Privacy Policy

MIMIAT HEALTH SL and the management of your data

At MIMIAT HEALTH SL we are committed to protecting your privacy and managing your personal data securely and transparently. All collected data is processed and stored on AWS servers located in Ireland, within the European Union, in compliance with applicable data protection laws such as the General Data Protection Regulation (GDPR).

MIMIAT HEALTH SL takes your privacy very seriously. If you have any questions regarding the processing of your personal data or wish to exercise your rights, please contact us at legal@mimiathealth.com

Who is responsible for processing your data?

The Data Controller for your personal data is MIMIAT HEALTH SL (hereinafter, MIMIAT HEALTH or the Controller) with CIF B19773761 and registered address at Paseo de la Rambla 11, PR PTA 1. (‘we’, ‘our’, ‘us’ or ‘MIMIAT Health’).

We are Data Controller of personal data belonging to individuals who download our MIMIAT Heath mobile app via the Play Store, App Store or our institutional website https://www.mimiathealth.com. Such individuals are described as “you, your, patient or Data Subject” in this policy.

What data does MIMIAT HEALTH collect?

We may collect the personal data listed below directly or indirectly. The collection of some personal data is optional, and will only be collected if the Data Subject chooses to provide such personal data.

Directly:

  • Preferred language

  • Email address

  • Password

  • First name

  • Last name

  • Phone number

  • Date of birth

  • Sex

  • Height

  • Weight

  • Type of Condition (for now only the digestive option is active)

    • Digestive (live)

    • Cardiovascular (coming soon)

    • Pulmonary (coming soon)

    • Mental Health (coming soon)

    • Women’s Health (coming soon)

  • Type of Sub-condition

    • Irritable Bowel Syndrome

    • Inflammatory Bowel Disease

    • Gastroesophageal Reflux Disease

    • SIBO (Small Intestinal Bacterial Overgrowth)

    • Dyspepsia

    • Lactose Intolerance

    • Celiac Disease

    • Gastritis

    • Peptic Ulcer

    • Fructose and/or Sorbitol Intolerance

    The user or patient may also provide the following information while using the app:

    • Daily meals

    • Bowel movements (type, color, and frequency)

    • Weight

    • Treatments and Medications

    • Symptoms (currently, all options correspond to digestive diseases)

    • Heartburn

    • Abdominal Pain

    • Chest Pain

    • Dysphagia

    • Fatigue

    • Fever

    • Flatulence

    • Bloating

    • Incontinence

    • Nausea and Vomitting

    • Rectal Bleeding

    • Feeling of Fullness

    • Early Satiety

    • Sweating

    • Tenesmus

    • Fecal Urgency

    • Pain during defecation

    • Feeling of incomplete evacuation

    • General Discomfort

    • Excessive straining during defecation

    Indirectly: We may automatically collect data during app usage (such as usage metrics) to improve the user experience. This includes tools like Google Analytics, which collect interaction metrics, session duration, screens visited, and technical device information (operating system, model).

    For what purposes does MIMIAT HEALTH use your information?

    We use the information you provide for the following purposes:

    • Account management: To create and maintain your user profile, as well as manage login and passwords.

    • Health tracking: To enable the logging and tracking of your progress, such as correlations between symptoms and meals.

    • Connections with healthcare providers: To facilitate features like sharing your information with healthcare professionals if you choose to do so.

    • Personalizing the experience: To tailor content and recommendations according to your health conditions and preferences.

    • App usage analysis: We use tools like Google Analytics to understand how you interact with the app and improve its design, functionality, and content.

    What is the legal basis for MIMIAT HEALTH?

    We always process your personal data with your express and prior consent, unless not required by law. Below are the legal bases for each purpose:

    • Account management: we rely on your Consent when consent is given and or required, including consent on behalf of a Data Subject. We also rely on our contract with you to provide our services.

    • Health tracking: we rely on your Consent.

    • Connections with healthcare providers: we rely on your Consent.

    • Personalizing the experience: we have a Legitimate Interest.

    • App usage analysis: we have a Legitimate Interest.

    A legitimate interest is when we have a business or commercial reason to use the Data Subject’s personal data, so long as this is not overridden by the Data Subject’s own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against the Data Subject’s own.

    Can MIMIAT HEALTH share your information without your consent?

    We do not share your personal information (name, email, password) with third parties under any circumstances without your prior consent. However, we may share your data with third parties in the following circumstances only:

    • Service providers: our third-party vendors, who provide us with IT (including cloud-based) services and business support, may need to process your MIMIAT Heath information. We use IT service providers like

      All such third parties vendors are operating under contract and acting on behalf of MIMIAT Heath for the purpose of the services we provide to you only. They are located in the EU/EEA, and comply with the GDPR and other privacy laws and regulations, to ensure the protection of your data. The Data Subjects are encouraged to visit our providers’ privacy policies listed above.

    • Legal obligations: We may be required by law to share your information with government agencies, legal authorities, professional advisors (such as lawyers), external auditors (eg. In relation to the audit of accounts) or courts in certain circumstances.

    • Other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible.

    What role does the Healthcare Provider play?

    The healthcare provider acts as the Data Processor. They may access your identifying and health data that you share in the App while the connection is active, with your prior consent and under our instructions. When you decide to end the connection with the healthcare provider, they will no longer have access to your data.

    If the heathcare provider asks for your express consent to process your data for purposes other than those collected in this Privacy Policy, the provider becomes fully responsible for the use of your data, outside of MIMIAT HEALTH’s control.

    International Data Transfers

    MIMIAT HEALTH stores your personal data on AWS servers located in Ireland, within the European Union, in compliance with data protection laws such as the General Data Protection Regulation (GDPR).

    It is possible that our partners, agents, or providers may access your personal data from other geographic locations outside of the EEA. In these cases, and to the extent that personal data is transferred to a third country, unless we have relied on an alternative transfer mechanism or a basis under the data protection laws, the recipient of your personal data in the third country and us will be deemed to have entered into the standard contractual clauses approved by the European Commission Implementing  Decision (EU) 2021/914 of 4 June 2021 available at Implementing decision - 2021/914 - EN - EUR-Lex.

    Your rights regarding your information

    • Access: you have the right to know whether we are processing your personal data, what data, and how.

    • Rectification: you have the right to request correction of any incorrect data.

    • Erasure: you have the right to request that we delete your personal data when no longer necessary or when you withdraw your consent.

    • Objection: you have the right to object to the processing of your personal data when we process it without your consent.

    • Withdraw consent: you have the right to withdraw your consent when the processing of your data is based on it.

    • Portability: you have the right to request a copy of your data in a structured format or request that we send it to another data controller of your choice.

    • Restriction of processing: you have the right to request the restriction of the processing of your data in accordance with applicable legislation.

    To exercise these rights, contact us at legal@mimiathealth.com. We will respond to your requests within the timeframes established by law.

    You also have the right to lodge a complaint with the competent data protection authority according to your jurisdiction.

    How does MIMIAT HEALTH protect your information?

    MIMIAT HEALTH has implemented strict technical and organisational security measures to prevent your personal data from being accidentally lost, or used or accessed unlawfully:

    • Data encryption: All sensitive information is encrypted during storage and transmission.

    • Access control: Only authorized personnel can access personal data, and only to ensure the proper functioning of the app.

    • Responsible use of analytical tools: We configure analytical tools to anonymize data whenever possible, in compliance with applicable regulations.

    How long do we keep your data?

    We will retain your personal data as long as your MIMIAT HEALTH account remains active. If you decide to delete your account, all your data will be automatically and permanently deleted, except for any that we are required to retain for legal or regulatory reasons. Please note that if you wish to keep your data after ending your relationship with us, you must collect it beforehand. Once your account is deleted, we will not have access to your data and, therefore, cannot share it with you.

    Acceptance and changes to this privacy policy

    The User or Data Subject must have read and agreed to the conditions regarding personal data protection contained in this Privacy Policy and must expressly consent to the processing of their personal data by the Controller in accordance with this Privacy Policy.

    The use of the MiMIAT Health application implies acceptance of this Privacy Policy.

    MiMIAT Health reserves the right to modify its Privacy Policy at its own discretion or due to legislative, jurisprudential, or doctrinal changes from the Spanish Data Protection Agency.

    We will notify registered users of any changes to this Privacy Policy that may affect their rights and obligations. If you choose to continue using the app after being notified, we assume you accept the updated terms. If you do not agree, you have the option to delete your account and all associated data.