Privacy Policy

1. Who We Are

Special Medicine Deployment S.r.l. ("we", "us", "CheckUP MD") is an Italian company registered and operating under Italian and European Union law. We operate the CheckUP MD telemedicine platform, which provides licensed medical consultations and related enterprise services.

This Privacy Policy applies to all users of the CheckUP MD platform, website visitors, and enterprise partners. It describes how we collect, use, store, and protect personal data in compliance with the EU General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Italian law.

2. Data We Collect

2.1 Patient / End-User Data

• Identity information: name, date of birth, nationality
• Contact information: email address, phone number
• Health and medical data: symptoms, medical history, diagnoses, prescriptions, consultation records
• Technical data: IP address, device type, session logs
• Communication records: content of consultations and messages with physicians

2.2 Enterprise Partner Data

• Company name, VAT/registration number, registered address
• Contact person details: name, email, phone
• Contractual and billing information
• Aggregate anonymized usage statistics

2.3 Website Visitor Data

• IP address and browser information (server logs)
• Pages visited and time spent (analytics, if enabled)
• Contact form submissions

3. Legal Basis for Processing

We process personal data only when we have a valid legal basis under Article 6 and, where applicable, Article 9 GDPR:

• Contractual necessity — to deliver medical consultations and platform services
• Legal obligation — to comply with Italian medical law, tax obligations, and regulatory requirements
• Vital interests — in emergency medical situations
• Explicit consent — for processing special categories of data (health data), obtained prior to consultation
• Legitimate interests — for security monitoring, fraud prevention, and service improvement

4. How We Use Your Data

• Delivering telemedicine consultations and clinical services
• Generating and storing consultation records and prescriptions
• Managing enterprise partner relationships and billing
• Fulfilling legal and regulatory compliance obligations
• Improving platform security and reliability
• Responding to inquiries and support requests

We do not use patient health data for advertising, profiling, or sale to third parties.

5. Data Sharing

We share personal data only in the following circumstances:

• Licensed physicians on the CheckUP MD platform, to deliver consultations
• Enterprise partners, strictly in accordance with their Data Processing Agreement (DPA) and only aggregate or authorized data
• Infrastructure providers (EU-based cloud services) under GDPR-compliant data processing agreements
• Regulatory or legal authorities, when required by Italian or EU law
• Emergency services, when clinically necessary to protect a patient's life

We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards as required by GDPR Chapter V.

6. Health Data (Special Category)

Medical and health data is classified as a special category of personal data under Article 9 GDPR. We process it exclusively on the basis of explicit patient consent and as necessary for the provision of healthcare services under Article 9(2)(h) GDPR.

All health data is stored with AES-256 encryption at rest and transmitted exclusively via TLS 1.3 encrypted connections. Access is restricted to licensed physicians and authorized clinical staff on a strict need-to-know basis.

7. Data Retention

We retain personal data for the following periods:

• Medical consultation records: 10 years from the date of consultation, as required by Italian medical law
• Enterprise partner data: for the duration of the contract plus 5 years for legal and tax purposes
• Website visitor logs: 12 months
• Marketing communications: until consent is withdrawn

After the applicable retention period, data is securely deleted or irreversibly anonymized.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — to obtain a copy of your personal data
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure — to request deletion, subject to legal retention obligations
• Right to restriction — to limit processing in certain circumstances
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to processing based on legitimate interests
• Right to withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at info@checkup-md.com. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at garanteprivacy.it.

9. Data Protection Officer

Special Medicine Deployment S.r.l. has appointed a Data Protection Officer (DPO) as required by GDPR Article 37. The DPO can be contacted at info@checkup-md.com for any data protection matters.

10. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction, including:

• AES-256 encryption of all data at rest
• TLS 1.3 for all data in transit
• Multi-factor authentication (MFA) for all administrative access
• Role-based access controls (RBAC) with least-privilege principles
• Full audit logging of all data access events
• Regular security assessments and staff training
• GDPR Article 33 breach notification procedures

11. Cookies

The CheckUP MD website uses only technically necessary cookies required for session management and platform functionality. We do not use tracking, advertising, or third-party analytics cookies without explicit consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is shown at the top of this page. For material changes, we will notify enterprise partners directly.

13. Contact

For any questions, requests, or concerns regarding this Privacy Policy or your personal data: