Odin Health
Privacy Policy
Information notice on the processing of personal data pursuant to articles 13 and 14 of EU Regulation 2016/679 (GDPR).
1. Data controller
The data controller is Stefano Martano, acting as the individual founder of the Odin Health project (a company in the process of being formally established), with operational headquarters in Lecce, Italy.
For any request regarding personal data — exercising your rights, clarifications, reports — please write to hello@odinhealth.it.
A Data Protection Officer (DPO) under article 37 GDPR has not been appointed, as the current processing does not fall within the cases that mandate compulsory appointment. Appointment will be evaluated when the clinical platform becomes operational.
2. Categories of data processed
The following personal data are collected through this site, voluntarily provided by the data subject:
Waitlist sign-up
- First name (for individuals, caregivers, doctors, other profiles)
- Email address
- Declared role (individual, caregiver, doctor, pharmacist, other)
- City (optional, mandatory for doctors and pharmacists)
- Medical specialty (doctors only)
- Pharmacy name and role (pharmacists only)
- Browsing language
Demo request (doctors and pharmacies)
- First and last name
- Email, phone (optional)
- Specialty (doctors) / pharmacy name and role (pharmacists)
- City, optional free message
Team applications
- First and last name, email
- Curriculum Vitae in PDF format
- Optional cover letter
Automatically collected data
For security and aggregate statistics purposes, we collect: IP address, browser user agent, country of origin (detected by the CDN). These data are associated with the individual sign-up/request and retained with it.
3. Purposes and legal basis
| Purpose | Legal basis (GDPR art. 6) |
|---|---|
| Managing the waitlist sign-up and contacting at product launch | Consent (art. 6.1.a) — given by submitting the form |
| Managing professional demo requests (doctors, pharmacists) | Pre-contractual measures (art. 6.1.b) |
| Managing applications for open team positions | Pre-contractual measures (art. 6.1.b) |
| IT security, abuse prevention, aggregate statistics | Legitimate interest (art. 6.1.f) |
4. Processing methods
Processing is carried out predominantly in automated form, by electronic means and with adequate security measures (HTTPS encryption in transit, restricted database access, automatic backups, encrypted secrets).
No automated decision-making producing legal effects on the data subject is performed. No profiling operations are conducted.
5. Retention period
- Waitlist sign-ups: until withdrawal of consent by the data subject, or in any case up to 24 months after the operational launch of the platform.
- Demo requests: up to 24 months from the date of the request, or until termination of any relationship that may have started.
- Applications: 12 months from submission (in case of non-hire), then deleted. CVs and attached data follow the same retention.
- Technical data (IP, user agent): associated with the main record and deleted with it.
6. Recipients and external processors
Data are processed by the controller and by the following providers, appointed as Data Processors under article 28 GDPR:
| Provider | Purpose | Location / data region |
|---|---|---|
| Cloudflare, Inc. | Site hosting (Pages), database (D1), CDN, security | USA — DPA with EU Standard Contractual Clauses; data centers primarily in EU |
| Brevo (Sendinblue SAS) | Sending confirmation and notification emails | France (EU) — servers within the European Union |
| Web3Forms | Forwarding applications with attached PDF CV (will be replaced soon) | USA — DPA with EU Standard Contractual Clauses |
Data are not transferred, sold, or made available to third parties outside the processors listed above. No transfers are made for commercial or advertising purposes.
7. Extra-EU data transfers
Cloudflare and Web3Forms are based in the United States. Transfers are governed by EU Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical measures (encryption, pseudonymization where possible). Brevo operates entirely within the European Union.
8. Data subject rights
In accordance with articles 15 to 22 GDPR, you have the right to:
- Access your personal data (art. 15)
- Request rectification (art. 16)
- Request erasure (right to be forgotten, art. 17)
- Request restriction of processing (art. 18)
- Receive your data in a structured format and transfer them elsewhere (data portability, art. 20)
- Object to processing (art. 21)
- Withdraw consent at any time, without affecting the lawfulness of previous processing (art. 7)
To exercise any of these rights, write to hello@odinhealth.it. We will reply within 30 days of receiving the request.
You also have the right to lodge a complaint with the Italian Data Protection Authority — Garante per la Protezione dei Dati Personali (www.garanteprivacy.it) — or your own national supervisory authority, if you believe the processing of your data infringes the GDPR.
9. Cookies
This site uses exclusively technical cookies necessary for the operation of the hosting platform (Cloudflare). No profiling, analytics or third-party advertising cookies are used. For the full breakdown, see our Cookie Policy.
10. Changes to this notice
This Information Notice may be updated as the project evolves, providers change, or processing purposes shift. Any substantial changes will be communicated by email to subscribers and signaled on the website. The last update date is indicated at the top.