Privacy Policy

The controller of personal data is:

For all matters related to personal data protection, please contact us exclusively via the contact form available on the Accrea website.

Contact method: Accrea contact formulary (available on the official website).

All requests regarding personal data are processed exclusively through this formulary.

Data Protection Officer (DPO / IOD)

We have not appointed a Data Protection Officer. Please direct all inquiries regarding personal data exclusively via the Accrea contact formulary indicated above.

Depending on your interaction with ACCREA, we may process:

4.1 Healthcare Professionals (Surgeons, Physicians, Clinical Staff)

• full name and professional title
• medical license or registration identifiers
• hospital or clinic affiliation
• contact details provided via professional communication channels
• training, certification, and competency records
• participation in surgical procedures or system demonstrations

4.2 Distributors and Business Partners

• company name and registration data
• contact persons and professional details
• contractual documentation
• billing and payment data
• communication and cooperation history

4.3 System and Technical Users

• login credentials and authentication data
• device and system identifiers
• operational logs from robotic systems
• usage and performance telemetry
• maintenance and service history

4.4 Website Users

• IP address and device information
• cookies and tracking identifiers
• browsing activity on Accrea digital platforms

We process personal data for the following purposes:

5.1 Provision of Medical Robotics Systems and Services

Installation, operation, maintenance, and support of robotic systems used in medical procedures.

Legal basis: GDPR Art. 6(1)(b), 6(1)(c), 9(2)(i)

5.2 Cooperation with Healthcare Professionals and Institutions

Training, clinical collaboration, and technical assistance during surgical procedures.

Legal basis: GDPR Art. 6(1)(b), 6(1)(f), 9(2)(i)

5.3 Distributor and Commercial Cooperation

Management of contracts, logistics, and business relationships.

Legal basis: GDPR Art. 6(1)(b), 6(1)(f)

5.4 Regulatory Compliance (Medical Devices)

Including:

• EU MDR 2017/745 compliance
• post-market surveillance
• adverse event reporting
• device traceability

Legal basis: GDPR Art. 6(1)(c), 9(2)(i)

5.5 Training and Certification

Provision and documentation of training for surgeons and system operators.

Legal basis: GDPR Art. 6(1)(b), 6(1)(f)

5.6 Safety, Analytics and System Improvement

Processing operational data (including pseudonymized or anonymized datasets where possible) to improve safety, performance, and reliability.

Legal basis: GDPR Art. 6(1)(f)

5.7 Communication and Support

Handling inquiries and providing technical and clinical support.

Legal basis: GDPR Art. 6(1)(f)

5.8 Marketing and Professional Communication

Providing information about:

• product updates
• clinical developments
• training programs
• scientific and medical events

Legal basis: GDPR Art. 6(1)(a) or 6(1)(f)

Personal data is retained only as long as necessary:

• contractual data: duration of contract + statutory limitation periods
• regulatory (MDR) data: legally required retention periods
• training and certification data: validity period + audit requirements
• system logs: typically 6–24 months unless extended for safety analysis
• marketing data: until consent is withdrawn

After expiry, data is deleted or anonymized.

We may share personal data with:

• authorized distributors and service partners
• hospitals and medical institutions
• clinical and research collaborators
• IT infrastructure and cloud service providers
• regulatory authorities and notified bodies (when required by law)
• subcontractors acting under confidentiality obligations

All recipients process data under appropriate legal agreements.

Where data is transferred outside the EEA, we ensure:

• Standard Contractual Clauses (SCCs), or
• adequacy decisions of the European Commission, or
• equivalent safeguards ensuring GDPR-level protection

Individuals have the right to:

• access personal data
• rectify inaccurate data
• erase data (“right to be forgotten”)
• restrict processing
• object to processing
• data portability
• withdraw consent at any time
• lodge a complaint with a supervisory authority (PUODO in Poland)

We use cookies and similar technologies to:

• ensure system functionality
• analyze performance
• improve usability
• measure engagement

Non-essential cookies are used only with user consent.

We process operational data generated by robotic systems used in clinical environments, including:

• system performance metrics
• procedural logs (pseudonymized where possible)
• error and safety events
• maintenance and diagnostic data

This processing is necessary for:

• patient safety
• regulatory compliance
• continuous system improvement

We implement appropriate technical and organizational measures, including:

• encryption of data in transit and at rest
• access control and authentication systems
• role-based access restrictions
• audit logging and monitoring
• secure software development lifecycle (SDLC)
• ISO 27001 / ISO 13485-aligned practices (where applicable)

This Privacy Policy is prepared in English.

If ACCREA operates a Polish-language website or provides services to Polish hospitals, a faithful Polish-language version must be made available.

In case of discrepancies, the version required under applicable local law and regulatory expectations may take precedence for users in Poland.

For any privacy-related matters, including requests concerning your personal data: