Privacy Policy

This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

Data Controller

SHIEBAN CHIBAN MOTAZ, NIF 61145508P, Calle San Marcelino 22, Piso 6, Puerta 28, 46017 Valencia, Spain. Email: dr@motazshieban.com

Data We Collect

Identity data (name, email, phone), health data (medical reports, imaging, lab results — only when you explicitly upload them for advisory services), payment data (processed by Stripe and CaixaBank/Redsys, never stored on our servers), consent records (timestamp, IP, user-agent, consent version), and technical data (cookies, analytics with consent).

Data Processors

Vercel (hosting, EU), Neon (database, EU), Stripe (payments, US — EU SCCs), CaixaBank/Redsys (payments, EU), Clerk (authentication, US — EU SCCs), Vercel Blob (document storage, EU), Resend (transactional email, US — EU SCCs).

Data Retention

Medical documents: 24 months, then automatically purged. Payment records: 6 years (Spanish accounting law). Consent logs: retained indefinitely (anonymized on erasure request, per AEPD ruling PS/00547/2021). Account data: deleted on request.

Your Rights

You have the right to access, rectify, erase (with exceptions for legal retention), restrict processing, data portability, and object to processing. To exercise your rights, email dr@motazshieban.com. We will respond within 30 days.

Supervisory Authority

You may file a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.