Legal
This notice explains how Sistemi Umani collects, uses and protects your personal and health information. We handle your data in line with the General Data Protection Regulation (GDPR) and the Maltese Data Protection Act (Cap. 586). Health information is the most strictly protected category of data, and we treat it accordingly.
Effective 30 June 2026 · Last updated 3 July 2026
Sistemi Umani Ltd, trading as Sistemi Umani(“we”, “us”, “our”), is the data controller for the personal data described here. We are a company registered in Malta, [company number — to confirm], with registered address at 59, Ramiro Cali Street, Mġarr, Malta.
For any question about this notice or your data, contact us at privacy@sistemiumani.com.
We collect only what a service genuinely needs (data minimisation):
Identity & contact details
Health data (special-category data)
Booking & technical data
We rely on the following lawful bases. Because health data is special-category data, we identify both a general basis (Article 6) and an additional condition that permits special-category processing (Article 9):
| Purpose | Article 6 basis | Article 9 condition |
|---|---|---|
| Providing your care and managing your clinical record | Contract — Art. 6(1)(b) | Provision of health care / treatment — Art. 9(2)(h) |
| Creating your account and booking appointments | Contract — Art. 6(1)(b) | — |
| Optional wellness / marketing emails | Consent — Art. 6(1)(a) | — |
| Connected wearable / biometric data (later phase) | Consent — Art. 6(1)(a) | Explicit consent — Art. 9(2)(a) |
| Keeping the platform secure and meeting legal obligations | Legitimate interests / legal obligation — Art. 6(1)(f) / (c) | — |
Your clinical record is processed for the provision of health care under Article 9(2)(h) GDPR, by or under the responsibility of a practitioner subject to an obligation of professional secrecy (Article 9(3)). This reflects Maltese law — the Health Act (Cap. 528), the Professional Secrecy Act (Cap. 377) and the Medical and Kindred Professions Act (Cap. 31). We do not rely on your consent to hold your clinical record, so that record is not lost if you later withdraw an optional consent.
Where we do rely on consent (optional emails, and future wearable data), it is explicit, unbundled and recorded, and you can withdraw it at any time (see section 9). Withdrawal does not affect processing already carried out.
Your data is hosted within the European Union (our database and file storage are EU-region hosted). It is encrypted in transit (HTTPS) and at rest. Where a provider processes data outside the EEA, that transfer is covered by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
We use a small number of carefully selected providers to deliver the platform, each under a data-processing agreement. We will update this list before introducing a new provider (for example, a payment processor):
| Provider | Purpose | Where |
|---|---|---|
| Supabase | Database, authentication and file storage | European Union |
| Vercel | Application hosting and delivery | EU / global edge |
| Google Workspace | Transactional email (account and service messages) | EU / international (SCCs) |
We keep personal data only as long as necessary for the purposes above and to meet our legal and professional obligations.
Because we are legally required to retain medical records, they cannot simply be deleted on request — but they can be closed and hidden from active use. After the retention period, data is securely deleted or anonymised.
Under the GDPR you have the right to:
To exercise any of these, contact us at privacy@sistemiumani.com. We will respond within the time required by law (generally one month).
You also have the right to lodge a complaint with Malta’s supervisory authority, the Information and Data Protection Commissioner (IDPC):
Level 2, Airways House, High Street, Sliema SLM 1549, Malta
idpc.info@gov.mt · +356 2328 7100 · idpc.org.mt
We use a single strictly-necessary session cookie to keep you logged in. We do not use analytics, advertising or tracking cookies, so no cookie-consent banner is required. If we ever introduce non-essential cookies, we will add a consent banner and a cookie section first.
In Malta, the age of digital consent is 16. Where we provide care to someone under 16, a parent or guardian gives and manages consent on their behalf, and we use age-appropriate safeguards.
We may update this notice as the platform evolves. We will post the updated version here and update the effective date. Where a change materially affects how we use your data, we will tell you and, where required, ask for your consent again.
Sistemi Umani Ltd
59, Ramiro Cali Street, Mġarr, Malta
privacy@sistemiumani.com
See also our Terms of Service.