Global Privacy & Data Protection Policy | VistaMed Technologies

Last Updated: February 6, 2026
Effective Date: February 6, 2026

1. Introduction & Commitment to Privacy

VistaMed Technologies ("we," "us," or "our") is strictly committed to protecting the privacy and security of your personal and professional information. As a global manufacturer of advanced medical devices and chronic disease monitoring solutions, data security is embedded in our corporate DNA.

This Privacy Policy outlines how we collect, process, and safeguard the information of visitors to our B2B website (typically healthcare professionals, procurement officers, and distribution partners). Our data practices are strictly engineered to comply with the highest global standards, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection Law (PIPL) of China.

2. Scope of This Policy & Important Medical Disclaimer

This policy applies only to the professional/B2B data collected through this corporate marketing website (e.g., when you request a quote, download ISO/FDA certificates, or apply for product samples).

⚠️ Strict Prohibition of Patient Data Collection:
Our website and services are exclusively intended for a professional, business-to-business (B2B) audience. In strict compliance with HIPAA and global healthcare regulations:

• We do not and are strictly prohibited from knowingly collecting, processing, or storing Patient Health Information (PHI) or "special categories" of medical data through this public website.
• Infrastructure Isolation: The servers hosting this marketing website are physically and logically isolated from any VistaMed clinical diagnostic networks, AI-assisted diagnostic systems, or patient data portals.

3. Information We Collect

We collect data strictly necessary for B2B communications and regulatory compliance:

• Information You Voluntarily Provide: When you submit inquiries, request quotes, or download technical manuals, we collect professional contact details such as your full name, job title, hospital/organization name, work email address, phone number, and region.
• Information Collected Automatically: We utilize standard technical protocols (like cookies) to ensure website functionality and security. This includes your IP address, browser type, device information, and geographic region. Under GDPR and PIPL, IP addresses and cookie IDs are treated as identifiable personal data and are protected accordingly.

4. How We Use Your Information

We process your professional data solely for legitimate business operations and regulatory requirements:

• Fulfillment: To respond to your procurement inquiries and process sample/document requests.
• After-Sales & Warranty: To manage order history, warranty registrations, and provide ISO 13485/FDA compliant technical support.
• Communications: To send critical product updates, clinical validation reports, or marketing communications (strictly subject to your explicit opt-in consent). You may opt-out at any time.
• Security & Compliance: To monitor website security, prevent fraud, and comply with international medical device tracking regulations.

5. Data Sharing and Disclosure

We categorically do not sell, rent, or trade your personal information to third parties. We only share your data under the following strictly controlled circumstances:

• Authorized Service Providers (Processors): We partner with vetted third-party vendors (e.g., secure CRM hosting, secure email dispatch). All processors are bound by strict Data Processing Agreements (DPAs) requiring them to safeguard your data.
• Authorized Regional Distributors: To provide localized sales support and equipment installation, we may securely route your inquiry to a verified VistaMed distributor in your specific region.
• Legal & Regulatory Authorities: We may disclose B2B contact information if legally mandated by medical regulatory bodies (e.g., FDA, EMA, NMPA) for device recall tracing or compliance audits.

6. Enterprise-Grade Data Security

We implement robust technical and organizational measures to protect your data against unauthorized access, alteration, or destruction:

• Encryption: All data transmitted via our website is secured using TLS/SSL encryption. Data at rest is securely encrypted on our enterprise servers.
• Access Control: Access to your professional data is strictly limited to authorized VistaMed personnel based on the principle of least privilege.
• Compliance Audits: Our data security frameworks undergo regular third-party audits to maintain alignment with international cybersecurity standards for medical device manufacturers.

7. Your Global Data Protection Rights

Depending on your jurisdiction (e.g., EU, California, China), you possess comprehensive rights regarding your personal data:

• Right to Access & Portability: Request a copy of the professional data we hold about you.
• Right to Rectification: Request corrections to any inaccurate organizational or contact details.
• Right to Erasure (Right to be Forgotten): Request the deletion of your data, provided it does not conflict with our legal obligation to maintain medical device traceability records.
• Right to Object/Opt-Out: Object to data processing or withdraw consent for marketing communications.
• Right to Non-Discrimination: You will not face any discriminatory treatment for exercising your privacy rights.

To exercise these rights, please submit a request to our dedicated Data Protection Officer (DPO) at the contact details below. We will respond within the legally mandated timeframe (typically 30 days).

8. International Data Transfers

As a global medical technology manufacturer headquartered in Shenzhen, China, with operations worldwide, your data may be processed outside your country of residence.
We ensure that all cross-border data transfers comply with applicable laws. For data originating from the European Economic Area (EEA), we implement Standard Contractual Clauses (SCCs) approved by the European Commission. We also strictly adhere to the cross-border data transfer security assessments mandated by China's PIPL.

9. Contact Our Data Protection Team

If you have any questions, concerns, or requests regarding this Privacy Policy or our data security practices, please contact our Compliance & Privacy Team:

VistaMed Technologies

• Data Protection Officer (DPO): [email protected]
• Global Headquarters: 20th floor, Huarun Building, Nanshan District, Shenzhen City, Guangdong Province, China
• Compliance Phone Line: +0755-1234-4567 (Hours: Monday-Friday, 8:00 AM - 6:00 PM EST)