Privacy Policy — Origimed Ltd.
Overview
Origimed Ltd. ("Origimed", "we", "us", or "the Company") provides medicine verification and alert management software (the "Services"). This Privacy Policy describes how we collect, use and disclose Personal Data when you use our applications and related services, and explains your rights under the General Data Protection Regulation (GDPR).
By using our Services you consent to the processing described in this policy where lawful. For consent-based processing you may withdraw consent at any time.
Data Controller & Contact
Data Controller:
Origimed Ltd.Kajuhova ulica 32 B
1000 Ljubljana, Slovenia
Definitions
- Personal Data
- Any information relating to an identified or identifiable natural person.
- Service / Application
- The software products we operate (TRVST mobile app, NMVS Connect mobile & web, NMVS Alerts mobile & web).
- Usage Data
- Automatically collected data about how the Service is used (e.g., IP, device identifiers, timestamps).
- Service Provider
- Third-party entities that process Personal Data on our behalf (hosting, analytics, email providers).
Legal basis for processing
Under GDPR (Article 6) we rely on one or more of the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing necessary to provide the Services and fulfill contractual obligations.
- Legal obligation (Art. 6(1)(c)) — processing to comply with laws or regulatory requests.
- Legitimate interests (Art. 6(1)(f)) — e.g., improving the Service, fraud prevention, and ensuring security.
- Consent (Art. 6(1)(a)) — where you have provided explicit consent (for example, camera access or direct marketing). You can withdraw consent at any time.
Types of data we collect
Personal Data you provide
Our data collection is strictly limited to the minimum amount necessary to provide you with access to our app.
- Account Information: The only personal data we collect is your Email Address. This is collected solely for the purpose of creating, authenticating, and managing your user account.
Usage & Technical Data (automatically collected)
Examples: IP address, device type and identifiers, operating system, browser type and version, pages visited, timestamps, session duration, and diagnostic data.
Application permissions
With your explicit permission the app may access:
- Location information (device-based)
- Camera and photo library (for scanning / verification)
You control these permissions via your device settings and may revoke them at any time.
Collection and Processing Health Data (Google Play Disclosure)
To comply with Google Play's User Data and Health Apps policies, we explicitly declare the following regarding health and medical data:
- No Health Data Collection: We do not access, collect, process, store, use, or share any Health Data, medical information, or physical activity data from our users.
- Our app does not sync with Google Fit, Health Connect, or any other health-tracking services. All functions of the app operate without the need to access your personal health information.
How we use Personal Data
The email address you provide is used exclusively for:
- Creating and securing your user account and authentication methods.
- Allowing you to log in to our services.
- Communicating essential account-related notices (e.g., password resets).
- Delivering periodical reports if you opt for them
We do not use your email address for marketing purposes unless you explicitly opt-in, and we do not track your behavior across other apps or websites.
Data retention
We retain Personal Data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce agreements.
Retention periods vary by data type and purpose; for example, Usage Data is usually retained for a shorter period than account records or transaction logs that must be kept for compliance reasons.
Your GDPR rights
You have the following rights under the GDPR (subject to statutory conditions):
- Access — obtain a copy of Personal Data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your Personal Data ("right to be forgotten").
- Restriction — request limitation of processing.
- Portability — receive your Personal Data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests or to direct marketing.
- Withdraw consent — where processing is based on consent.
To exercise any of these rights contact: info@origimed.eu. We will respond without undue delay and in any case within one month, extendable to three months for complex requests in accordance with GDPR.
Security
We implement reasonable technical and organizational measures to protect Personal Data (encryption in transit, access controls, secure hosting, etc.).
No system is 100% secure — if a data breach affecting your rights occurs, we will notify you and supervisory authorities as required by law.
Children's privacy
Our Services are not directed to children, we do not collect Personal Data from children.
Links to other websites
Our Services may contain links to third-party sites. This policy does not apply to third-party websites — please review their privacy notices before providing personal information.
Changes to this policy
We may update this Privacy Policy. We will post the updated policy on this page with a new "Last updated" date. Where appropriate, significant changes will be communicated by email or in-app notice.
Supervisory authority
If you consider your rights under data protection law to have been infringed, you have the right to lodge a complaint with a supervisory authority.
Slovenia — Information Commissioner (Informacijski pooblaščenec)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Website: https://www.ip-rs.si/
Contact us
If you have questions about this policy or wish to exercise your rights please contact:
Origimed Ltd.
Email: info@origimed.eu
Website: https://origimed.eu/#contact