Privacy Policy

Last updated: 10 April 2026

drMely ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable French data protection law.

1. Data Controller

The data controller responsible for your personal data is:

drMely
France, European Union
Contact: [email protected]

2. Data We Collect

We collect the following categories of personal data:

• Contact form data: first name, last name, email address, organisation name, your area of interest, and the content of your message.
• Technical data: IP address, browser type and version, operating system, referring URLs, pages visited, and timestamps — collected automatically via server logs.
• Cookie data: preferences and session identifiers stored in your browser. See our Cookie Policy for details.

We do not collect sensitive health or medical data through this website. Our clinical data platform is governed by a separate Data Processing Agreement.

3. Legal Basis and Purpose of Processing

We process your personal data on the following legal bases:

• Contractual necessity / pre-contractual steps (Art. 6(1)(b) GDPR): to respond to your enquiry and manage the relationship initiated through the contact form.
• Legitimate interests (Art. 6(1)(f) GDPR): to maintain the security and performance of our website, and to understand how visitors use our site so we can improve it.
• Consent (Art. 6(1)(a) GDPR): for non-essential cookies, where you have given explicit consent via our cookie banner.

4. How We Use Your Data

• To respond to your messages and enquiries submitted through the contact form.
• To manage and develop business relationships (partnerships, research collaborations, investment discussions).
• To ensure the security and proper functioning of our website.
• To comply with our legal obligations.

We will never sell your personal data to third parties or use it for unsolicited marketing without your explicit consent.

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Contact form enquiries: retained for up to 3 years from the date of last contact.
• Technical/server log data: retained for up to 12 months.
• Cookie data: in accordance with the retention periods described in our Cookie Policy.

After the applicable retention period, data is securely deleted or anonymised.

6. Data Recipients and Transfers

We do not share your personal data with third parties except:

• Service providers acting as data processors on our behalf (e.g., hosting, email delivery), who are bound by data processing agreements and provide equivalent GDPR protections.
• Legal authorities if required by law, court order, or to protect the rights and safety of drMely or others.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses as approved by the European Commission).

7. Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data in certain circumstances ("right to be forgotten").
• Right to restriction of processing (Art. 18): request that we limit how we use your data.
• Right to data portability (Art. 20): receive your data in a structured, commonly used format.
• Right to object (Art. 21): object to processing based on legitimate interests.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe we are processing your data in violation of the GDPR, you have the right to lodge a complaint with the French data protection authority:

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, 75007 Paris, France
Website: www.cnil.fr

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our infrastructure is designed to GDPR and HIPAA standards. However, no internet transmission is completely secure; we encourage you to use secure connections when contacting us.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. We encourage you to review this page periodically. Continued use of this website after changes constitutes acceptance of the updated policy.

11. Contact

For any questions about this Privacy Policy or to exercise your data subject rights, please contact us:

drMely — Data Protection
Email: [email protected]
LinkedIn: linkedin.com/company/dr-mely