• English
  • Español
  • Deutsch

Privacy Policy

Privacy Policy of NexaCore Ltd.
Last updated: 29th July 2025
In compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the national legislation of Malta, NexaCore Ltd. informs users about the processing of personal data carried out through its website and in the provision of its consultancy services.

  1. Identification and Contact Details
    Data Controller:
    Company Name: NexaCore Ltd.
    Register Nr: C112713
    VAT Nr: MT32113512
    Registered Address: NORTHLINK BUSINESS CENTRE LEVEL 2, Business Address Triq Burmarrad, Naxxar NXR 6345. Malta.
    Phone: +356 77605042
    Email: info@getnexacore.com
  2. Categories of Data Subjects and Data Processed
    A. Patients requesting dental health consultancy
    Purpose: provision of online consultancy, including analysis of clinical cases, review of X-rays, photographs, medical history, and other health data voluntarily provided. The purpose of these services is to provide professional guidance and a second opinion, without replacing an in-person clinical consultation.
    Legal basis:
    Performance of a contract (Art. 6.1.b GDPR).
    Processing of health data based on the explicit consent of the data subject (Art. 9.2.a GDPR).
    Data processed: name, surname, email, phone number, medical/dental history, radiographic images, and other health information provided.
    • Nature of the Service
    • The services offered by NexaCore consist exclusively of consultancy and professional second opinions based on the information provided by the user.
    • These services do not constitute a definitive clinical diagnosis, prescription, or medical treatment, and under no circumstances do they replace in-person care.
    • All information, assessments, or opinions provided are of an advisory and complementary nature. The final decision regarding diagnosis and treatment always rests with the patient’s treating dentist, who is the one directly familiar with their medical history and clinical situation.

    • B. Dentists/Clinics requesting professional services
      Purpose: management of contractual relationship, provision of strategic consultancy, analysis of anonymised clinical cases for professional or educational purposes, and participation in webinars.
      Legal basis: performance of a contract or pre-contractual measures at the data subject’s request (Art. 6.1.b GDPR).
      Data processed: identification data, professional contact details, billing data, anonymised cases.
      C. Marketing and commercial communications
      Purpose: sending information about services, webinars, promotions, and updates in the dental sector.
      Legal basis:
      Consent of the user (Art. 6.1.a GDPR).
      Legitimate interest of NexaCore in sending communications to existing clients regarding similar services (Art. 6.1.f GDPR).
      Data processed: name, email, professional profile (patient/dentist).
      D. Website management and security
      Purpose: responding to contact requests via forms or chat, analysing browsing behaviour via cookies, and ensuring website security.
      Legal basis:
      Consent for non-essential cookies (Art. 6.1.a GDPR).
      Legitimate interest in security and service improvement (Art. 6.1.f GDPR).
      Data processed: IP address, browsing data, cookies, and any data entered in forms.
  3. Data Recipients
    Your data may be shared with:
    Service providers (hosting, email, videoconferencing, webinar platforms, marketing tools, legal and tax advisors), acting as data processors under GDPR.
    Public authorities when legally required (e.g. tax authorities, law enforcement).
    No international data transfers outside the European Economic Area (EEA) will take place, unless adequate safeguards are in place (European Commission adequacy decision or EU Standard Contractual Clauses).
  4. Data Retention
    Patients: retained for the duration of the contractual relationship and for the statutory limitation periods (minimum 5 years). Health data will be blocked and stored under reinforced security measures once the service ends.
    Dentists/Clinics: retained during the contractual relationship and for the years required to comply with fiscal and commercial obligations.
    Marketing: retained until consent is withdrawn or the data subject objects to the processing.
    Website data: retained according to the Cookie Policy.
  5. Rights of Data Subjects
    As a data subject, you have the right to:
    Access your personal data.
    Request rectification of inaccurate data.
    Request erasure of your data (“right to be forgotten”).
    Restrict the processing of your data.
    Object to the processing of your data.
    Request data portability.
    Withdraw your consent at any time.
    Not be subject to automated decision-making.
    📩 To exercise your rights, please contact us at info@getnexacore.com or call +356 77605042.
    You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) in Malta or with the supervisory authority in your country of residence.
  6. Accuracy of Data and Third-Party Data
    Users guarantee the accuracy of the data provided. If you provide data of third parties (e.g. a dentist submitting patient information), you declare that you have obtained their explicit consent or another valid legal basis, thereby releasing NexaCore Ltd. from any liability.
  7. Data Security
    NexaCore Ltd. applies appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of personal data, with special protection for health data.
  8. Changes to this Policy
    NexaCore Ltd. reserves the right to update this Privacy Policy to adapt it to legal or business changes. Substantial changes will be clearly communicated through the website.

📌 NexaCore Ltd. guarantees GDPR-compliant data processing, ensuring transparency, legality, and security in the handling of personal data, with particular protection for sensitive health information shared by patients.