Skip to main content
Privacy Policy

Privacy Policy

Rigicon’s Privacy Policy outlines how we securely handle your personal data under GDPR, HIPAA, and CalOPPA, ensuring your privacy and rights.
Privacy Policy
Privacy Policy
Rigicon’s Privacy Policy outlines how we securely handle your personal data under GDPR, HIPAA, and CalOPPA, ensuring your privacy and rights.

Effective Date: September 29, 2025

Rigicon is committed to protecting the privacy, security, and integrity of personal data entrusted to us. This Global Privacy Notice explains how Rigicon and its affiliates handle personal data collected through our websites, digital tools, and related services.

Because Rigicon operates internationally, this Notice reflects global principles, while recognizing that specific rights and obligations may differ under local laws.

Scope

This Notice applies to:

  • Global site (www.rigicon.com),
  • Country-specific sites (United States, Korea, Germany, India, United Kingdom, Australia, New Zealand, and others as launched),
  • Digital tools (including the Rigicon AI Counselor and referral forms).

How We Collect Information

  • Direct interactions with you: For example, through meetings, phone calls, or other one-to-one communications.
  • Digital interactions: When you visit our websites, exchange emails with us, complete our online forms, use our services, or engage with us on social media and other platforms.
  • Third-party sources: Such as hospitals or healthcare providers who request products on your behalf.

What Information We Collect

We collect and process limited personal data in line with the principle of data minimization, including identifiers, health-related data, technical information, consent and preference records, and communications.

Purposes of Processing

We process your information only for the following purposes:

  • To evaluate your eligibility for Rigicon medical devices (for informational purposes only; not a medical diagnosis),
  • To contact you through your chosen method (phone or email) if you provide consent,
  • To manage potential referrals to Rigicon specialists or partner clinics,
  • To improve and secure our websites and digital tools,
  • To maintain proper business, compliance, and legal records,
  • To meet our regulatory obligations, including those relating to health and safety.

We do not sell your data. We do not use your health-related data for advertising or unrelated profiling. Where permitted by law and with your consent, we may use limited cookies/analytics to improve our websites. In certain jurisdictions you may opt out of such sharing. See our Cookie Policy and Cookie Settings.

Sharing with Third Parties

We may share your data in limited circumstances with service providers and partner clinics. If you consent, we may share your alias or initials, one contact method, city/country, and a brief eligibility outcome with an appropriate Rigicon specialist or partner clinic solely so they may contact you. Clinics act as independent controllers and provide their own privacy notices.

Legal and compliance: Where required by law, regulation, or court order, we may disclose information to regulatory authorities, government bodies, or courts.

Each third party is required by contract to apply confidentiality and security safeguards and process your data only for the purposes we authorize.

International Transfers

Your data may be transferred outside your country of residence.

  • EU/UK: Transfers outside the EEA/UK are safeguarded by European Commission Standard Contractual Clauses (SCCs) and, where applicable, the EU–U.S. Data Privacy Framework. Processing of health-related data and international transfers rely on your explicit consent where required by law.
  • India: Under the DPDP Act, overseas processing is disclosed and permitted by your consent.
  • Australia & New Zealand: We remain accountable for overseas recipients under APP 8 and the NZ Privacy Act. Your express informed consent is obtained for such transfers.
  • United States: Certain state privacy laws (e.g., CCPA/CPRA, consumer health data laws) grant additional rights, available through our U.S. Privacy Policy.
  • Korea: Cross-border transfers are made only with your separate and explicit consent and with appropriate contractual safeguards.

Data Retention

We retain personal data only as long as necessary:

  • Eligibility and referral data: typically 12–24 months if no further contact, then securely deleted,
  • Consent and legal records: retained as required by applicable law,
  • Technical/cookie data: retained per Cookie Policy and your Cookie Settings.

We apply strict deletion and minimization policies, and honor deletion requests without undue delay.

Security

We implement technical and organizational measures to protect personal data, including:

  • Encryption, pseudonymization, and access controls,
  • Role-based permissions for staff,
  • Confidentiality and data protection obligations in all employment and contractor agreements,
  • Regular privacy and security training,
  • Incident response procedures.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access and receive a copy of your data,
  • Request correction or deletion,
  • Withdraw consent at any time (without affecting prior processing),
  • Restrict or object to processing,
  • Request portability of your data,
  • Lodge a complaint with your data protection authority.

We will respect and respond to all valid rights requests under applicable laws.

Children’s Information

Our websites and services are intended for adults aged 18 and above. We do not knowingly collect data from minors. If such information is found, please notify us and we will delete it promptly. Parents and guardians are encouraged to supervise minors’ online activity.

Contact

For any privacy-related requests or concerns, please contact:

Rigicon Global Data Protection Office
[email protected]

You may also contact your local Rigicon office for region-specific matters.

Updates

This Privacy Notice may be updated from time to time. Material changes will be communicated on our website, and where required by law, directly to you.

By visiting the specific country sites, you can read more about how we handle your data in our local Coloplast entities.

Regional Privacy Policies

  • European Economic Area

    Last Updated: September, 2025

    Rigicon A/S and its affiliates and subsidiaries (“Rigicon”, “we”, “us”, or “our”) are committed to protecting your privacy. This EU Privacy Policy describes how we collect, use, disclose, and otherwise process personal information of individuals located in the European Economic Area (“EEA”) in compliance with the EU General Data Protection Regulation (GDPR).

    Because Rigicon operates globally, your personal information may be transferred, stored, and processed outside the EEA. For information on our worldwide practices, please also see our Global Privacy Notice.

    Categories of Personal Information We Collect

    We collect only the minimum data necessary, including:

    • Identifiers such as alias, one chosen contact method (phone or email, never both), and city/country.
    • Health-related details voluntarily provided to assess potential eligibility for Rigicon products.
    • Internet or electronic activity data such as IP address, browser type, and usage patterns.
    • Demographic or preference information you choose to share.

    How We Collect Information

    • Directly from you when you interact with our AI Counselor, complete a form, or contact us.
    • Automatically via cookies and similar technologies on our websites (see Cookie Policy and Cookie Settings; non-essential cookies placed only with prior consent).
    • Through carefully selected service providers acting under our instructions and bound by confidentiality obligations.

    Purposes of Processing

    We process your data for the following purposes:

    • To provide information on Rigicon solutions and assess your potential eligibility.
    • To contact you via your chosen method if you consent.
    • To maintain, secure, and improve our digital platforms.
    • To comply with regulatory and legal obligations.
    • With your consent, to securely share your contact details and eligibility information with a qualified Rigicon specialist or partner clinic.

    We do not sell your data and do not use health-related data for advertising.

    Legal Basis for Processing

    Under GDPR, our processing is based on:

    • Explicit Consent – required for processing health-related data (special category).
    • Legitimate Interests – such as maintaining security and service improvements (not used for processing your health data).
    • Legal Obligations – where processing is necessary to comply with law.

    International Data Transfers

    Your information may be transferred to countries outside the EEA, including the United States. When such transfers occur, Rigicon relies on:

    • European Commission Standard Contractual Clauses (SCCs),
    • Adequacy decisions where available, and
    • Your explicit consent for transfers involving health-related data where required.

    Additional technical and organizational safeguards are applied to protect your data.

    Your GDPR Rights

    You have the rights of Access, Rectification, Erasure, Restriction, Portability, Objection, Withdrawal of Consent, and to Lodge a Complaint with your Supervisory Authority. We aim to respond within one month (extendable by one month where necessary).

    Data Retention

    Eligibility and referral data are typically retained for 12–24 months if inactive and are deleted earlier upon your request, unless a longer period is required by law.

    Children’s Information

    Our services are directed at adults over 18. We do not knowingly collect data from children.

    Automated Decision-Making

    We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, without your explicit consent.

    Data Protection Officer (DPO)

    Email: [email protected]

  • United Kingdom

    Last Updated: September, 2025

    Rigicon Ltd. and its affiliates and subsidiaries (“Rigicon”, “we”, “us”, or “our”) respect your privacy and are committed to protecting your personal information. This UK Privacy Policy describes how we collect, use, disclose, and otherwise process personal information of individuals located in the United Kingdom (“you” or “your”) in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK privacy laws.

    Because Rigicon is a global company, your personal information may be transferred, stored, and processed outside of the UK. For more information, please also see our Global Privacy Notice.

    What Categories of Personal Information We Collect

    We may collect the following types of personal information when you use our websites, applications, products, or services, or interact with us:

    • Identifiers such as alias, contact information (phone or email, never both), country/city, and device identifiers.
    • Health-related information that you voluntarily provide to assess eligibility for our products.
    • Internet or electronic activity such as IP address, browser information, and interactions with our website.
    • Demographic or preference information that you choose to provide.

    We minimize data collection and encourage use of an alias rather than your real name.

    How We Collect Your Information

    • Directly from you when you use our AI Counselor, website forms, or customer support.
    • Automatically when you visit our websites through cookies and similar technologies (see Cookie Policy and Cookie Settings).
    • Through service providers that operate strictly under our instructions and only for the limited purposes described here.

    How We Use Your Information

    We process your personal information only for the following purposes:

    • To provide information about Rigicon solutions and assess eligibility.
    • To communicate with you via your chosen contact method.
    • To maintain, secure, and improve our digital platforms.
    • To comply with applicable legal obligations.
    • With your consent, to transfer your details to authorized clinics or specialists for follow-up.

    We do not sell your data or use health-related data for advertising.

    Legal Basis for Processing

    Under the UK GDPR, we rely on:

    • Explicit Consent – especially for health-related information (special category data).
    • Legitimate Interests – such as ensuring security, improving services, and basic website functionality (not used for processing your health data).
    • Legal Obligations – where processing is required by law.

    International Data Transfers

    Your data may be transferred to countries outside the UK, including the United States. In such cases, we rely on:

    • The UK-approved International Data Transfer Agreement (IDTA) or Addendum to the EU Standard Contractual Clauses (SCCs),
    • Additional security safeguards where necessary, and
    • Your explicit consent, particularly for health-related data, where no adequacy decision or equivalent safeguards apply.

    Your Rights

    As a UK resident, you have the following rights:

    Right of Access; Right to Rectification; Right to Erasure; Right to Restrict Processing; Right to Data Portability; Right to Object; Right to Withdraw Consent; Right to Lodge a Complaint with the ICO.

    We aim to respond to your request within one month of receipt (extendable by one further month where necessary).

    Data Retention

    Eligibility and referral data are typically retained for 12–24 months if inactive and are deleted earlier upon your request, unless a longer period is required by law.

    Children’s Information

    Our services are intended for adults over the age of 18. We do not knowingly collect personal information from children.

    Automated Decision-Making

    We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, without your explicit consent.

    Data Protection Officer

    Rigicon has appointed a Data Protection Officer (DPO) for the UK.

    Email: [email protected]

  • United States

    Last Updated: September, 2025

    Rigicon, Inc. and its affiliates and subsidiaries (“Rigicon,” “we,” “us,” or “our”) respect your privacy. This U.S. Privacy Policy explains how we collect, use, disclose, and protect personal information of individuals residing in the United States. Because Rigicon operates globally, your information may be transferred, stored, and processed outside of the U.S. For our global practices, please see the Rigicon Global Privacy Notice.

    This U.S. Privacy Policy supplements our Global Privacy Notice and addresses requirements under U.S. federal and state consumer privacy laws.

    Personal Information We Collect

    We follow a strict data minimization approach. Depending on how you interact with us, we may collect:

    • Identifiers: alias (preferred over full name), chosen contact method, IP address, device identifiers.
    • Demographic information: country and city you choose to provide.
    • Health-related information: information you voluntarily share to help assess potential eligibility for Rigicon solutions.
    • Commercial information: records of requests, referrals, or communications with us.
    • Internet or electronic network activity: browsing and usage data collected through cookies and similar technologies, as described in our Cookie Policy.
    • Geolocation data: coarse location such as country or city inferred from IP address.
    • Professional information (for HCPs): role, affiliation, and professional contact details.

    We do not intentionally collect sensitive identifiers such as Social Security numbers, driver’s license numbers, or precise geolocation, unless required for a specific regulatory purpose and obtained with your consent.

    How We Collect Information

    We may collect information:

    • Directly from you: via website forms, the AI Counselor intake, emails, or phone.
    • Automatically: through cookies and similar technologies. See our Cookie Policy and Cookie Settings.
    • From professional interactions: where a healthcare professional, distributor, or partner acts on your behalf and with appropriate authorization.

    How We Use Information

    We process information to:

    • Provide and improve our websites, tools, and services.
    • Offer educational information and assess potential eligibility for Rigicon products. Eligibility outputs are informational and do not constitute medical advice.
    • Respond to your inquiries and manage your chosen contact preferences.
    • Perform security monitoring, fraud prevention, troubleshooting, and analytics.
    • Conduct referrals to a clinic or specialist where you expressly consent.
    • Comply with legal and regulatory obligations.

    Rigicon does not sell your personal information. We do not use your health-related information for targeted advertising. Where online identifiers or cookie-related data are shared with analytics or advertising providers, you have applicable rights to opt out, as described below and in our Cookie Policy.

    Disclosures to Third Parties

    We disclose information in limited circumstances:

    • Service providers (vendors): who act under written contracts, confidentiality, and security obligations and process data solely to support Rigicon’s services.
    • Rigicon affiliates and subsidiaries: for operations consistent with this Policy.
    • Referrals: if you consent to a referral, we may share your alias or initials, chosen contact method, your country and city, and a brief eligibility note with an appropriate specialist or partner clinic so they can contact you. Clinics act as independent controllers and provide their own privacy notices.
    • Legal and compliance: where required by law, regulation, or court order, or to protect rights, safety, or integrity.
    • Corporate transactions: as part of a merger, acquisition, or sale of assets, subject to appropriate safeguards.

    Data Security and Retention

    We implement administrative, technical, and physical safeguards to protect personal information. We retain eligibility and referral data for 12–24 months if inactive, unless a longer period is required by law. We retain consent and compliance records as required by applicable law. We honor valid deletion requests without undue delay.

    Children’s Information

    Our websites and services are intended for individuals aged 18 and older. We do not knowingly collect personal information from children.

    Your Privacy Choices

    You can manage cookies and similar technologies through our Cookie Settings and your browser settings. Where required by law, we recognize legally valid opt-out signals for targeted advertising. For email marketing, you may unsubscribe using the link in our messages.

    U.S. State Privacy Law Disclosures

    This section provides additional disclosures and rights for residents of certain states. You can exercise your rights by emailing [email protected] or using any rights request mechanism we provide on our website. We will verify your request to a reasonable degree of certainty, which may require matching information we hold about you. You may designate an authorized agent where permitted by law.

    California (CPRA)

    If you are a California resident, you have the following rights:

    • Right to Know/Access: You may request information about the categories and specific pieces of personal information we collected, the categories of sources, the business or commercial purposes, and the categories of third parties to whom we disclosed personal information.
    • Right to Deletion: You may request deletion of personal information we collected from you, subject to legal exceptions.
    • Right to Correction: You may request correction of inaccurate personal information.
    • Right to Data Portability: You may request to receive certain personal information in a portable format.
    • Right to Opt Out of Sale/Sharing: Rigicon does not sell personal information for monetary value. In limited circumstances, we may share online identifiers or cookie-related data with analytics or advertising providers, which California law can treat as a “share.” You may opt out by using the “Do Not Sell or Share My Personal Information” link where available, managing settings in our Cookie Settings, or sending a request to our DPO.
    • Right to Limit Use of Sensitive Personal Information: If we process sensitive personal information as defined under California law for non-exempt purposes, you may request that we limit its use to purposes permitted by the CPRA.
    • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

    Response Time: We endeavor to respond within 45 days, which may be extended where permitted by law.

    Authorized Agents: We accept requests submitted by authorized agents, subject to verification and proof of authorization.

    Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA)

    Residents of these states have rights that include:

    • Access, Correction, Deletion, and Portability: You may request access to your personal data, request corrections, request deletion, and request a portable copy.
    • Opt Out of Targeted Advertising, Sale, or Profiling: You may opt out of processing for targeted advertising, the sale of personal data (as defined by applicable law), or profiling that produces legal or similarly significant effects. Rigicon does not sell personal data in exchange for money. Where cookie-based targeted advertising applies, you can opt out via our Cookie Settings, recognized opt-out signals where required, or by contacting our DPO.
    • Sensitive Data: For sensitive data such as health information, we rely on your consent.

    Appeals (VA/CO/CT): If we decline to act on your request, you may appeal by replying to our decision or emailing our DPO. We will respond to appeals within the timeframe required by law.

    Nevada (NRS 603A)

    Nevada residents may direct us not to sell certain personal information. Rigicon does not sell personal information. You may still submit an opt-out request to our DPO email if you wish.

    Washington – My Health My Data Act (MHMD)

    If you are a Washington resident, the MHMD Act provides specific protections for consumer health data.

    • Scope: We collect limited health-related information only when you voluntarily provide it to assess potential eligibility for Rigicon solutions and to facilitate a referral where you consent.
    • Use and Sharing: We use health-related data only for the purposes disclosed in this Policy and our Global Privacy Notice, and only as permitted by law. We do not sell consumer health data.
    • Your Rights: You may request access to your consumer health data, request deletion, and request restrictions on certain disclosures where applicable. You may also withdraw consent for further processing of consumer health data, subject to legal obligations and permitted uses.

    Exercising Your Rights

    You can submit requests to:

    • Email: [email protected]
    • Postal Mail (for identity verification where needed): Rigicon, Inc., 2805 Veterans Memorial Highway STE 05, Ronkonkoma, NY 11779, USA

    Please describe the right you wish to exercise, provide sufficient information to verify your identity, and indicate your preferred response method. If you use an authorized agent, we may request proof of authorization and may ask you to verify your identity directly.

    Changes to This U.S. Privacy Policy

    We may update this Policy to reflect changes in our practices or legal requirements. We will post updates with the “Last Updated” date. Your continued use of our websites after an update signifies your acceptance of the revised Policy.

    Not a Medical Device; No Medical Advice

    The AI Counselor provides general educational information only and does not provide medical advice, diagnosis, or treatment. Outputs such as “You may be eligible; please contact a clinician” are informational and leave all clinical decisions to qualified healthcare professionals.

  • India

    Last Updated: September, 2025

    Rigicon and its affiliates and subsidiaries (“Rigicon”, “we”, “us”, or “our”) respect your right to privacy. This India Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

    Because Rigicon operates globally, your personal information may also be transferred to Rigicon entities or service providers located outside India. When we transfer such information, we ensure that appropriate legal and technical safeguards are in place.

    Categories of Personal Information We Collect

    We apply a strict data minimization principle. The categories include:

    • Identifiers – alias (not full name), and one contact method (phone or email, never both).
    • Demographic information – such as city and country.
    • Health-related information – voluntarily provided to assess potential eligibility for Rigicon products.
    • Technical information – device identifiers, IP address, browser data, and cookie-related data.

    How We Collect Information

    • Directly from you through our website forms or AI Counselor chatbot (consent-based collection).
    • Automatically when you browse our website (via cookies – see Cookie Policy).
    • Through third-party service providers carefully selected by Rigicon, who process only the minimum necessary data under strict confidentiality obligations.

    Purposes of Processing

    We process your information for the following purposes:

    • To inform you about Rigicon’s medical device solutions and assess your potential eligibility.
    • To securely share your eligibility results and chosen contact details with Rigicon specialists or partner clinics (with your consent).
    • To maintain, secure, and improve our websites and AI Counselor functionality.
    • To comply with applicable Indian laws and respond to lawful requests.

    We do not sell your personal information and do not use it for advertising.

    Consent Under DPDP Act

    Processing of your personal data, particularly any health-related information, is strictly based on your consent (clear, plain language). You have the right to withdraw consent at any time; we will cease processing except where required by law.

    International Data Transfers

    Personal data may be transferred outside India (e.g., to Rigicon global systems or service providers). Such transfers are performed only with your explicit consent and with safeguards in place to ensure protection equivalent to Indian law.

    Your Rights Under DPDP Act

    • Right to Access:
    • Right to Correction and Erasure;
    • Right to Nominate;
    • Right to Grievance Redressal;
    • Right to Withdraw Consent.

    We will address your requests within a reasonable time, and our Grievance Officer will acknowledge and manage complaints without undue delay (typically within 7 days).

    Data Retention

    Eligibility and referral data are typically retained for 12–24 months if inactive and are deleted earlier upon your request, unless a longer period is required by law.

    Children’s Data

    Our services are intended only for individuals aged 18 and above. We do not knowingly collect personal data from children.

    Grievance Officer (as required under DPDP Act)

    Email: [email protected]

  • Australia & New Zealand

    Last Updated: September, 2025

    Rigicon Pty Ltd, and their affiliates and subsidiaries (“Rigicon”, “we”, “us”, or “our”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information in compliance with the Australia Privacy Act 1988 (including the Australian Privacy Principles, “APPs”) and the New Zealand Privacy Act 2020.

    Because Rigicon operates globally, your personal information may be transferred outside Australia and New Zealand. In such cases, we ensure appropriate contractual and organizational safeguards are in place.

    Categories of Personal Information We Collect

    We follow a strict data minimization approach. The categories may include:

    • Identifiers – alias (not full name), one chosen contact method (phone OR email), city, country.
    • Health-related information – voluntarily provided to help assess potential eligibility for Rigicon products.
    • Technical and usage data – device identifiers, IP address, browser type, cookies.
    • Demographic or preference information you choose to provide.

    How We Collect Information

    • Directly from you when you interact with our website, forms, or AI Counselor.
    • Automatically when you browse our website through cookies or similar technologies (see Cookie Policy and manage via Cookie Settings).
    • From third-party service providers acting strictly under our instructions and confidentiality agreements.

    Purposes of Processing

    We collect and use your information to:

    • Assess your potential eligibility for Rigicon medical solutions.
    • Communicate with you through your chosen contact method.
    • Provide information and resources regarding Rigicon products.
    • Securely connect you with Rigicon specialists or partner clinics, with your consent.
    • Comply with applicable laws and maintain our business operations.

    We do not sell your personal information and do not use health-related data for advertising.

    Legal Basis & Consent

    Under the APPs and NZ Privacy Principles, processing of health-related and other sensitive information requires your consent (plain, clear language). You may withdraw consent at any time.

    International Data Transfers

    Where data is transferred overseas (including to Rigicon entities or service providers), we take reasonable steps to ensure:

    • The recipient is subject to privacy protections substantially similar to the APPs or NZ Privacy Act, or
    • Appropriate contractual safeguards are in place.

    Your Rights

    You have the following rights under Australian and New Zealand law:

    • Right to Access;
    • Right to Correction;
    • Right to Erasure (subject to legal obligations);
    • Right to Withdraw Consent;
    • Right to Complain (OAIC or NZ OPC).

    We will respond to your request within a reasonable time.

    Data Retention

    Eligibility and referral data are typically retained for 12–24 months if inactive and are deleted earlier upon your request, unless a longer period is required by law.

    Children’s Data

    Our services are intended for individuals aged 18 and above. We do not knowingly collect data from children.

    Contact Us

    Email: [email protected]

  • Germany

    Last Updated: September, 2025

    Entity Responsible: Rigicon GmbH, [address in Germany]

    Rigicon GmbH (“Rigicon”, “we”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable laws.

    Categories of Data We Collect

    • Identifiers: Alias, one preferred contact method (phone OR email), location data (city, country).
    • Health-related data: Voluntary information regarding ED, AUS, or potential eligibility for our solutions.
    • Technical data: Cookies, IP addresses, device/browser identifiers, website usage information.
    • Professional data (HCPs): Role, affiliation, professional contact details.

    Purpose of Processing

    • To assess potential eligibility and provide guidance via the AI Counselor.
    • To contact you using your chosen method.
    • To respond to inquiries, provide requested information, or facilitate a referral to a partner clinic.
    • To comply with legal obligations (EU/German law).
    • To improve our services (data minimization applied).

    We do not sell your personal data and do not use health-related data for advertising.

    Legal Basis

    • GDPR Art. 6(1)(a): Your consent.
    • GDPR Art. 9(2)(a): Your explicit consent for health data.
    • GDPR Art. 6(1)(c): Legal obligations.
    • GDPR Art. 6(1)(f): Legitimate interests (security/service improvements; not used for your health data).

    You may withdraw consent at any time.

    Sharing and International Transfers

    Processors operate under strict contractual safeguards and confidentiality. Data may be transferred outside Germany/EEA (e.g., U.S.) under SCCs or recognized frameworks (e.g., EU–U.S. DPF).

    Referrals: With your consent, we may share your alias, one contact method, city/country, and a brief eligibility note with a specialist or partner clinic solely so they can contact you. Clinics are independent controllers.

    Data Retention

    Eligibility and referral data are typically retained for 12–24 months if inactive and are deleted earlier upon your request, unless a longer period is required by law. Cookie data per Cookie Policy and Cookie Settings (non-essential only with prior consent).

    Your Rights under GDPR and BDSG

    Access; Rectification; Erasure; Restriction; Portability; Objection; Withdrawal of Consent; Complaint to a Supervisory Authority. We aim to respond within one month (extendable by one month where necessary).

    Automated Decision-Making

    We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you, without your explicit consent.

    Data Protection Officer

    Email: [email protected]

    Children’s Data

    Services are intended for adults (18+). We do not knowingly collect data from minors.

    Changes

    We may update this Policy; updated versions will be posted with a revised effective date.

  • Korea

    Last Updated: September, 2025

    Rigicon Korea Ltd. and its affiliates and subsidiaries (“Rigicon”, “we”, “us”, or “our”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in compliance with the Personal Information Protection Act (PIPA) and other applicable Korean laws.

    Because Rigicon operates globally, your personal information may be transferred outside of Korea. We will obtain your separate consent for such transfers and ensure that the recipient handles your information in a manner consistent with Korean law.

    What Personal Information We Collect

    We collect only the minimum necessary information, which may include:

    • Identifiers: Alias, one contact method (phone or email), city/country.
    • Health-related information: Voluntarily provided to assess potential eligibility for Rigicon products.
    • Technical information: IP address, device identifiers, cookie data.

    How We Collect Information

    • Directly from you when you use our website forms or AI Counselor.
    • Automatically through cookies and similar technologies (see Cookie Policy).
    • From third-party service providers who operate under our strict supervision.

    Purpose of Processing

    We process your information to:

    • Assess your potential eligibility for Rigicon medical solutions.
    • Communicate with you through your chosen contact method.
    • Facilitate a referral to a specialist or partner clinic, with your consent.
    • Comply with legal and regulatory requirements.

    We do not sell your personal information or use it for advertising.

    Consent and International Transfers

    We obtain your explicit consent for collecting and processing personal information, especially health-related data. We also obtain separate consent for transferring your data to third parties or overseas (e.g., to Rigicon’s global headquarters in the U.S.).

    Data Retention

    We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Eligibility and referral data are typically retained for 12–24 months if inactive and are then securely destroyed.

    Your Rights

    You have the right to access, correct, delete, or suspend the processing of your personal information. You may also withdraw your consent at any time. We will respond to your requests without undue delay.

    Children’s Data

    Our services are intended for adults aged 19 and over. We do not knowingly collect personal information from minors.

    Data Protection Officer

    Email: [email protected]

Rigicon’s Global Approach to Privacy

Data & AI Ethics Policy

September, 2025

Purpose

At Rigicon, we believe that trust is the foundation of healthcare innovation. This policy sets out how Rigicon approaches the responsible use of data and artificial intelligence (AI). It reflects our dedication to safeguarding individual rights while driving medical progress.

Objective

The goal of this policy is to provide clear principles for handling data and AI in ways that respect patients, healthcare professionals, and society. Rigicon aims to foster innovation without compromising privacy, fairness, or accountability.

Scope

This policy applies globally to all Rigicon employees, managers, directors, contractors, and partners. It also applies to third parties working with Rigicon systems or data.

Guiding Principles

Data Principles
  • Clarity and openness: Individuals should always know what data we collect, why we collect it, and how we use it.
  • Respect for privacy: Personal information must be handled with care and confidentiality at every step.
  • Accuracy and reliability: Data should be relevant, up to date, and used in a way that avoids harm.
  • Fair use only: Data is processed for legitimate purposes; Rigicon does not sell personal information.
  • Accountability: Rigicon leaders and employees are responsible for ensuring that data practices align with ethical and legal standards.
AI Principles
  • Human-first approach: AI is developed to support clinical decision-making and improve patient experiences, not to replace qualified medical judgment.
  • Explainable systems: AI tools must be understandable, including their purpose, assumptions, and limitations.
  • Avoiding bias: AI must be designed and monitored to reduce unfair outcomes and to promote equity.
  • Oversight and control: No AI system may make binding healthcare decisions without meaningful human review.
  • Safety by design: Privacy, security, and risk assessment must be embedded from the earliest stages of development.
  • Responsible innovation: All AI projects must comply with Rigicon governance, relevant laws, and professional standards.

Reporting Concerns

Concerns about improper use of data or AI must be reported immediately to a manager or directly to Rigicon’s Global Data Protection Office ([email protected]). Rigicon ensures that employees who raise issues in good faith are protected against retaliation.

Related Policies