Let's talk

Privacy Policy

Last updated: 19.02.2026

We are committed to protecting your personal data and handling it responsibly. This policy explains what information we collect, how we use it, with whom we may share it, and the rights you have under the GDPR. We only collect information necessary to operate our website and deliver our AI-powered medical image analysis services, and we handle all data with strict security and confidentiality.

1. Introduction

This Privacy Policy explains how Thirona B.V. (“Thirona”, “we”, “our”, or “us”) collects, uses, stores, and protects your personal data when you visit thirona.eu or interact with our products and services.

We are committed to handling your information responsibly, transparently, and in accordance with applicable privacy laws, including the EU GDPR and relevant national legislation.

By using our website or providing your information, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is: 

Thirona B.V. 
Toernooiveld 300, 6525 EC Nijmegen
The Netherlands 
Email: privacy@thirona.eu 
Website: https://thirona.eu 

For certain processing operations, we may act as a data processor on behalf of healthcare institutions, research partners, or clients. In those cases, our processing is governed by a data processing agreement (DPA).

3. What Personal Data We Collect

We collect personal data in several ways, depending on how you interact with our website and services.

3.1 Data You Provide Directly

  • Contact information: name, email address, phone number
  • Company information: organization name, role, department
  • Form submissions: demo requests, inquiries, partnership forms, downloads
  • Communication content: email correspondence, customer support messages

We rely on your explicit consent as the legal basis for processing this data.

3.2 Data Collected Automatically (Website Use)

When you visit our website, we may collect:

  • IP address
  • Browser type and version
  • Device information
  • Pages viewed / time spent on site
  • Referral source
  • Cookie identifiers
  • Approximate geolocation information (city-level, not precise GPS)

We rely on our legitimate business interest as the legal basis for processing this data.

3.3 Cookies & Tracking Technologies

See Section 4 for details. We rely on your explicit consent as the legal basis for processing this data.

3.4 Data from Third Parties

We may receive data from:

  • Analytics providers
  • Lead generation partners
  • Publicly available business sources (e.g., LinkedIn company page data)
  • Integration partners (if you use interoperable solutions with Thirona services)

3.5 Special Categories of Data

Thirona provides AI-powered medical image analysis.

When processing medical images or health-related data through our professional services, we act as a data processor, not a controller as defined under the GDPR.

Such data is handled strictly under contractual agreements, data-minimization principles, and medical-grade security measures (ISO standards where applicable).

No health data is processed through the public website thirona.eu.

3.6 Children’s Data

Our website and services are not intended for children under 16.  We do not intend to collect personal data from children. If you believe we have inadvertently collected data from a minor, contact us immediately at privacy@thirona.eu.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to ensure website functionality, improve user experience, and analyze website performance.

4.1 Types of Cookies We Use

 

 
Type of cookiePurposeExample
Strictly Necessary CookiesEnsure the basic functioning, security and accessibility of our website.Technical WordPress cookies and the cookie that remembers your cookie consent choices.
Analytics / Performance CookiesHelp us and our providers understand how embedded content is used and whether it works properly (only with consent).Usage and performance cookies used by YouTube/Google when you interact with embedded videos on our website.
Functional CookiesEnable additional features and remember your settings or choices.Cookies that remember your video player preferences for embedded YouTube content (such as volume or playback settings).
Marketing / Advertising CookiesUsed by YouTube/Google to improve and personalise their services, including advertising on their own platforms (only with consent).Cookies placed by YouTube/Google when you view or play embedded videos, which may later be used by them for advertising on their services.

 

4.2 Legal Basis for Cookies

  • Necessary cookies: legitimate interest (Art. 6(1)(f) GDPR)
  • Analytics/marketing cookies: consent (Art. 6(1)(a) GDPR)

4.3 Managing Cookies

You can manage or disable cookies via:

  • The cookie banner
  • Your browser settings
  • “Do Not Track” preferences (where supported)

5. Data Storage & Retention

We store personal data only as long as needed for the purposes described in this policy or as required by law. 

 

Typical Retention Periods:  

  • Contact forms: 6 months 
  • Contract/customer data: 7 years (for legal/accounting purposes) 
  • Newsletter data: until you unsubscribe 
  • Analytics data: 12-14 months (depending on tool configuration) 
  • Technical logs: up to 12 months for security and diagnostics 

If legal obligations (e.g., tax, medical device, clinical research laws) require longer retention, we comply with the laws accordingly. 

6. Data Security

We take appropriate technical and organizational measures to protect your personal data, including: 

  • Encrypted connections (HTTPS/TLS) 
  • Secure data centres and access controls 
  • Firewalls and intrusion detection 
  • Data access limited to authorized personnel 
  • Staff confidentiality agreements 
  • Regular system and security audits 
  • Data-minimisation principles in all services 
  • For medical imaging services, we apply medical-grade security standards and strict access governance. 

7. Data Sharing

We do not sell personal data. 

 

We may share data with trusted third parties when necessary: 

7.1 Categories of Recipients 

  • Hosting and infrastructure providers (e.g., cloud servers) 
  • Analytics and performance tools 
  • Email and communication tools 
  • CRM and customer-support systems 
  • Legal and regulatory authorities (when required) 
  • Professional service providers (e.g., accounting, legal, compliance) 

7.2 Purpose of Sharing 

  • Operating our website 
  • Responding to your requests 
  • Ensuring security and performance 
  • Providing contracted services 
  • Meeting legal obligations 

7.3 Data Processing Agreements (DPAs) 

 

All processors operate under GDPR-compliant agreements. 

 

The processors are:

8. International Transfers

If we transfer personal data outside the EU/EEA, we ensure adequate safeguards as required by GDPR, including: 

  • European Commission adequacy decisions 
  • Standard Contractual Clauses (SCCs) 
  • Additional security measures where required 

You may request a copy of the applicable transfer mechanism via privacy@thirona.eu. 

9. Your Rights (GDPR)

You have the following rights regarding your personal data: 

  • Access – request a copy of your data 
  • Rectification – correct inaccurate or incomplete data 
  • Erasure (“Right to be forgotten”) 
  • Restriction of processing 
  • Data portability 
  • Objection (including marketing grounds) 
  • Withdraw consent at any time 
  • Lodge a complaint with your local Data Protection Authority 

How to Exercise Your Rights 

 

Email: privacy@thirona.eu 


We may request additional information to verify your identity before processing your request. We will respond within one month of receiving your request.

 

Right to Lodge a Complaint

 

If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

 

For complaints regarding Thirona’s data processing, the competent supervisory authority is:

 

Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

 

Website: https://autoriteitpersoonsgegevens.nl

10. Questions or Requests

If you have questions about this Privacy Policy or how we process your data, please contact: 

 

Thirona B.V. 
Toernooiveld 300, 6525 EC Nijmegen
The Netherlands 
Email: privacy@thirona.eu 

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal obligations. The “Last updated” date at the top of the page indicates when this policy was most recently revised.