Privacy Policy — Origimed Ltd.

Overview

Origimed Ltd. ("Origimed", "we", "us", or "the Company") provides medicine verification and alert management software (the "Services"). This Privacy Policy describes how we collect, use and disclose Personal Data when you use our applications and related services, and explains your rights under the General Data Protection Regulation (GDPR).

By using our Services you consent to the processing described in this policy where lawful. For consent-based processing you may withdraw consent at any time.

Data Controller & Contact

Data Controller:

Definitions

Personal Data

Any information relating to an identified or identifiable natural person.

Service / Application

The software products we operate (TRVST mobile app, NMVS Connect mobile & web, NMVS Alerts mobile & web).

Usage Data

Automatically collected data about how the Service is used (e.g., IP, device identifiers, timestamps).

Service Provider

Third-party entities that process Personal Data on our behalf (hosting, analytics, email providers).

Legal basis for processing

Under GDPR (Article 6) we rely on one or more of the following legal bases:

• Contract performance (Art. 6(1)(b)) — processing necessary to provide the Services and fulfill contractual obligations.
• Legal obligation (Art. 6(1)(c)) — processing to comply with laws or regulatory requests.
• Legitimate interests (Art. 6(1)(f)) — e.g., improving the Service, fraud prevention, and ensuring security.
• Consent (Art. 6(1)(a)) — where you have provided explicit consent (for example, camera access or direct marketing). You can withdraw consent at any time.

Types of data we collect

Personal Data you provide

Examples: name, email, organization details, account registration data and any data you upload (e.g., photos for verification), when you voluntarily provide them.

Usage & Technical Data (automatically collected)

Examples: IP address, device type and identifiers, operating system, browser type and version, pages visited, timestamps, session duration, and diagnostic data.

Application permissions

With your explicit permission the app may access:

• Location information (device-based)
• Camera and photo library (for scanning / verification)

You control these permissions via your device settings and may revoke them at any time.

How we use Personal Data

• To provide, operate and maintain the Services.
• To create and manage user accounts and authentication.
• To deliver features such as scanning and verification, and to store or transmit data needed for those features.
• To respond to requests, provide support, and communicate important security or product updates.
• To measure and improve the performance and functionality of the Services (analytics).
• For legitimate business purposes (e.g., fraud prevention, security, internal reporting).
• For legal and regulatory compliance.

Data sharing & transfers

We may share Personal Data with:

• Service Providers (hosting, analytics, email delivery) under written contracts requiring GDPR-level protections.
• Affiliates for group-wide operations, under the same privacy obligations.
• Business partners when required to provide a joint feature or promotion (only where consented or otherwise lawful).
• Authorities if required by law or to respond to lawful requests.

International transfers

Your data may be processed outside the EEA. Where we transfer Personal Data outside the EEA we ensure appropriate safeguards such as:

• Transfers to countries with an EU Commission adequacy decision, or
• Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

Contact us if you would like copies of the relevant safeguards.

Data retention

We retain Personal Data only for as long as necessary to fulfill the purposes described in this policy, to comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods vary by data type and purpose; for example, Usage Data is usually retained for a shorter period than account records or transaction logs that must be kept for compliance reasons.

Your GDPR rights

You have the following rights under the GDPR (subject to statutory conditions):

1. Access — obtain a copy of Personal Data we hold about you.
2. Rectification — correct inaccurate or incomplete data.
3. Erasure — request deletion of your Personal Data ("right to be forgotten").
4. Restriction — request limitation of processing.
5. Portability — receive your Personal Data in a structured, machine-readable format.
6. Object — object to processing based on legitimate interests or to direct marketing.
7. Withdraw consent — where processing is based on consent.

To exercise any of these rights contact: info@origimed.eu. We will respond without undue delay and in any case within one month, extendable to three months for complex requests in accordance with GDPR.

Security

We implement reasonable technical and organizational measures to protect Personal Data (encryption in transit, access controls, secure hosting, etc.).

No system is 100% secure — if a data breach affecting your rights occurs, we will notify you and supervisory authorities as required by law.

Children's privacy

Our Services are not directed to children under 13. We do not knowingly collect Personal Data from children under 13. If you believe we have collected such data, contact us to request deletion.

Links to other websites

Our Services may contain links to third-party sites. This policy does not apply to third-party websites — please review their privacy notices before providing personal information.

Changes to this policy

We may update this Privacy Policy. We will post the updated policy on this page with a new "Last updated" date. Where appropriate, significant changes will be communicated by email or in-app notice.

Supervisory authority

If you consider your rights under data protection law to have been infringed, you have the right to lodge a complaint with a supervisory authority.

Slovenia — Information Commissioner (Informacijski pooblaščenec)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
Website: https://www.ip-rs.si/

Contact us

If you have questions about this policy or wish to exercise your rights please contact:

Origimed Ltd.
Email: info@origimed.eu
Website: https://origimed.eu/#contact