Last Updated October 23, 2025
Introduction
Aisthesis Medical Ltd (“Aisthesis”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal information. We safeguard the data of everyone who engages with us—including healthcare professionals, clinical and research partners, customers and their staff, suppliers, prospective employees, investors, and website visitors.
This Privacy Notice explains what personal data we collect, how and why we use it, the steps we take to protect it, and your rights under applicable privacy laws.
We may provide additional privacy notices when we collect specific data—for instance, when you take part in clinical research, use our digital products, or apply for a role with us. Those notices will describe how we use your data for that purpose and will override this notice if there is any difference.
Throughout this document, Data Protection Legislation refers to the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), along with any future amendments or replacements.
Where data is processed by or on behalf of entities in other jurisdictions, this also includes compliance with relevant international data protection standards, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States, and recognised ISO/IEC standards for information security and data management (including ISO/IEC 27001 and ISO 27701).
As a medtech company, Aisthesis is committed to compliance with applicable medical and research regulatory frameworks, including the UK Medical Devices Regulations 2002, the EU Medical Device Regulation (EU 2017/745), and related ethical and safety guidelines for digital health technologies and medical data handling.
Data Controller
Aisthesis Medical Ltd is the data controller for the personal information we process as described in this Privacy Notice. This means we determine the purposes and means by which your personal data is collected, used, and protected.
In some circumstances, Aisthesis may process personal data on behalf of other organisations—for example, when supporting a hospital, research institution, or commercial partner in conducting clinical studies, product evaluations, or data analysis. In such cases, those organisations act as the data controller, and you should refer to their privacy notices for full details.
Occasionally, Aisthesis may act as a joint controller with one or more partners where we jointly determine the purposes and means of processing. When this applies, we will communicate the relevant arrangements and responsibilities in a separate notice or agreement.
Aisthesis Medical Ltd is registered with the UK’s supervisory authority, the Information Commissioner’s Office (ICO), under registration number [insert registration number once available].
We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance, provide advice on our obligations, and serve as a point of contact for individuals and supervisory authorities in the UK, EU, and other relevant jurisdictions.
📧 Contact: dpo@aisthesismedical.com
The Information We Collect and When
We only collect personal information that we genuinely need, in accordance with applicable Data Protection Legislation. The type of information we collect depends on your relationship with Aisthesis—for example, whether you are a customer, healthcare professional, research collaborator, supplier, investor, or website user.
Categories of data we collect:
- Personal and business contact information — name, job title, employer, business address, email, phone number, and emergency contact details.
- Technical and digital information — IP address, browser type, device identifiers, login details, and cookie data.
- Professional information — credentials, education, employment history, and institutional affiliations.
- Communication data — correspondence, survey responses, or interactions with us.
- Biographical and demographic information — date of birth, gender, nationality.
- Investor and business partner information — investment or transaction records.
- Images and recordings — photos or recordings from events (with consent if required).
- Health-related or biometric data — only when legally permitted, for clinical or research purposes.
You are generally not under any obligation to provide personal data, but certain information may be necessary to access specific services or comply with legal requirements.
How We Use Your Information
We collect and process personal data based on how you interact with us—directly, automatically via our website, or through trusted third parties such as healthcare or research partners.
Lawful Bases
We rely on one or more lawful grounds for processing, including:
- Legitimate Interests – to manage business operations, improve services, or protect security.
- Consent – when you have opted in for communications or research participation.
- Contractual Necessity – to perform or prepare a contract with you.
- Legal Obligation – to comply with statutory duties.
- Vital Interests – to protect life or safety.
Processing Activities
| Processing Activity | Lawful Basis |
|---|---|
| Responding to enquiries, feedback, or complaints. | Legitimate Interest |
| Communicating about services, technologies, or events. | Legitimate Interest |
| Determining eligibility for research or user testing. | Legitimate Interest / Consent |
| Conducting clinical studies or collaborations. | Contractual / Legitimate Interest |
| Processing technical data to improve safety or performance. | Legitimate Interest |
| Pseudonymising data for analytics or research. | Legitimate Interest / Public Interest |
| Maintaining information security. | Legal Obligation / Legitimate Interest |
| Managing digital platform accounts and notifications. | Contractual / Consent |
| Using cookies and analytics tools. | Consent |
| Sending newsletters or study invitations. | Consent |
| Managing contracts and suppliers. | Contractual / Legitimate Interest |
| Complying with legal or regulatory obligations. | Legal Obligation |
| Responding to regulators or authorities. | Legal Obligation |
| Handling emergencies or health incidents. | Vital Interest |
Sensitive Information
Where processing special category data (e.g. health, genetic, or biometric data), we apply enhanced safeguards and rely on a lawful basis such as explicit consent, research necessity, or public health interest, as defined in Article 9 of the GDPR.
Pseudonymised and Anonymous Data
We pseudonymise or anonymise data whenever possible to minimise privacy risks. Pseudonymised data remains protected under GDPR; fully anonymised data is not considered personal information.
Automated Processing
Aisthesis may use algorithms or analytics to enhance research and product performance but does not make automated decisions that have legal or significant effects on individuals.
Cookies
We use cookies and similar technologies to enhance functionality and analyse usage. For details, refer to our Cookies Policy.
Who We Share Your Information With
We may share your data with:
- Business partners and affiliates — to deliver products and services.
- Third-party service providers — secure hosting, analytics, IT, or research partners.
- Research collaborators — hospitals, universities, or public health bodies.
- Professional advisors — legal, audit, or financial.
- Regulators or authorities — when required by law.
- Publishers or academic partners — for anonymised research dissemination.
All data sharing is governed by confidentiality and data protection agreements.
International Transfers
Your data may be transferred outside the UK or EEA. We ensure safeguards such as Standard Contractual Clauses (SCCs), UK IDTAs, or verified participation in frameworks like the EU–U.S. Data Privacy Framework.
Service Updates and Communications
We may contact you with relevant business information based on legitimate interest or consent.
Each message will include an option to unsubscribe.
📧 Contact for preferences: privacy@aisthesismedical.com
Your Rights
Under UK/EU GDPR, you have rights to:
- Be Informed – about how your data is used.
- Access – obtain a copy of your data (DSAR).
- Rectification – correct inaccurate data.
- Object / Restrict – processing in certain cases.
- Erasure – request deletion (“Right to Be Forgotten”).
- Data Portability – transfer your data.
- Avoid Automated Decisions – that have legal effects.
📧 Submit requests to: privacy@aisthesismedical.com
Supervisory Authorities
- UK: Information Commissioner’s Office (ICO)
- EU: Local data protection authority (see European Data Protection Board)
Data Retention
We retain personal data only as long as necessary for legitimate, legal, or regulatory reasons. Once no longer required, data is securely deleted or anonymised.
Security
We apply robust safeguards, including:
- Restricted access and authentication controls
- Encryption and pseudonymisation
- Regular security testing and monitoring
- Mandatory data protection training for staff
Business Changes
In case of a merger, acquisition, or sale, your data may be transferred under equivalent protection and only for compatible purposes.
External Links
Our website may contain third-party links. Aisthesis is not responsible for their content or privacy practices—please review their notices before sharing personal data.
Changes to This Notice
We may update this Privacy Notice periodically. The latest version, including the last updated date, will always be available on our website.
Contact Us
If you have any questions or wish to exercise your rights, please contact:
📧 Email: dpo@aisthesismedical.com
📮 Address:
Aisthesis Medical Ltd
1 Royal Street
London SE1 7LL
United Kingdom