Legal Information

Privacy Policy

Last updated: 07.01.2026

1. Data Controller and Scope

MentoraMedic ("we", "us") is committed to protecting the professional and personal data of international medical specialists. This Policy defines our practices under the EU General Data Protection Regulation (GDPR) and Dutch privacy laws.

2. Categories of Data Collected

Professional Identity Information:

  • Full legal name and professional titles
  • Verified communication channels (Email/Phone)
  • Academic transcripts, specialization data, and professional certification
  • Language proficiency levels (NT2-II, C1 Medical)

LMS & Competency Data:

  • Assessment outcomes and clinical performance metrics
  • Learning progress
  • Transcription and analysis of virtual patient simulations

Technical & Network Metadata:

  • Network origin and localized geodata
  • System telemetry and agent identifiers
  • Session state and security tokens

3. AI In-Depth Processing (Virtual Patients)

Our platform utilizes large language models (LLMs) to provide interactive clinical scenarios. We process your inputs to evaluate medical communication skills. This data is anonymized where possible and used strictly for educational assessment and platform refinement.

4. Purposes of Data Processing

  • Provision of educational content and assessment
  • Customization of the BIG-registration pathway
  • Verification of professional readiness for partners
  • Advancement of medical simulation algorithms
  • Critical regulatory and platform updates

5. Professional Facilitation & Sharing

To facilitate your career in the Netherlands, we share relevant professional data with:

  • Authorized recruitment partners and healthcare providers
  • Regulatory bodies (CIBG/BIG-register) and hospital HR departments
  • Judicial or state authorities when legally mandated
  • Enforcement of our platform security and rights

6. Security & Infrastructure

  • End-to-end encryption for all data in transit (TLS 1.3+)
  • SOC 2 Type II compliant cloud infrastructure within the EU
  • Systematic vulnerability assessments and code reviews
  • Role-based access control (RBAC) to sensitive specialist records
  • Automated, encrypted geo-redundant backups

7. Your Rights under GDPR

As a data subject, you maintain the following rights:

  • Right to a comprehensive export of your professional record
  • Right to rectify inaccurate professional status
  • Right to erasure ("Right to be forgotten")
  • Right to restrict specific processing activities
  • Right to professional data portability
  • Right to withdraw consent at any time

For Data Protection Officer (DPO) inquiries, contact [email protected].

Back to Home