Back to home

Privacy Policy

1. Data Controller

Sanaitio is a brand of Trilenda SRL, a limited liability company (SRL) incorporated under Belgian law. Sanaitio has no separate legal identity; Trilenda SRL is the sole legal entity and data controller.
Registered office: Rue Clément Ader 10, 6041 Charleroi, Belgium
BCE/KBO: BE1028.924.134
For any privacy-related question, including matters handled by our data protection contact, please use the contact form.

2. Scope

This Privacy Policy applies to all personal data processed by Trilenda SRL (operating under the Sanaitio brand) in connection with: (a) the sanaitio.com website; (b) our professional services (consulting for the development, validation, and deployment of AI-based medical devices); and (c) any other interaction with us. It applies exclusively to business-to-business (B2B) interactions; consumers within the meaning of Article I.1, 2° of the Belgian Code of Economic Law are outside the scope of our normal commercial activities.

3. Personal Data We Collect

3.1 Data you provide directly. Contact details (name, email, phone, company, job title) when you contact us, request a quote, or enter into a contract. Contract and billing information (company name, address, VAT number, bank details) when you engage our services. Communication data (content of emails, messages, meeting notes) when you correspond with us.

3.2 Data collected automatically. Website usage data (IP address, browser type, pages visited, referring URL, access times). See our Cookie Policy for details.

3.3 Data processed on behalf of clients. In the course of providing our services, we may process personal data on behalf of our clients (e.g. pseudonymised patient data, clinical-trial data, healthcare-professional data). Such processing is governed by the Data Processing Agreement (DPA) entered into with the relevant client. We act as data processor for this data; the client remains the data controller. Where the data falls within special categories under Article 9 GDPR, the controller identifies the applicable legal basis under Article 9(2) and, where the processing is for scientific research, under Title 4 Chapter III §3 of the Belgian Law of 30 July 2018; we apply pseudonymisation, data minimisation, and proportionate access controls.

4. Legal Basis for Processing

PurposeLegal basis (Art. 6 GDPR)
Contract performance and pre-contractual stepsArt. 6(1)(b) — necessity for contract
Sending invoices, managing paymentsArt. 6(1)(b) — necessity for contract
Responding to inquiriesArt. 6(1)(f) — legitimate interest
Website analytics and improvementArt. 6(1)(a) — consent (via cookies)
Compliance with legal obligations (tax, accounting)Art. 6(1)(c) — legal obligation
Protecting our rights (e.g. litigation)Art. 6(1)(f) — legitimate interest

Where we process special categories of data (e.g. health data) on behalf of clients, the legal basis is determined by the client as data controller, in accordance with Article 9(2) GDPR and, where relevant, Title 4 Chapter III §3 of the Belgian Law of 30 July 2018.

5. Data Retention

6. Data Sharing

We do not sell personal data. We may share data with: service providers (cloud hosting, accounting software, email) who act as sub-processors under appropriate contractual safeguards; professional advisors (accountants, lawyers) bound by professional secrecy; public authorities when required by law.

7. International Transfers

We primarily process data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, including (a) adequacy decisions of the European Commission (including the UK, Switzerland, and any future adequacy decision); (b) certification under the EU-US Data Privacy Framework (Commission Implementing Decision of 10 July 2023) where applicable; (c) the Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914, accompanied by a Transfer Impact Assessment in line with EDPB Recommendations 01/2020 and any supplementary measures identified therein; or (d) a derogation under Article 49 GDPR on an occasional and exceptional basis.

8. Security

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption, and regular security assessments. For details on security measures applied to client data, refer to the applicable DPA.

9. Your Rights

Under GDPR, you have the right to access your personal data (Art. 15); rectify inaccurate data (Art. 16); erase your data (right to be forgotten, Art. 17); restrict processing (Art. 18); data portability (Art. 20); object to processing based on legitimate interest (Art. 21); and withdraw consent at any time, without affecting the lawfulness of prior processing (Art. 7(3)).

To exercise your rights, please reach us via the contact form. We will respond within thirty (30) days.

10. Complaints

If you believe your rights have been infringed, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données (APD) / Gegevensbeschermingsautoriteit (GBA)
Rue de la Presse 35, 1000 Bruxelles
www.autoriteprotectiondonnees.be

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via our website. The date of the latest revision is indicated at the top of this document.

Trilenda SRL (operating as Sanaitio) · Rue Clément Ader 10, 6041 Charleroi · BCE/KBO: BE1028.924.134