Privacy Policy

At Orevan, we respect and protect the privacy of individuals whose data we process as part of delivering our global biotherapeutic consulting, medical communications, and digital healthcare services. This Privacy Policy explains how we collect, use, store, and secure personal data in accordance with regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and other applicable international laws.

PURPOSE

Orevan is a forward-thinking global consulting firm operating at the intersection of healthcare, strategy, and technology. Orevan delivers digital marketing, billing, and med-comms solutions that connect healthcare ecosystems and improve outcomes.

This Policy sets out how Orevan ("we," "us," "our") lawfully collects, processes, shares, and protects personal data, aligning with global data protection standards including GDPR, CCPA, UAE PDPL, and others.

SCOPE

This Policy applies to all personal data processed by Orevan in the course of its business operations. Affected individuals include:

  • Healthcare professionals, institutional clients, and prospects
  • Patients or participants in clinical programs and communications
  • Job applicants, employees, contractors, and consultants
  • Website and platform users
  • Individuals engaged through marketing, education, or events

Where local law imposes more stringent requirements, Orevan complies with those obligations.

1. POLICY

This Policy governs Orevan's handling of personal information across all platforms, channels, and interactions, including services, programs, research initiatives, hiring processes, and marketing activities.

1.1 INFORMATION WE COLLECT

Depending on your relationship with Orevan, we may collect the following data types:

  • Contact Data: Name, email, phone, address
  • Professional Data: Title, institution, credentials
  • Technical Data: IP address, device type, browser info, usage metrics
  • Interaction Data: Inquiries, support tickets, feedback, and survey responses
  • Compliance Data: Consent records, audit logs, regulatory documentation

1.2 PURPOSES AND LEGAL BASES FOR PROCESSING

Orevan processes personal data under the following legal bases:

  • Contractual Necessity: To deliver requested services or support
  • Legal Obligation: To comply with healthcare regulations or government mandates
  • Legitimate Interests: To improve services, maintain security, and support business operations
  • Consent: For optional processing, such as marketing, cookies, or medical data, where legally required
  • Vital Interests: To protect individuals in emergencies

1.3 INTERNATIONAL DATA PROCESSING

Orevan operates globally. Your data may be processed and stored only based on local data privacy at law guidelines, we implement:

  • Standard Contractual Clauses (SCCs)
  • Transfers to countries with adequacy decisions
  • Robust technical and organizational safeguards, including encryption, data minimization, and restricted access

1.4 YOUR CHOICES AND RIGHTS

You have control over how your data is used. You may:

  • Decline to provide data (some services may be unavailable)
  • Opt out of marketing via unsubscribe links or by contacting us
  • Withdraw consent anytime without affecting previous lawful use
  • Manage cookie preferences via platform controls

Explicit consent is obtained for sensitive or high-impact processing activities.

1.5 DATA ACCURACY AND YOUR RIGHTS

You may request the following rights regarding your personal data:

  • Access: Obtain a copy of your data
  • Correction: Fix errors or incomplete data
  • Deletion: Remove your data under applicable conditions
  • Restriction: Limit processing in certain contexts
  • Objection: Challenge processing based on legitimate interests or direct marketing
  • Portability: Transfer your data to another provider
  • Consent Withdrawal: Revoke previously granted consent

Contact us via Section 1.8 to exercise these rights.

1.6 POLICY UPDATES AND LEGAL TERMS

This Policy does not override existing contracts or regulatory rights. We may update it due to:

  • Changes in law and regulation
  • Adjustments in our operations or services
  • New industry standards or technologies

Updates will be posted on our website and communicated where required.

1.7 DATA SECURITY AND RETENTION

Orevan uses layered security protocols to protect your data, including:

  • Encryption (data at rest and in transit)
  • Access control and identity verification systems
  • Ongoing monitoring and regular audits
  • Certified infrastructure (e.g., ISO 27001)

We retain data only as necessary for business, legal, or regulatory purposes.

1.8 CONTACT US

📧 Email: [email protected]
🌐 Website: www.orevan.org

If you are located in the EU, you also have the right to lodge a complaint with your local Data Protection Authority (DPA).

Effective as of February 2024