GaitExo - Lower Limb Exoskeletons for Rehabilitation
Legal Information

Privacy Policy

GaitExo is committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard data in compliance with GDPR and international data protection standards.

Last Updated: January 2025

1. Introduction

GaitExo ("we," "our," or "us") operates as an international trade and brand operator specializing in lower limb exoskeleton and gait rehabilitation solutions. This Privacy Policy applies to all information collected through our website (gaitexo.com), email communications, and business interactions with distributors, hospitals, and healthcare institutions primarily in European markets.

We respect your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy describes what personal data we collect, why we collect it, how we use it, and your rights regarding your information.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

  • Submit contact forms or inquiry requests on our website
  • Request product information, quotes, or demo units
  • Register for newsletters or marketing communications
  • Communicate with us via email, phone, or video conferencing
  • Attend trade shows or business meetings where you share business cards

This information may include:

  • Name and job title
  • Company name and business address
  • Email address and phone number
  • Country and preferred language
  • Business requirements and product interests
  • Purchase history and order details (for existing customers)

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies:

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on site
  • Referring website or source
  • Click-through and navigation patterns

2.3 Information from Third Parties

We may receive business contact information from:

  • LinkedIn and other professional networking platforms
  • Trade show organizers and industry associations
  • Business partners and referral sources
  • Publicly available business directories

3. How We Use Your Information

We process your personal data only for legitimate business purposes, including:

3.1 Business Communication and Sales

  • Responding to your inquiries and providing product information
  • Preparing quotations and commercial proposals
  • Processing orders and managing customer relationships
  • Arranging product demonstrations and sample shipments
  • Negotiating distribution agreements and partnership terms

3.2 Marketing and Business Development

  • Sending newsletters about new products and industry insights (with your consent)
  • Inviting you to webinars, trade shows, and industry events
  • Conducting market research and customer satisfaction surveys
  • Improving our website content and user experience

3.3 Legal and Operational Requirements

  • Complying with export control regulations and trade compliance
  • Maintaining business records and financial documentation
  • Protecting against fraud and security threats
  • Resolving disputes and enforcing contracts
  • Meeting legal obligations under applicable laws

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Legitimate Interest: Processing necessary for our business operations, such as responding to inquiries, managing customer relationships, and conducting B2B marketing to professional contacts
  • Contractual Necessity: Processing required to fulfill sales contracts, purchase orders, and distribution agreements
  • Consent: Processing based on your explicit consent, such as subscribing to marketing emails (you may withdraw consent at any time)
  • Legal Obligation: Processing required to comply with export regulations, tax laws, and other legal requirements

5. How We Share Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

5.1 Business Partners

  • Authorized distributors and sales agents in your region (when you request local support)
  • Manufacturing partners (only technical specifications, not personal contact details)
  • Logistics and shipping companies (only delivery address and contact information)

5.2 Service Providers

  • Email marketing platforms (e.g., Mailchimp, SendGrid) - only for subscribers who opted in
  • Website hosting and analytics services (e.g., Google Analytics)
  • CRM systems for customer relationship management
  • Payment processors for secure transaction handling

5.3 Legal Requirements

We may disclose your information when required by law, such as:

  • Responding to court orders, subpoenas, or legal processes
  • Complying with export control and customs regulations
  • Protecting our legal rights and preventing fraud
  • Cooperating with law enforcement investigations

6. International Data Transfers

GaitExo is headquartered in China, and our primary manufacturing partners are also located in China. When you provide information to us, your data may be transferred to and processed in China or other countries outside the European Economic Area (EEA).

We ensure adequate protection for international data transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Contractual obligations with service providers to maintain GDPR-equivalent protections
  • Technical and organizational security measures to protect data in transit and at rest
  • Limiting data transfers to what is necessary for business purposes

For B2B communications, we rely on the legitimate interest basis, as data transfers are necessary to fulfill your business requests and maintain commercial relationships.

7. Data Security

We implement industry-standard security measures to protect your personal information:

  • SSL/TLS encryption for data transmission on our website
  • Secure servers with firewall protection and intrusion detection
  • Access controls limiting data access to authorized personnel only
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and confidentiality
  • Secure backup systems and disaster recovery procedures

However, no internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your own login credentials and business communications.

8. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

  • Active Customers: For the duration of the business relationship plus 7 years (for accounting and legal compliance)
  • Prospective Customers: Up to 3 years from last contact (unless you request earlier deletion)
  • Marketing Subscribers: Until you unsubscribe or request deletion
  • Website Analytics: Aggregated data retained for 26 months (Google Analytics default)
  • Legal Records: As required by applicable export control, tax, and commercial laws

After retention periods expire, we securely delete or anonymize personal data unless longer retention is required by law.

9. Your Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interest or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for marketing emails at any time

To exercise these rights, please contact us at privacy@gaitexo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve functionality and analyze traffic:

10.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality (e.g., session management)
  • Analytics Cookies: Google Analytics to understand visitor behavior and improve content
  • Marketing Cookies: Google Ads and LinkedIn Insight Tag for targeted advertising (with consent)

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, but this may affect website functionality. To opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., LinkedIn, manufacturing partners, industry associations). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

GaitExo's services are intended for business professionals and healthcare institutions. We do not knowingly collect information from individuals under 16 years of age. If we discover we have inadvertently collected data from a minor, we will promptly delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will post the revised policy on this page with an updated "Last Updated" date. For material changes, we will notify you via email or prominent website notice.

We encourage you to review this policy regularly to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

GaitExo Data Protection Officer
Email: privacy@gaitexo.com
Website: https://gaitexo.com

For GDPR-related inquiries, please include "GDPR Request" in your email subject line. We will respond within 30 days as required by law.

15. Specific Provisions for European Users

EU Representative: If required under GDPR Article 27, we will appoint an EU representative and update this section with their contact details.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.

Acknowledgment: By using our website, submitting inquiries, or engaging in business communications with GaitExo, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.