GDPR Compliance

Our Commitment to Data Protection

At Odoniq, personal and clinical data protection is a top priority. We comply with Regulation (EU) 2016/679 (GDPR) and Spain's Organic Law 3/2018 (LOPDGDD).

Technical Measures

• Encryption in transit: all communications are protected with TLS 1.3.
• Encryption at rest: stored data is encrypted with AES-256.
• Data isolation: multi-tenant architecture with complete isolation between clinics.
• Access control: granular role-based access control (RBAC).
• Secure authentication: bcrypt-hashed passwords, two-factor authentication support.
• Audit logs: all relevant actions are logged with timestamps and user information.

Organizational Measures

• Privacy by design: data protection is integrated into every development phase.
• Data minimization: we only collect data strictly necessary for the service.
• Impact assessments: DPIAs are conducted for high-risk processing activities.
• Incident management: security breach notification protocol within 72 hours per GDPR Article 33.

Data Location

All data is stored in Microsoft Azure data centers in the European Union (West Europe - Netherlands). When third-party services outside the EU are required (such as AI processing), Standard Contractual Clauses and data minimization principles apply.

Data Subject Rights

We guarantee the effective exercise of all GDPR rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21).

All requests are answered within 30 days. Contact: privacy@odoniq.com

Data Processors

• Microsoft Azure: cloud infrastructure and storage (EU).
• Anthropic: AI image processing (with Standard Contractual Clauses and data minimization).

All processors are bound by contracts compliant with GDPR Article 28.

Data Protection Officer

Contact our DPO at: dpo@odoniq.com