Privacy Policy — Optonet Vision Unit
Last updated: May 2026 GDPR compliant EU MDR 2017/745 (SaMD)
This Privacy Policy explains how Optonet Ltd processes personal data in connection with the Optonet Vision Unit (optonet.online), a Software as a Medical Device (SaMD) for in-consultation optometric examination management, deployed in Spain.
🔐 End-to-End Encryption — Your data is protected by design
Optonet Vision Unit uses client-side end-to-end encryption (E2E). Your clinical data is encrypted on the healthcare centre's device before it is transmitted or stored. Optonet Ltd holds no encryption keys and has no technical means to access your clinical data in plaintext. Only your healthcare centre can decrypt and read your records. This is a deliberate privacy-by-design measure under Article 25 GDPR.
1. Who We Are
| Data Processor (infrastructure) / Data Controller (centre staff data) | |
|---|---|
| Company | Optonet Ltd |
| Companies House (UK) | 09744666 |
| VAT number | GB232373724 |
| Registered address | 81 North Park Brook Road, Callands, Warrington WA5 9ST, United Kingdom |
| General contact | optonet@optonetproject.com |
| GDPR / data requests | gdpr@euverify.com |
| DSAR portal | Submit a data request |
| Legal representative | Guillermo Bueno del Romo |
| Data Protection Officer | Pending formal appointment — contact gdpr@euverify.com for all DPO matters in the interim |
- Your healthcare centre is the Data Controller for your clinical records. They determine the purpose and means of processing your health data.
- Optonet Ltd acts as an encrypted infrastructure provider. Because all patient data is end-to-end encrypted with keys held solely by your healthcare centre, Optonet Ltd cannot access or process your clinical data. A Data Processing Agreement (DPA) is maintained with each centre for regulatory transparency and completeness.
- Optonet Ltd is the Data Controller only for the business data of healthcare centre staff (account management, billing).
2. What Personal Data Is Processed
2.1 Healthcare centre account data (Optonet Ltd as Controller)
- Centre name, address, contact email, phone number
- Representative name and role
- Billing details (processed by Stripe)
- Login credentials (hashed)
2.2 Patient clinical data (healthcare centre as Controller — E2E encrypted)
The following data is stored exclusively in end-to-end encrypted form. Optonet Ltd cannot read this data:
- Patient identity: name, date of birth, gender, contact details, patient ID
- Health data (special category, Art. 9 GDPR): structured anamnesis, ocular and medical history, medications, allergies
- Optometric examination findings: visual acuity (distance and near), refraction (sphere, cylinder, axis, prism), visual fields, intraocular pressure (IOP), cover test, ocular motility, stereopsis, colour vision, slit-lamp findings, fundoscopy, corneal topography, OCT data, anterior and posterior segment imaging, and all other standard optometric measurements
- Clinical reports and optical prescriptions
- Examination history and follow-up records
3. Legal Basis for Processing
| Data category | Legal basis | Applicable law |
|---|---|---|
| Centre staff account and billing data | Art. 6.1.b GDPR — performance of contract | GDPR |
| Patient health data (processed by the healthcare centre as Controller) | Art. 9.2.h GDPR — healthcare provision; Art. 9.2.a — explicit patient consent | GDPR + Ley 41/2002 (Spain) |
| Encrypted data storage infrastructure (Optonet Ltd role) | Art. 6.1.b — contract with healthcare centre; Art. 32 — security obligation | GDPR |
| Platform reliability monitoring | Art. 6.1.f — legitimate interest (secure, reliable service) — no patient data in telemetry | GDPR |
4. No AI Processing of Patient Data
All clinical data is recorded, stored, and accessed exclusively by the healthcare professionals at your centre. No patient data is sent to AI systems, language models, or automated decision-making tools. The platform functions as a secure, encrypted clinical record management system.
5. Sub-processors
Given the end-to-end encrypted architecture, Optonet Ltd's sub-processors have access only to encrypted ciphertext and cannot read patient data.
| Sub-processor | Purpose | Location | Data access |
|---|---|---|---|
| Cloud infrastructure provider | Encrypted data storage and backup | EU | Ciphertext only — no access to plaintext patient data |
| Stripe | Payment processing (centre billing only) | EU / USA | Billing data only — no patient data |
| Sentry (EU instance) | Error monitoring — centre dashboard only | EU | Anonymised error logs — clinical routes excluded |
We do not share patient data with any third party. We do not use patient data for advertising, research, or model training.
6. International Data Transfers
- All patient clinical data is stored encrypted within the EU.
- Stripe (USA): billing data only — covered by EU-US Data Privacy Framework (DPF, 2023).
- UK (Optonet Ltd): The EU-UK adequacy decision (renewed 19 December 2025, valid until 2031) ensures lawful data transfers from the EU to Optonet Ltd without additional safeguards.
7. Data Retention
| Data category | Retention period | Legal basis |
|---|---|---|
| Patient clinical records (E2E encrypted) | Minimum 5 years after last clinical contact; paediatric patients: until age 18 + 5 years | Ley 41/2002 Art. 17 (Spain) |
| Optometric imaging data | As determined by the healthcare centre's clinical protocol; minimum 5 years | Ley 41/2002; clinical guidelines |
| Centre account and billing data | Duration of contract + 6 years | UK statutory limitation period |
| Error logs | 90 days rolling | Legitimate interest |
When a healthcare centre terminates its subscription, encrypted clinical data is returned to the centre or securely deleted according to the centre's instructions within 30 days of termination.
8. Security Measures
- Client-side end-to-end encryption (E2E): data is encrypted on the clinician's device before transmission; Optonet Ltd holds no decryption keys
- AES-256 encryption for all data at rest
- TLS 1.2+ for all data in transit
- Role-based access control within each healthcare centre
- Audit logs of data access events
- Geographic redundancy within the EU
- Regular security reviews and penetration testing
In the event of a security incident affecting Optonet Ltd's infrastructure, the encrypted nature of the data means that any data accessed by an unauthorised party would be unreadable ciphertext.
9. Your Rights Under the GDPR
As a patient, your primary contact for exercising data rights is your healthcare centre, which holds the encryption keys and acts as Data Controller for your clinical records. You may also contact Optonet Ltd via our DSAR portal.
| Right | How to exercise it |
|---|---|
| Access (Art. 15) | Contact your healthcare centre or our DSAR portal |
| Rectification (Art. 16) | Contact your healthcare centre |
| Erasure (Art. 17) | Contact your healthcare centre — note that minimum retention obligations under Ley 41/2002 may apply |
| Portability (Art. 20) | Your healthcare centre can export your records in a structured format |
| Lodge a complaint | Agencia Española de Protección de Datos (AEPD) · Data Protection Commission Ireland (DPC) |
10. Software as a Medical Device (SaMD)
Optonet Vision Unit is classified as a Software as a Medical Device (SaMD) under EU Medical Device Regulation 2017/745 (MDR). As a SaMD, it is subject to additional quality, safety, and clinical evaluation requirements beyond standard software. The platform does not autonomously generate clinical diagnoses — all clinical judgements are made by the qualified healthcare professional using the platform as a tool.
EU/EEA GDPR Representative (Article 27)
If you are located in the EU/EEA and have questions or concerns regarding your personal data, you may contact our appointed GDPR representative:
EU Representative:Euverify Ltd (Ireland)
Unit 3D North Point House
North Point Business Park
New Mallow Road, Cork
T23 AT2P, Ireland
Email: gdpr@euverify.com
To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related enquiry, please use our secure DSAR portal. Requests submitted through this portal are logged and tracked to ensure a timely and compliant response.
11. How to Contact Us
- Email: gdpr@euverify.com
- DSAR portal: gdpr.euverify.com
- Email: optonet@optonetproject.com
- Optonet Ltd · 81 North Park Brook Road, Callands, Warrington WA5 9ST, United Kingdom
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified to registered healthcare centres by email at least 30 days before taking effect.