Privacy Policy

www.postdicom.com collects some Personal Data from its Users. This policy describes what data is collected, why, and how it is used. PostDICOM B.V. is the Data Controller for personal data collected through this website.

Legal Basis for Processing

We process personal data on the following legal bases under the GDPR and equivalent applicable legislation:

• Performance of a contract — processing necessary to provide the Service you have subscribed to, including account management, billing, and service delivery.
• Consent — where you have given explicit consent, such as subscribing to marketing communications or accepting analytics and advertising cookies via our cookie consent panel.
• Legitimate interests — processing necessary for our legitimate business interests, such as improving the Service through analytics, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
• Legal obligation — processing required to comply with applicable law, such as retaining invoicing and accounting records under Dutch and Turkish law.

If you are located outside the European Economic Area, the processing of your personal data may also be subject to the data protection laws of your country of residence.

Personal Data processed and the services used

Advertising

Analytics

Contacting the User

Data transfer outside the EU

Displaying content from external platforms

Handling payments

Hosting and backend infrastructure

Interaction with external social networks and platforms

Interaction with live chat platforms

Managing contacts and sending messages

Remarketing and behavioral targeting

Tag management

User database management

Information on opting out of interest-based advertising

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

Further information about the processing of Personal Data

Selling goods and services online

Personal Data is collected and used to provide the Service and process subscription payments. All payment transactions are handled exclusively by Stripe. PostDICOM does not directly collect or store payment card details or bank account information. The personal data collected in connection with a payment depends on the payment method used and is governed by Stripe's privacy policy.

The Service is not directed to persons under the age of 18

You must be at least 18 years of age to use www.postdicom.com. Under no circumstance may persons under the age of 18 use www.postdicom.com.

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law:

• Account and subscription data (name, email address, billing information): retained for the duration of your account and for up to 7 years after account closure for accounting, invoicing, and legal compliance purposes.
• Medical and patient data (DICOM files, images, reports, database records, shared links): permanently deleted upon subscription cancellation or account termination. No retention period applies after deletion.
• Analytics and usage data: retained in accordance with the data retention settings of the relevant third-party service (typically up to 26 months for Google Analytics 4; refer to the respective service's privacy policy for details).
• Marketing and CRM data: retained for as long as you remain subscribed to marketing communications, or until you withdraw consent or request deletion.
• Payment data: processed and retained by Stripe in accordance with their privacy policy and PCI DSS requirements. PostDICOM does not store card or bank account details.
• Support and chat data: retained for the duration of the support relationship and for a reasonable period thereafter.

When personal data is no longer needed, it is securely deleted or anonymised.

Contact information

Owner contact email: support@postdicom.com

Your Rights Under Applicable Data Protection Law

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection law, you may have the following rights in relation to your personal data:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may ask us to correct inaccurate or incomplete personal data.
• Right to erasure — you may ask us to delete your personal data where there is no longer a legitimate reason to retain it.
• Right to restriction of processing — you may ask us to suspend processing of your personal data in certain circumstances.
• Right to data portability — you may request a copy of your personal data in a structured, commonly used, machine-readable format.
• Right to object — you may object to processing of your personal data where we rely on legitimate interests as the legal basis, or where data is used for direct marketing purposes.
• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at support@postdicom.com. We will respond within the timeframe required by applicable law (generally 30 days). You also have the right to lodge a complaint with your local data protection authority.

Definitions and legal references