Privacy Policy

The Privacy Policy of eHealth Group d.o.o. explains how personal data collected through the eHealthGPT website is processed, stored, and protected in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and relevant U.S. privacy regulations. It outlines what information we collect, such as communication and technical data, how cookies and analytics tools are used, and the lawful grounds for processing. The policy also details our data security measures, retention practices, international transfer safeguards, and the rights of users to access, correct, or delete their information. eHealth Group d.o.o. does not sell or share personal data and maintains strict confidentiality, ensuring all processing activities are lawful, transparent, and aligned with the highest standards of data protection and accountability.

1. Introduction

This Privacy Policy describes how eHealthGPT (“the Platform”, “we”, “us”) processes personal data solely in its capacity as a processor on behalf of its clients (“Controllers”), in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.

The Platform does not determine the purpose or legal basis for processing patients’ personal data. All data is processed exclusively on the instructions of the Controller, in accordance with the concluded Data Processing Agreement.

2. Identity and Contact Details of the Processor

Name: eHealth Group d.o.o.
Address: Veljka Dugosevica 54, 11000 Belgrade, Serbia
E-mail: info@ehealthgroup.rs
Data Protection Officer: dpo@ehealthgroup.rs

3. Role in Processing

The Platform acts solely as a processor on behalf of the Controller. The Controller determines:

  • what data is collected,
  • the purposes of processing,
  • the legal basis,
  • the data retention period.

The Platform provides technical infrastructure, data storage, modification, and deletion exclusively on the Controller’s instructions.

4. Types of Data Processed

4.1. Data about Users (Platform Users)

  • First and last name
  • E-mail address
  • Username and password
  • Technical data (IP address, access logs)

4.2. Data about Third persons (entered by physicians)

  • General data (name, surname, date of birth, gender – if entered by the User)
  • Special categories of data (diagnoses, test results, medical images, therapies, medical history) – Article 9 GDPR

5. Purposes of Processing

The Platform processes personal data exclusively for the following purposes, as instructed by the Controller:

Registration and Management of User Accounts – to create, authenticate, and maintain accounts for authorized users, manage account settings, and ensure secure access to the Platform’s services.

Enabling the Entry, Storage, Modification, and Deletion of Third-persons Data – to provide a secure environment in which authorized users can input, update, correct, or remove third-persons information, including special categories of personal data, in compliance with applicable healthcare and data protection laws.

Technical Support to the Controller – to troubleshoot issues, provide user assistance, maintain service availability, and ensure the proper functioning of the Platform in line with the agreed service level.

Security Monitoring of the System – to collect and analyze system logs, IP addresses, and other relevant technical data to prevent, detect, and respond to unauthorized access, misuse, data breaches, and other security incidents.

6. Legal Basis for Processing

Processing is carried out solely based on the Data Processing Agreement with the Controller (Article 28 GDPR, Article 45 ZZPL). For special categories of data, the legal basis is provided by the Controller (e.g., Article 9(2)(h) GDPR – provision of healthcare services).

7. Data Transfers

Data is stored on servers within the European Economic Area (EEA) at Hetzner, Germany.

There are no data transfers outside the EEA, except on the Controller’s instructions and subject to appropriate safeguards under Article 46 GDPR.

8. Security Measures

We implement technical and organizational measures, including:

  • Encryption of data at rest and in transit
  • Password-protected access and multi-factor authentication
  • Regular data backups
  • Access control and activity logging
  • Server protection against unauthorized access

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Data is retained for as long as determined by the Controller. Upon termination of the agreement, data is deleted or returned to the Controller within the timeframe set by the agreement.

10. Rights of Data Subjects

While the Platform acts solely as a processor, we cooperate with Controllers to ensure that data subjects can exercise their rights under the GDPR. Requests should be submitted directly to the Controller. Your rights are:

  • Right to be informed – to receive transparent information about how personal data is processed.
  • Right of access – to obtain confirmation whether data is processed and receive a copy.
  • Right to rectification – to request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – to request deletion of data in certain circumstances.
  • Right to restriction of processing – to limit processing under certain conditions.
  • Right to data portability – to receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to object – to object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision-making – to not be subject to decisions based solely on automated processing with significant effects.
  • Right to lodge a complaint – with a supervisory authority and seek judicial remedy.

11. Contact

For any questions regarding this Privacy Policy, you can contact us at:
E-mail: dpo@ehealthgroup.rs
Address: Veljka Dugosevica 54, 11000 Belgrade, Serbia

Try eHealthGPTbeta Today

Whether you are streamlining patient communication, automating routine workflows, or supporting multilingual healthcare teams, eHealthGPT delivers secure, compliant, AI-powered assistance at scale globally.

Our team of healthcare IT specialists will guide you from discovery to deployment. And you’ll be live in days, not quarters.

Start using eHealthGPT immediately, whether you are an individual or part of a small team!

Sign Up

Enterprise clients

We’ll assess your healthcare workflows and deliver practical AI recommendations.

Request a Free AI Readiness Assessment

Learn how eHealthPAM can support your enterprise

Talk to Our Sales Team

eHealthGPTbeta

AI Assistance in Healthcare

eHealthGPTbeta is owned
and operated by eHealth Group d.o.o. a Serbian international
digital healthcare company.

www.ehealthgroup.ch
Models
Pricing
Features
Integrations
Applications
Industries Customers
eHealth Group Logo
iso-27001 iso-27799 iso-9001
Privacy Policy Terms and Conditions Refund Policy Legal Notice

eHealth Group d.o.o. is a Serbian company operating across the world. Enterprise Identification Number: 21810959.
The company operates in the field of digital healthcare, with a focus on cybersecurity, cloud computing, artificial intelligence, IT engineering, data science, and media.

The products, services, information and/or materials contained within these web pages may not be available for residents of certain jurisdictions.
Copying, editing, modifying, distributing, sharing, linking, or any other use of this material, other than personal viewing, without eHealth Group’s prior written permission is strictly prohibited.

Copyright © 2026 EHEALTH GROUP d.o.o.. All rights reserved.