Doyenne MedTech  |  Legal & Privacy
Home › Privacy Policy

Privacy Policy

Last updated: May 2026 Reviewed annually Applies to: doyennemedtech.com

Doyenne MedTech is committed to protecting your privacy and handling your personal data with care, transparency, and respect. This Privacy Policy explains what personal data we collect, how we use it, and your rights under the EU General Data Protection Regulation (GDPR) and UK GDPR. Please also read our Cookie Policy for information about how we use cookies on this website.

Section 01

Who We Are

The data controllers responsible for your personal data are:

  • Doyenne MedTech Ireland — CRO 788127. The operating entity for this website and its digital services, including the contact form and AI product recommender. Director: Rachel McGibney.
  • Doyenne MedTech UK Ltd — Companies House 16508924, Oakland Lodge, Ledbury, HR8 1AR. The UK entity for visitors and enquiries based in the United Kingdom.

References to "we", "us" or "our" in this policy refer to both entities where applicable.

You can contact us about data protection matters at: info@doyennemedtech.com

Section 02

What Personal Data We Collect

We collect personal data in the following circumstances:

Data Category Examples How Collected Legal Basis
Contact details Name, email address, company name, phone number Contact form on our website Legitimate interests / Contract
Enquiry content Your message, product enquiry, or question submitted via the contact form Contact form on our website Legitimate interests / Contract
AI recommender inputs Responses to questions about your clinical area, procedure type, and product requirements entered into our AI product recommender AI product recommender tool on our website Legitimate interests / Consent
Usage data Pages visited, time on site, browser type, device type, approximate location (country/region) Google Analytics cookies (with your consent) Consent
Technical data IP address, referral source, session data Automatically collected by our hosting provider (Vercel) and analytics tools Legitimate interests

We do not collect any special categories of personal data (such as health data, biometric data, or data about racial or ethnic origin) through this website.

Section 03

How We Use Your Personal Data

We use the personal data we collect for the following purposes:

  • Responding to enquiries. When you contact us through our website, we use your name and email address to respond to your message. This is necessary for our legitimate interests in managing our business relationships and, where you are an existing or prospective customer, for the performance of a contract.
  • AI product recommendations. Responses you provide in our AI product recommender are used to generate a personalised product recommendation. This data is processed using the Anthropic API. We do not store your inputs beyond the duration of your session unless you submit a contact enquiry following the recommendation.
  • CRM and follow-up. Contact form submissions are stored in our HubSpot CRM to enable us to manage our customer relationships and follow up on enquiries. You may request removal from our CRM at any time.
  • Website analytics. With your consent, we use Google Analytics to understand how visitors use our website so that we can improve it. This data is aggregated and anonymised where possible.
  • Legal compliance. We may process your data where necessary to comply with a legal obligation, such as in response to a valid request from a regulatory authority.
Section 04

Third-Party Services and Data Processors

We share your personal data with the following third-party service providers who act as data processors on our behalf:

  • HubSpot, Inc. Our CRM and contact form provider. HubSpot stores contact form submissions and associated personal data on servers in the United States, under Standard Contractual Clauses. HubSpot's privacy policy is available at legal.hubspot.com/privacy-policy.
  • Anthropic, PBC. Provider of the AI API that powers our product recommender tool. Inputs to the recommender are processed by Anthropic's systems. Anthropic's privacy policy is available at anthropic.com/privacy.
  • Google Ireland Limited. Provider of Google Analytics. Usage data collected via analytics cookies may be transferred to and processed in the United States under Standard Contractual Clauses. Google's privacy policy is available at policies.google.com/privacy.
  • Vercel, Inc. Our website hosting provider. Vercel may process technical data such as IP addresses as part of site delivery and security. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

Section 05

International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA) and the United Kingdom, including in the United States. Where we transfer personal data outside the EEA or UK, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission and, for UK transfers, the UK International Data Transfer Agreement (IDTA).
  • Adequacy decisions where applicable, recognising that the destination country provides an adequate level of data protection.

You may request further information about the safeguards we have in place for international transfers by contacting us at info@doyennemedtech.com.

Section 06

How Long We Keep Your Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:

  • Contact form enquiries — retained in HubSpot CRM for up to 3 years from the date of last contact, unless you request earlier deletion or we enter into a business relationship requiring longer retention.
  • AI recommender inputs — not retained beyond your active session unless you subsequently submit a contact form enquiry.
  • Analytics data — retained by Google Analytics for 26 months by default, after which it is automatically deleted.
  • Technical and server logs — retained by Vercel for up to 30 days for security and performance purposes.
Section 07

Your Rights

Under the GDPR and UK GDPR, you have the following rights in relation to your personal data:

Right of Access

You may request a copy of the personal data we hold about you, free of charge, within one month of your request.

Right to Rectification

You may request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You may request that we delete your personal data where there is no compelling reason for its continued processing.

Right to Restriction

You may request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability

You may request a copy of your personal data in a structured, commonly used, machine-readable format.

Right to Object

You may object to processing of your personal data where we rely on legitimate interests as our legal basis.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

Right to Complain

You have the right to lodge a complaint with your supervisory authority (see below).

To exercise any of these rights, please contact us at info@doyennemedtech.com. We will respond within one month. We may need to verify your identity before processing your request.

Section 08

Supervisory Authorities

If you are based in Ireland or the EU and are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Data Protection Commission (DPC):

  • Website: www.dataprotection.ie
  • Phone: +353 57 868 4800
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland

If you are based in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Section 09

Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. Our website is hosted on Vercel's enterprise-grade infrastructure with HTTPS encryption enforced on all pages.

While we take reasonable steps to protect your data, no method of transmission over the internet is completely secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at info@doyennemedtech.com.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Section 11

Contact Us

For any questions, requests, or concerns about this Privacy Policy or how we handle your personal data, please contact us:

Doyenne MedTech

Email: info@doyennemedtech.com

Website: www.doyennemedtech.com

For data protection enquiries relating to the United Kingdom, you may also write to: Doyenne MedTech UK Ltd, Oakland Lodge, Ledbury, HR8 1AR.