Privacy Policy
Everest Minds for Digital Transformation ("Everest Minds", "we", "us") operates the Clinera MDT platform. This Privacy Policy describes how personal data is handled in connection with the platform.
1. Who We Are
Everest Minds for Digital Transformation is a limited liability company registered in Cairo, Egypt (Commercial Register No. 158704), with offices at Cairo Business Plaza, North 90th Street, New Cairo, Cairo, Egypt.
2. Our Role
Clinera MDT is provided to healthcare institutions ("Clients") for clinical collaboration purposes. The Client institution is the data controller for patient data processed on the platform. Everest Minds acts as a data processor, processing personal data on behalf of and under the instructions of the Client.
Where a third party sponsors account subscriptions for the Client, the sponsor does not have access to patient data or platform clinical content.
3. What Data Is Processed
The following categories of personal data may be processed through the platform, as entered by authorised Client staff:
- Patient demographics (name, age, gender, contact details, national ID where applicable)
- Medical history and clinical records
- Diagnosis and treatment information
- Platform user account information (name, email, role) for Client staff
4. How Data Is Used
Personal data is processed for the following purposes:
- Facilitating multidisciplinary team meetings and clinical collaboration
- Patient case management and documentation
- AI-assisted data extraction from uploaded medical documents (where enabled)
- Platform administration, support, and maintenance
5. AI Features
Clinera MDT includes AI-assisted features that process document content to extract structured data fields. These features use third-party AI models (cloud-based or self-hosted, depending on the deployment configuration). AI outputs are always presented to the clinician for review and confirmation before being saved. Everest Minds does not use client data to train AI models.
6. Data Storage and Security
Data is hosted on EU-based infrastructure (Frankfurt, Germany). Security measures include:
- AES-256 encryption at rest
- TLS encryption in transit
- Role-based access controls
- Institutional account isolation
- Daily encrypted backups
7. Data Sharing
Patient data is not shared with Everest Minds, sponsors, or any third party unless explicitly authorised in writing by the Client institution. Sponsors may receive aggregated, non-identifiable usage metrics only with the Client's prior written consent.
8. Data Retention
Client data is retained for the duration of the service agreement. Upon termination, data export is available for 30 days, after which data is permanently deleted.
9. Your Rights
Individuals whose data is processed through the platform may exercise their data protection rights (access, rectification, erasure, restriction, portability, objection) by contacting their healthcare institution (the data controller). The Client institution may contact Everest Minds for technical assistance in fulfilling such requests.
10. Legal Basis
The legal basis for processing depends on the applicable jurisdiction and the Client's relationship with the data subject. In EU-hosted deployments, processing is subject to GDPR. Everest Minds processes data under the Client's instructions as data processor.
11. Contact
For questions about this Privacy Policy or data protection matters:
Everest Minds for Digital Transformation
Email: privacy@everestminds.com
Address: Office M607, Cairo Business Plaza, North 90th Street, New Cairo, Cairo, Egypt