Privacy Policy
Última actualización: March 10, 2026
1. Data Controller
Controller Details
Jucade Solutions SL
VAT ID: B19376557
Address: Avenida De Los Manantiales 24, Planta 6ª, Apartamento, 29620 Torremolinos (Málaga), Spain
Privacy email: privacidad@hanamind.es
2. Purpose of Processing
At HanaMind, we process the information provided by interested parties for the following purposes:
| Purpose | Description | Legal Basis |
|---|---|---|
| SaaS Service Management | Provision of management service for psychologists: scheduling, clinical records, and billing. | Contract execution (Art. 6.1.b GDPR) |
| Customer Support | Resolving inquiries made through the website or support channels. | Legitimate interest (Art. 6.1.f GDPR) |
| Commercial Communications | Sending information about news, improvements, and services related to HanaMind. | Consent (Art. 6.1.a GDPR) |
| Legal Compliance | Managing legal, accounting, and fiscal obligations derived from the contractual relationship. | Legal obligation (Art. 6.1.c GDPR) |
3. Special Protection of Health Data
HanaMind is a platform designed for the healthcare sector. Data related to your patients’ health is processed exclusively under your control as Data Controller, with us acting as Data Processors in accordance with Article 28 of the GDPR.
Security measures applied to health data
• Encryption in transit: TLS 1.3 • Encryption at rest: AES-256 • Access restricted via two-factor authentication • Data is never accessible to our staff without explicit authorization for technical support
4. Retention Periods
Personal data will be retained for as long as the contractual relationship is maintained and for the periods necessary to comply with legal obligations:
- Commercial records: 6 years (Spanish Commercial Code)
- Health data: minimum 5 years in Spain (Law 41/2002)
- Tax obligations: 4 years (Spanish General Tax Law)
Once the relationship has ended, data will be blocked until the limitation period for legal liabilities expires and then securely deleted.
5. Recipients and Sub-processors
Your data may be disclosed to the following categories of recipients:
- Public Administrations: for compliance with legal obligations.
- Banking entities: for the management of collections and payments.
- Sub-processors: technology providers necessary for the provision of the service.
Currently authorized sub-processors are:
| Provider | Country | Purpose | Safeguards |
|---|---|---|---|
| Hetzner Online GmbH | Germany (EEA) | Data hosting and server infrastructure | Located within the EEA |
| Twilio Inc. | USA | Sending SMS and WhatsApp for appointment reminders | EU Standard Contractual Clauses |
| Stripe Payments Europe, Ltd. | Ireland (EEA) | Payment and subscription management | Located within the EEA |
| Google LLC (Calendar API) | USA | Optional calendar synchronization with Google Calendar | EU Standard Contractual Clauses / DPF |
Jucade Solutions SL undertakes to notify with a minimum of 20 calendar days’ notice any changes to the authorized sub-processors, allowing the Data Controller to object in writing within said period.
6. International Data Transfers
HanaMind prioritizes the use of services hosted within the European Economic Area (EEA). When it is necessary to use providers outside the EEA, we ensure that transfers are carried out with the following safeguards:
- Standard Contractual Clauses approved by the European Commission (Decision 2021/914/EU).
- Adherence to the EU-US Data Privacy Framework, where applicable.
You may request information about the specific safeguards applicable to each transfer by sending an email to privacidad@hanamind.es.
7. Rights of Data Subjects
Any person whose data is processed by HanaMind may exercise the following rights:
- Access: obtain confirmation of whether your data is being processed and access it.
- Rectification: request the correction of inaccurate or incomplete data.
- Erasure: request the deletion of your data when it is no longer necessary.
- Opposition: object to the processing of your data in certain circumstances.
- Restriction: request the restriction of processing in certain cases.
- Portability: receive your data in a structured, commonly used format.
- Not to be subject to automated individual decisions, including profiling.
How to exercise your rights
Send an email to privacidad@hanamind.es attaching a copy of your ID or equivalent document. We will respond within a maximum period of 1 month from receipt of the request.
8. Cookie Policy
HanaMind uses its own and third-party cookies to ensure the proper functioning of the platform, improve the user experience, and, with your consent, for analytical purposes.
- Essential cookies: necessary for the basic functioning of the platform. They do not require consent.
- Analytical cookies: used to measure the performance and usage of the platform, only with your prior consent.
You can configure or reject non-essential cookies at any time through the cookie banner or the settings panel. For more information, please refer to our Cookie Policy available at hanamind.es/cookies.
9. Security Breach Notification
In the event of a personal data security breach, Jucade Solutions SL undertakes to:
- Notify the Spanish Data Protection Agency (AEPD) within a maximum of 72 hours from becoming aware of the breach, when it is likely to pose a risk to the rights and freedoms of individuals (Art. 33 GDPR).
- Communicate the breach to affected data subjects without undue delay when it is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR).
- Internally document all security breaches, including those that do not require notification.
The communication to data subjects will include, at a minimum: a description of the nature of the breach, contact details of the controller, likely consequences, and measures taken or proposed.
10. Minors
HanaMind is a professional platform aimed exclusively at psychologists and mental health professionals. It is not intended or designed to be used directly by minors.
In the context of clinical management, data of minor patients processed through the platform is the responsibility of the psychologist as Data Controller, who must obtain the consent of the minor’s legal representative in accordance with applicable regulations.
11. Data Processing Agreement (Art. 28 GDPR)
When the User acquires a HanaMind license, Jucade Solutions SL acts as the Data Processor and the User (psychologist or entity) as the Data Controller with respect to their patients’ and collaborators’ data.
11.1. Obligations of the Data Processor (Jucade Solutions SL)
Jucade Solutions SL undertakes to:
- Process personal data only following the documented instructions of the Data Controller.
- Not use data for its own purposes other than the provision of the contracted service.
- Ensure that persons authorized to process data commit to maintaining confidentiality.
- Adopt all technical and organizational security measures required by Art. 32 of the GDPR.
- Not sub-contract any processing without prior communication with at least 20 calendar days’ notice.
- Assist the Controller in responding to data subject rights requests and carrying out Data Protection Impact Assessments (DPIA).
- Notify security breaches within a maximum period of 48 hours from becoming aware.
- Maintain an internal record of processing activities carried out on behalf of the Controller.
- Once the service provision has ended, the Controller will have 30 calendar days to download their information. After this period, data will be deleted from HanaMind systems, with a blocked copy potentially retained during the legal limitation periods.
11.2. Obligations of the Data Controller (User)
The Data Controller is responsible for:
- Ensuring that data provided to HanaMind has been collected lawfully and with the appropriate legal basis.
- Providing the right to information to patients at the time of data collection.
- Carrying out Data Protection Impact Assessments (DPIA) where applicable.
- Supervising the processing carried out by Jucade Solutions SL, with the ability to conduct audits.
- Complying with all other obligations that the GDPR and the LOPDGDD establish for the Data Controller.
12. Use of Google Data (Google API Services)
HanaMind allows optional integration with Google Calendar to synchronize your professional agenda. Below we detail how we treat this data:
Data we access
- Google Calendar events (title, date, time, description)
- Basic account information for authentication (name and email)
How we use this data
- Synchronization of appointments between HanaMind and your Google Calendar
- Show real-time availability for booking appointments
- Calendar data is used exclusively for scheduling functionality and never for other purposes
Sharing, storage, and retention
We DO NOT share your Google Calendar data with any third party. Synchronized data is stored on servers within the EEA.
- Google Calendar data is maintained while the integration is active.
- You can disconnect Google Calendar at any time from Settings → Integrations.
- Upon disconnection, all synchronized Google data is removed within a maximum period of 30 days.
Google API Compliance: The use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
13. Supervisory Authority
If you consider there is a problem with how we are handling your data, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):
Spanish Data Protection Agency (AEPD)
Web: www.aepd.es
Phone: 901 100 099
Address: C/ Jorge Juan, 6, 28001 Madrid
© 2026 Jucade Solutions SL. Todos los derechos reservados.