Privacy Policy

1. WHO WE ARE

Data controller: Praxxos Technologies, S.L.

Registered address: C/ Antoni Jaume, 2, 1ª Planta 1, 07800 Eivissa (Ibiza), Illes Balears, Spain

Spanish Tax ID (NIF/CIF): B88768882

Commercial Registry: Eivissa (Ibiza), sheet IB-23361, Electronic Folio IRUS 100KM74747678

Email: privacy@praxxos.com

If we appoint a Data Protection Officer (DPO), we will publish their contact details here.

2. WHOSE DATA WE PROCESS

This Privacy Policy applies to:

• Visitors to our websites (praxxos.com and subdomains).
• Prospects who request a demo, sign up to our newsletter, attend our events or contact us.
• Authorised Users of our customers (chiropractors, clinic staff, administrators).
• Job applicants who apply to Praxxos.
• Recipients of our marketing communications.

3. CATEGORIES OF DATA WE PROCESS

Depending on how you interact with us, we may process the following categories of personal data:

• Identification data: first name, last name, professional title.
• Contact data: email address, telephone number, professional postal address.
• Account data: username, hashed password, role, permissions, authentication tokens.
• Professional data: clinic name, profession, country of practice, professional registration number where provided.
• Billing data: billing address, VAT number, payment method tokens (we do not store full card numbers — payments are processed by our payment service provider).
• Usage data: pages visited, features used, IP address, device and browser data, log data, timestamps.
• Communication data: emails, support tickets, chat messages, recordings of demo calls (with notice).
• Marketing data: preferences, consent records, campaign interactions.

We do not knowingly process special categories of personal data (such as health data) about our Authorised Users via this website or product onboarding.

4. PURPOSES AND LEGAL BASES

We process personal data for the following purposes and on the following legal bases (Article 6 GDPR):

a) Providing the Service

To create and manage accounts, authenticate users, deliver the features of the Service, provide support, communicate operational information, and ensure security. Legal basis: performance of a contract (Art. 6(1)(b)).

b) Billing, accounting and tax

To invoice, collect payment, manage disputes, comply with tax and accounting obligations. Legal basis: performance of a contract and legal obligation (Art. 6(1)(b) and (c)).

c) Communications and marketing

To send service updates, security alerts, product news, newsletters and promotional content. Service-related communications rely on legitimate interest or contract; marketing to non-customers relies on prior consent where required. Customers may receive product-related communications under legitimate interest with the right to object at any time. Legal bases: legitimate interest (Art. 6(1)(f)) or consent (Art. 6(1)(a)).

d) Website analytics and product improvement

To understand how the Service is used, fix bugs, improve features, and prevent abuse. We use anonymised or aggregated data wherever possible. Legal basis: legitimate interest, or consent for non-essential cookies (Art. 6(1)(f) or (a)).

e) Security and fraud prevention

To prevent unauthorised access, detect fraud and abuse, and protect the Service and its users. Legal basis: legitimate interest and legal obligation (Art. 6(1)(f) and (c)).

f) Recruitment

To evaluate applications, conduct interviews and manage hiring. Legal basis: pre-contractual steps and consent (Art. 6(1)(b) and (a)).

g) Legal claims and compliance

To establish, exercise or defend legal claims, respond to lawful requests from authorities, and comply with legal obligations. Legal basis: legitimate interest and legal obligation (Art. 6(1)(f) and (c)).

5. COOKIES AND SIMILAR TECHNOLOGIES

Our website uses cookies and similar technologies. Non-essential cookies are only used with your consent, collected via our cookie banner. For details, see our Cookie Policy.

6. RECIPIENTS AND SUB-PROCESSORS

We share personal data with the following categories of recipients, subject to confidentiality and data protection agreements:

• Our staff and contractors, on a need-to-know basis.
• Cloud infrastructure and hosting providers (in the EU/EEA where reasonably possible).
• Email, SMS and messaging providers used to deliver notifications and reminders.
• Payment service providers.
• Customer support and product analytics tools.
• Marketing automation and CRM providers, for prospects and customers.
• Professional advisors (lawyers, accountants, auditors).
• Competent authorities, where required by law.

The current list of sub-processors used in connection with the Service is available on request and is also annexed to our Data Processing Agreement.

7. INTERNATIONAL TRANSFERS

Where personal data is transferred outside the European Economic Area, we ensure an adequate level of protection through one of the mechanisms permitted by GDPR (in particular Standard Contractual Clauses, adequacy decisions, or other lawful transfer tools), and we implement supplementary measures where required.

8. RETENTION

We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy and to comply with our legal obligations:

• Account data: for the duration of the contract and up to 12 months after termination, unless longer retention is required by law.
• Billing and accounting data: at least 6 years (Spanish Commercial Code) or longer where required.
• Marketing data: until consent is withdrawn or after 3 years of inactivity for prospects.
• Support data: for 3 years from last interaction.
• Website logs and security data: typically up to 12 months.
• Recruitment data: for the duration of the process and up to 12 months thereafter, longer with consent.

9. YOUR RIGHTS

Under GDPR and LOPDGDD, you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure (“right to be forgotten”), subject to legal exceptions.
• Restrict processing.
• Data portability for data you provided to us, processed on the basis of consent or contract.
• Object to processing based on legitimate interest, including profiling for direct marketing.
• Withdraw consent at any time, without affecting prior lawful processing.
• Not to be subject to a decision based solely on automated processing producing legal or similarly significant effects.

To exercise these rights, contact us at privacy@praxxos.com. We may need to verify your identity. We will respond within one (1) month, extendable by two further months for complex requests.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD, www.aepd.es) or with the supervisory authority of your habitual residence.

10. SECURITY

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction, including: encryption in transit and at rest where technically appropriate, access controls and least-privilege principles, regular backups, monitoring and logging, employee training, vendor risk assessments, and incident response procedures.

In the event of a personal data breach affecting our role as controller, we will notify the AEPD within 72 hours where required by GDPR and, where the breach is likely to result in a high risk to data subjects, inform the affected individuals.

11. CHILDREN

The Service is not directed at children under the age of 18 and we do not knowingly collect personal data from children through the Service.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be notified through the Service or by email. The “Last updated” date at the top reflects the latest version.

13. CONTACT

For any question about this Privacy Policy or your personal data, contact us at:

Email: privacy@praxxos.com

Postal address: Praxxos Technologies, S.L., C/ Antoni Jaume, 2, 1ª Planta 1, 07800 Eivissa (Ibiza), Illes Balears, Spain