Privacy Policy
Beste Health LLC Last updated: March 3, 2026
At Beste Health, we are committed to protecting your personal data and being transparent about how we handle it. This Privacy Policy describes what data we collect, why we collect it, how we use it, and your rights - whether you are visiting our website, using our services, or corresponding with us.
Beste Health LLC is a company registered in the United States. Because we serve customers in the European Union and Spain, we comply with the EU General Data Protection Regulation (GDPR) and, where applicable, Spanish Law 34/2002 on Information Society Services (LSSI-CE).
Information We Collect
Personal data you provide directly
Contact data: name, email address, institutional affiliation, job title, and any other information you submit when contacting us, placing an order, or creating an account.
Order and project data: information you provide to scope or deliver a service order - for example, workflow descriptions for AI pipeline work or manuscript files for medical writing orders.
Correspondence: emails, messages, and notes exchanged during the delivery of a service.
Technical data collected automatically
Usage data: IP address, browser type, device identifiers, pages visited, and session duration, collected to ensure website security and improve service quality.
Cookies and tracking technologies: described in the Cookies section below.
Special category data
Some of our services - in particular medical writing and process automation for clinical workflows - may involve documents that contain health-related information. We treat any such data as special category data under Article 9 GDPR. We process it only under an explicit legal basis (typically explicit consent of the data subject or a contract with the data controller) and apply additional technical and organisational safeguards.
Legal Bases for Processing (GDPR)
Where GDPR applies, we process your personal data on the following legal bases:
Purpose | Legal basis |
|---|---|
Delivering a service you ordered | Performance of a contract (Art. 6(1)(b)) |
Responding to enquiries | Legitimate interest (Art. 6(1)(f)) |
Sending service-related updates | Performance of a contract (Art. 6(1)(b)) |
Marketing communications | Consent (Art. 6(1)(a)) - you can withdraw at any time |
Website analytics and security | Legitimate interest (Art. 6(1)(f)) |
Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
Processing clinical / health documents within a service order | Explicit consent or contract with data controller (Art. 9(2)(a) / (b)) |
How We Use Your Information
Service delivery: To configure, run, and deliver the product or service you ordered - including AI pipeline deployment, fine-tuned model training, process automation workflows, and medical writing outputs.
Communication: To respond to your enquiries, send order confirmations, and provide project updates.
Service improvement: To monitor system performance, identify errors, and improve the quality of our offerings.
Legal compliance: To meet applicable regulatory, tax, or contractual obligations.
Marketing: With your explicit prior consent, to send newsletters, product updates, or relevant industry content. You can opt out at any time.
We do not use customer data - including documents, manuscripts, datasets, or clinical materials submitted for service orders - to train our own models or to develop new products, unless you have given explicit written consent to that specific use.
Data Sharing
We share personal data only as follows:
Service delivery personnel: Members of the Beste Health team directly involved in your order.
Sub-processors: Third-party infrastructure providers (cloud hosting, email delivery, document storage) under Data Processing Agreements (DPAs) that require them to apply GDPR-equivalent safeguards. A list of active sub-processors is available on request.
Legal or regulatory authorities: When required by applicable law, court order, or regulatory obligation, and only to the extent strictly necessary.
We do not sell your personal data to third parties. We do not share it for advertising purposes.
International Data Transfers
Beste Health LLC is based in the United States. If you are located in the European Economic Area (EEA), your personal data will be transferred to and processed in the US. We apply the following safeguards for such transfers:
Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable.
Data Processing Agreements with sub-processors that include appropriate transfer mechanisms.
You may request a copy of the applicable transfer safeguards by contacting us at the address below.
Data Retention
We retain personal data only for as long as necessary for the purposes described in this policy:
Order and project data: Retained for the duration of the service engagement plus 3 years, or longer if required by applicable law or to resolve disputes.
Contact and correspondence data: Retained for 2 years from the last interaction, unless an active order extends that period.
Marketing consent records: Retained until you withdraw consent plus 1 year.
Technical / website data: Retained for up to 12 months from collection.
Cookies
We use cookies and similar technologies on our website for the following purposes:
Strictly necessary cookies: Required for the website to function. Cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our site (e.g., pages visited, session duration). These are only placed with your prior consent.
Marketing cookies: Only placed with your explicit consent. We currently do not serve third-party advertising.
You can manage your cookie preferences at any time using the cookie consent banner on our website or through your browser settings. Withdrawing consent for non-essential cookies does not affect the lawfulness of prior processing.
Third-Party Links
Our website may contain links to third-party websites and platforms. Beste Health is not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before providing any personal data.
Your Rights
If you are located in the EEA, UK, or Spain, you have the following rights regarding your personal data under GDPR:
Access (Art. 15): Request a copy of the personal data we hold about you.
Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
Restriction of processing (Art. 18): Request that we limit how we use your data in certain circumstances.
Data portability (Art. 20): Receive your data in a structured, machine-readable format and transmit it to another controller.
Objection (Art. 21): Object to processing based on legitimate interests or direct marketing.
Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
Lodge a complaint: File a complaint with your national supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.
To exercise any of these rights, contact us at the address below. We will respond within 30 days.
Updates to This Policy
We may update this policy as our services evolve or as applicable law requires. When we make material changes, we will post the revised policy on our website with an updated effective date. For significant changes, we will notify active customers by email.