Privacy Policy
This Privacy Policy explains how Levita Med ("Levita", "we", "our") collects, uses, stores, and protects your personal data, in compliance with Albanian Law No. 9887 "On the Protection of Personal Data" and the principles of the GDPR (Regulation (EU) 2016/679).
Levita Med, headquartered at Durrës, Shijak, Xhafzotaj, Durana Tech Park, Rruga Ahmet Zogu, Property No. 336, CZ 3852, NIPT M61615505, acts as the Data Controller for account data, billing, system security, AI-assisted analysis, and scientific research.
For your medical data (diagnoses, clinical records, consultation notes), the licensed doctor you choose acts as an independent Data Controller, while Levita acts as a Processor providing the secure technological infrastructure for conducting and storing the consultation. The doctor determines the purpose and means of clinical treatment; Levita processes this data only on the doctor's instructions and to provide the service.
You have the right to request the deletion of your personal data. However, this right is not absolute: Levita and the doctor are legally required to retain medical documentation for a period of 10 years (under legal obligations for retaining health records). During this period, medical data may be archived and restricted from active processing but cannot be fully deleted. Non-medical data (e.g. marketing data) is deleted immediately upon your request.
In the event of a personal data breach that poses a risk to your rights and freedoms, Levita will notify the Commissioner for the Right to Information and Protection of Personal Data within 72 hours of becoming aware of the breach. If the breach poses a high risk, you will also be notified without undue delay, with a description of the nature of the breach and the measures taken.
You have the right to: access your data, request rectification, request erasure (per Section 5), restrict processing, object to processing, request data portability, and withdraw consent at any time. For medical data, requests may also be addressed to the doctor as an independent controller.
We implement appropriate technical and organizational measures: encryption in transit and at rest, role-based access control, secure authentication, and continuous monitoring.
Data is stored and processed within the European Union / European Economic Area. Any transfer outside this area is carried out only with the safeguards required by the GDPR (e.g. Standard Contractual Clauses).
Levita does not knowingly collect data from minors under 18 without the consent and verification of a parent/legal guardian. If we discover data collected without authorization, it is deleted.
For any question, request, or complaint regarding your data, you may contact our Data Protection Officer at: dpo@levita.ai.
You also have the right to lodge a complaint with the Commissioner for the Right to Information and Protection of Personal Data (idp.al).
Levita may update this Policy. Significant changes will be communicated to you at least 30 days before they take effect.
Send us a message about privacy or data protection and our team will respond as quickly as possible.