Privacy Policy for DATALBL

Last updated: 2025-09-24

## Who We Are
datalbl (also known as "DATALBL" or "datalbl.com") ("we," "us," "our") provides synthetic AI training datasets for healthcare use cases. We are EU-based, operate under GDPR, and are preparing for EU AI Act compliance.

## What Data We Collect
We collect:
- Website and analytics data: device/browser information, IP address, pages viewed, referral source, approximate location, and cookie identifiers.
- Business contact information: name, work email, phone, company, role, billing and account details, and communications you send to us (e.g., support or sales).
We do not collect or process personal health data about identifiable individuals through our services. Our Datasets are synthetic and not derived from identifiable patient records.

## How We Use Information
We use your information to:
- Provide and improve our services, support, and website.
- Operate licensing, provisioning, billing, and account management.
- Communicate product updates, event invitations, and marketing (you can opt out at any time).
- Ensure security, prevent misuse, comply with law, and enforce our agreements.
Legal bases under GDPR include performance of a contract, legitimate interests (e.g., service security and improvement), consent (where required, such as certain cookies/marketing), and compliance with legal obligations.

## Synthetic Dataset Clarification
Our Datasets are artificially generated to reproduce statistical properties for AI training and evaluation. They do not contain real patient records or personally identifiable patient data. We apply governance and testing to minimize any risk of re-identification.

## GDPR Rights
Subject to applicable law, you have the right to:
- Access your personal data.
- Rectify inaccurate or incomplete data.
- Erase data in certain circumstances.
- Restrict or object to processing, including direct marketing.
- Data portability (receive your data in a structured, commonly used, machine-readable format).
You may also lodge a complaint with your local supervisory authority or the Belgian Data Protection Authority. We will respond to verified requests within statutory timelines.

## Data Retention and Security
We retain business contact and account data only as long as necessary for the purposes above, typically for the term of your contract and a reasonable period thereafter (e.g., up to 24 months for inactive prospects; longer where required by law for invoices and records). We implement technical and organizational measures designed to protect data against unauthorized access, alteration, disclosure, or destruction.

## Cookies and Analytics
We use cookies and similar technologies for essential site functions and basic analytics. You can:
- Manage cookies via your browser settings.
- Opt out of non-essential cookies through our cookie banner (where available).
- Use industry opt-out tools (e.g., browser add-ons for analytics providers).
Blocking certain cookies may impact site functionality.

## Sharing and Transfers
We share personal data with service providers (e.g., hosting, analytics, email, billing) under data processing agreements. Where data is transferred outside the EU/EEA, we use lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses and implement supplementary measures as appropriate.

## Children’s Data
Our services are for business users. We do not target or knowingly collect data from children.

## Changes to This Policy
We may update this Policy to reflect changes in law, technology, or our services. We will post updates here and adjust the “Last updated” date.

## Contact
For privacy inquiries or to exercise your rights: support@datalbl.com
Postal/contact details available upon request.

## Governing Law
This Policy is governed by EU law and the laws of Belgium, without prejudice to your mandatory rights.