Saltar al contenido principal
Hoomina

Privacy Policy

Última actualización: 2026-04-25

This Privacy Policy explains how Hoomina S.L. ("Hoomina", "we") handles personal data in connection with the marketing website at hoomina.com and the Hoomina SaaS platform (together, the "Services").

For patient data submitted to the Hoomina platform by a clinic, the clinic acts as data controller and Hoomina acts as processor. Processing is governed by the Data Processing Agreement.

1. Who we are

Data controller for the marketing site and Hoomina account data:
Hoomina S.L., Madrid, Spain · privacy@hoomina.com.

2. What data we collect

  • Account data: name, email, role, clinic name, billing details.
  • Patient data (only when a clinic uses the platform): identifiers, contact details, intraoral photos, messages, treatment plans, appointment history.
  • Telemetry: pages visited, feature usage, error logs, IP address, user-agent.
  • Marketing data: contact-form submissions, email opens/clicks if you opt-in to our newsletter.

3. Why we use it

  • To deliver and operate the Services.
  • To bill and account.
  • To support customers.
  • To improve product reliability and security.
  • With your consent, to send relevant product news (you can unsubscribe at any time).

4. Legal bases

  • Contract — to provide the Services you signed up for (Art. 6(1)(b) GDPR).
  • Legitimate interest — to keep the Services secure and improve them, balanced against your rights (Art. 6(1)(f)).
  • Consent — for analytics or marketing cookies and newsletters (Art. 6(1)(a)). You may withdraw consent at any time.
  • Legal obligation — to keep accounting records (Art. 6(1)(c)).

5. Your rights

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent where processing is based on consent. To exercise any right, email privacy@hoomina.com. You also have the right to lodge a complaint with the Spanish data protection authority (AEPD) or the supervisory authority in your country.

6. Retention

  • Patient data: 7 years after the last patient interaction, in line with applicable medical-records norms; longer retention only if the clinic instructs us to.
  • Telemetry: 90 days, then aggregated.
  • Billing records: 10 years to comply with Spanish tax law.
  • Marketing data: until you unsubscribe or three years of inactivity, whichever comes first.

7. International transfers

Hoomina infrastructure is hosted in the European Union. Where a sub-processor is located outside the EU, we rely on Standard Contractual Clauses and additional safeguards as required by the GDPR. See the DPA for the current sub-processor list.

8. Cookies

By default, hoomina.com only uses functional cookies necessary for the site to work (session, language preference, consent state). Analytics and marketing cookies are loaded only after you accept them via the consent banner. See the cookie policy for details.

9. Security

We protect personal data with encryption in transit (TLS 1.2+), encryption at rest, role-based access control, audit logging, regular backups, and least-privilege engineer access.

10. Children

The marketing site is not intended for children. The platform processes paediatric patient data only when a clinic uploads it on behalf of the legal guardian; the clinic is responsible for obtaining valid consent.

11. Data Protection Officer

Contact our DPO at dpo@hoomina.com.

12. Changes

We may update this policy from time to time. Material changes will be notified by email and the "last updated" date at the top of this page will change.