing security. They do not require consent.
• Analytics cookies: help us understand how the site is used (e.g., Google Analytics). They are only activated if you give your consent.
• Marketing cookies — measurement: measure the effectiveness of our advertising campaigns and attribute conversions on Google Ads, Meta (Facebook/Instagram) and LinkedIn.
• Marketing cookies — personalization: enable personalized ads and audience building on Google, Meta and LinkedIn.

3. Cookie management

You can configure, accept, reject or withdraw your consent at any time from our cookie settings panel or from your browser. The banner offers three equally prominent actions: Accept all, Reject all and Configure.

Connectoma uses Google Consent Mode v2. Signals are sent with per-category granularity: analytics cookies control analytics_storage; marketing — measurement cookies control ad_storage and ad_user_data; marketing — personalization cookies control ad_personalization and personalization_storage. All signals are denied by default until you give your explicit consent.

Some site features may become unavailable if you reject certain cookies.

4. Consent

When you start browsing, we will ask for your explicit consent for the use of non-essential cookies, in accordance with Directive 2002/58/EC, the GDPR and Spanish Law 34/2002 (LSSI). Your preference is stored in a first-party cookie (cookieConsent_v2) for 12 months; once that period has elapsed we will ask you again.