There are new informations updated on our website Refresh
You need to complete your profile. Please follow the link update profile

PRIVACY POLICY AND DATA PROTECTION

CANARYmedic – CANARYmedtech S.L.U.

Last updated: 5 December 2025



Notice: This English translation is provided for convenience only. The legally binding version is the Spanish version available at: https://www.canarymedic.es/es/page/privacy-policy


Important: CANARYmedic acts as a technological intermediary platform. Healthcare professionals remain independently responsible for medical care, diagnosis, treatment and clinical documentation.
1. Introduction and Scope

This Privacy Policy describes how CANARYmedtech S.L.U. (“CANARYmedic” or “the Platform”) processes personal data when users access and use the services provided through the digital platform www.canarymedic.es.

The Platform provides technological infrastructure for:

  • booking appointments with healthcare professionals
  • video consultations
  • communication between patients and healthcare professionals
  • payment processing
  • related digital services

Personal data is processed in accordance with:

  • the General Data Protection Regulation (EU) 2016/679 – GDPR
  • Spanish Organic Law 3/2018 on Data Protection (LOPDGDD)
  • the Spanish Information Society Services Act (LSSI-CE)
  • the Spanish Patient Autonomy Law (Law 41/2002)
2. Identity of the Data Controller

CANARYmedtech S.L.U.
NIF: B22917884
Calle Los Dragos 3, Vivienda 11
35508 Costa Teguise, Teguise (Lanzarote)
Las Palmas, Spain

Email: privacy@canarymedic.es
Phone: +34 828 124 990
Website: www.canarymedic.es

3. Roles in Data Processing
3.1 CANARYmedic

CANARYmedic acts as data controller with respect to the personal data necessary for the operation of the digital platform.

These activities include in particular:

  • user registration
  • appointment management
  • communication via the platform
  • platform commission billing
  • technical support
  • platform security

CANARYmedic operates solely as a technological intermediary between patients and healthcare professionals.

3.2 Healthcare Professionals

Healthcare professionals using the platform act as independent data controllers regarding clinical and health-related data generated during the medical consultation.

Each professional is responsible for:

  • medical documentation
  • diagnosis and treatment
  • medical confidentiality
  • legal retention of medical records

CANARYmedic does not participate in medical decisions and does not manage complete patient medical records.

4. Personal Data Collected
4.1 Identification Data
  • Full name
  • DNI / NIE / Passport number
  • Date of birth
  • Email address
  • Phone number
4.2 Account Data
  • Username
  • encrypted passwords
  • appointment history
4.3 Health-related Data

CANARYmedic does not store medical diagnoses or full medical records.

However, the selected medical specialty or appointment type may indirectly reveal health-related information.

4.4 Payment Data

Payments are processed through certified payment providers. CANARYmedic does not store full credit card details.

4.5 Technical Data
  • IP address
  • device type
  • operating system
  • usage and access data
4.6 Video Consultation Metadata
  • session ID
  • start and end time
  • duration
  • device type

Video consultations are not recorded unless explicit consent is obtained from all participating parties.

5. Purposes and Legal Basis
Purpose Legal Basis
Account management Article 6(1)(b) GDPR
Appointment booking and management Article 6(1)(b) GDPR
Video consultations Article 6(1)(b) GDPR
Health-related metadata Explicit consent – Article 9(2)(a) GDPR
Billing and legal obligations Article 6(1)(c) GDPR
Customer support Legitimate interest – Article 6(1)(f) GDPR
6. Data Recipients
  • healthcare professionals selected by the patient
  • technical platform service providers
  • payment service providers
  • public authorities where legally required
7. International Data Transfers

CANARYmedic currently does not transfer personal data outside the European Economic Area.

If such transfers become necessary in the future, appropriate safeguards in accordance with GDPR will be implemented.

8. Data Retention Periods
Data Category Retention Period
active accounts as long as the account exists
inactive accounts up to 2 years
appointment history up to 5 years
billing data 6 years
video consultation metadata 30 days

Medical documentation is retained by the healthcare professional in accordance with applicable healthcare regulations.

9. Security Measures
  • HTTPS/TLS encryption
  • secure password hashing
  • access control mechanisms
  • security audits
  • data breach notification procedures
10. User Rights

Users have the right to:

  • access
  • rectification
  • erasure
  • restriction of processing
  • data portability
  • object

To exercise these rights:

Email: privacy@canarymedic.es

Supervisory authority:
Spanish Data Protection Authority (AEPD)
www.aepd.es

11. Minors

Registration on the platform requires a minimum age of 16 years.

Contracting healthcare services requires the user to be at least 18 years old or to act through a legal guardian.

12. Changes to This Policy

CANARYmedic may update this Privacy Policy when legal or technical changes occur.

13. Applicable Law

This Privacy Policy is governed by Spanish and European data protection law.

14. Contact

CANARYmedtech S.L.U.
Calle Los Dragos 3
35508 Costa Teguise
Lanzarote, Spain

Email: privacy@canarymedic.es