MDClone Privacy Policy

This privacy policy was last changed on September 3, 2025.

In this privacy policy as may be amended from time to time (“Privacy Policy”), MDClone Inc, as data controller, (“MDClone“, “we“, “our“, or “us“) explains our website users (“User“, “you” or “your“) what we do with the data we collect and process via https://www.mdclone.com (“Website”).

We recommend you carefully read this Privacy Policy.

This Privacy Policy supplements our Website Cookie Policy.

If you have any questions, or any concerns regarding this Privacy Policy, please contact us at: [email protected]

PURPOSES AND CATEGORIES OF DATA

Definition. When we use the term “personal data” in this Privacy Policy, we mean any information relating to an identified or identifiable natural person, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual.

Collection of Personal Data – General Provisions. We hereby inform you, and you hereby acknowledge that you have no legal obligation to provide us with any personal data when you use the Website, and the provision of it is solely based on your free will. However, you understand that without providing the personal data described in this Privacy Policy, MDClone may not be able to operate the Website and provide you with its related services (e.g., to answer your request when you contact us).

We process the following personal data via the Website:

Contact – Through phone, mail, email and/or webforms

The following categories of personal data are collected

- Identification or identifier – i.e., first and last name
- Professional data – i.e., organization name, job title
- Contact details – i.e., email address, telephone number
- Online identifiers – i.e., IP Address

Any other comments/questions you choose to provide in the empty box

The provision of certain types of personal data may be required or optional. Required data will be marked as such at the moment of collection of your personal data. If you refuse to provide required data, MDClone may not be able to process your contact request.

Source

Such personal data is provided directly by the User through the Website via the ‘Contact Us’ form as well as by phone, mail and email.

Purposes and EU Legal Basis

Such personal data is processed to manage your contact request, e.g., to answer your questions, respond to inquiries. The EU legal basis is the legitimate interest of MDClone in managing the contact requests sent to it.

Such personal data may be processed to manage potential litigation, e.g., to manage any dispute or litigation with respect to the Website, to establish, protect, or exercise our legal rights, to defend against legal claims or demands. The EU legal basis is legitimate interest of MDClone in defending its rights and interests.

Such personal data may be processed to comply with legal and regulatory obligations, e.g., to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights. The EU legal basis is legal and regulatory obligations to which MDClone is subject.

Retention period

We retain your Personal Data only as long as necessary to provide you with our Website and for the purposes described in this Privacy Policy. Other circumstances in which we will retain your personal data for longer periods of time include: (i) where we are required to do so in accordance with legal and regulatory requirements, or (ii) if we reasonably believe there is a prospect of litigation.

Newsletters

The following categories of personal data are collected

Identification or identifier – i.e., first and last name
Professional data – i.e., organization name
Contact details – i.e., work email address
Online identifiers – i.e., IP Address

Source

Such personal data is provided directly by the User through the Website form.

Purposes and EU Legal Basis

Such personal data is processed to manage our service-related communications and such email list. The EU legal basis is MDClone’s legitimate interests to send service-related communications to its customers and potential customers.

Retention period

Request a Demo

The following categories of personal data are collected

- Identification or identifier – i.e., first and last name
- Professional data – i.e., organization name, job title
- Contact details – i.e., email address, telephone number
- Online identifiers – i.e., IP Address

Any other comments you choose to provide in the empty box

Source

Such personal data is provided directly by the User through the form.

Purposes and EU Legal Basis

Such personal data is processed to manage our demo requests e.g., to schedule a demonstration of our products and services, to potentially purchase our products and services (potential customer). The EU legal basis is the legitimate interests of MDClone in managing the potential customer requests sent to it.

Retention period

Ask the Experts

The following categories of personal data are collected

- Identification or identifier – i.e., first and last name
- Professional data – i.e., organization name
- Contact details – i.e., email address

Online identifiers – i.e., IP Address

Any ‘questions and barriers’ you choose to provide in the empty boxes

Source

Such personal data is provided directly by the User through the Website form.

Purposes and EU Legal Basis

Such personal data is processed to manage requests on our products and services, e.g., to explain how MDClone’s products and services could help and improve data, to potentially purchase our products and services (potential customer). The EU legal basis is the legitimate interest of MDClone in managing the potential customer requests sent to it.

Retention period

Request a Meeting For an Event

The following categories of personal data are collected

- Identification or identifier – i.e., first and last name
- Professional data – i.e., organization name, job title
- Contact details – i.e., email address
- Event Selection

Online identifiers – i.e., IP Address

Any comments/questions you choose to provide in the empty box

Source

Such personal data is provided directly by the User through the Website via the ‘Book a Meeting’ Form.

Purpose and EU Legal Basis

Such personal data is processed to manage meeting requests, e.g., to attend an event, to discuss on MDClone products and services. The EU legal basis is the legitimate interest of MDClone in managing requests sent to it.

Retention period

Job Application/Career

The following categories of personal data are collected

- Identification or identifier – i.e., first and last name
- Contact details – i.e., email address and phone number
- Personal Data relating to your job application – i.e., CV, position you are applying for, current position, training, professional experience, LinkedIn Profile URL, personal website, any other information provided in connection with your job application.

Any comments/questions you choose to provide in the empty box

Source

Such personal data is provided directly by the User through the Website via Career page.

Purpose

Such personal data is processed to manage your job application, e.g., to review and assess your job application, to schedule an interview if your application is successful.

No Legal Requirement

For the avoidance of doubt, when you apply for a position, you agree to the processing of your personal data in accordance with the terms of this Privacy Policy. By submitting the personal data at your own free will, you agree that MDClone will use it to assess your suitability for the position to which you have applied. You understand that without providing the personal data described in this section, we will not be able to review your application and/or contact you in order to give you details and/or provide you with a response regarding your application.

Retention period

We will process your personal data until we have processed your job application then 7 years. After the recruitment process and to the extent permitted under applicable law, we might retain your personal data for the purpose of offering you other positions, unless you notify us that you request the deletion of your personal data after we notify you that you have not been selected to the position to which you applied.

Compiling and analyzing statistics

The following categories of personal data are collected

Online Identifiers and Analytics – We will collect online identifiers when the User interacts with the Website, such as IP address, Cookie-ID, and other information that relates to User’s activity through the Website, such as pages viewed, click stream data, login time and date stamp, etc.

Source

This data is automatically collected or generated from the Website and might be collected directly by us or through our use of third parties’ cookies.

We use cookies and other tracking technologies (collectively, “Cookies”). Cookies are a commonly-used web technology that allow websites to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of the Website by such automated means, including cookies. Cookies and similar technologies can help us automatically identify you when you return to the Website, review traffic patterns and improve the Website.

For more information on the cookies used, please see our Website Cookie Policy [add link]

Purposes and EU Legal Basis

Such personal data is processed to improve the Website, e.g., to monitor and analyze your use of the Website, to develop, customize and improve the Website, research and further development, analysis and statistics. The EU legal basis is the User’s consent.

Such personal data is also processed to operate the Website and enhance the security of the Website, such as to prevent and mitigate the risks of fraud, error or any illegal or prohibited activity; technical administration and troubleshooting of the Website; to diagnose and repair Website errors, and, in cases of abuse, track and mitigate the abuse. The EU legal basis is legitimate interests of MDClone to operate and secure its Website.

Retention period

Please see our Website Cookie Policy [add link] Other circumstances in which we will retain your personal data for longer periods of time include: (i) where we are required to do so in accordance with legal and regulatory requirements, or (ii) if we reasonably believe there is a prospect of litigation.

DISCLOSURE PRACTICES

We will disclose your personal data with third parties, as detailed below:

Service Providers and Subcontractors, including data storage providers, data security services, fraud detection and prevention services, content transcription and analysis services, session or activity recording services, consent management platform (CMP), performance measurement, HR/candidate management platform. We will share personal data to perform services on our behalf or complementary to our own, depending on each of their specific roles and purposes in facilitating and enhancing our Website.

Governmental, Administrative or Judiciary Authorities. We disclose personal data if we are required by law, a court order, subpoena or search warrant (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety, (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and services.

Corporate Transactions. If our Website or organisation is taken over, sold, or involved in a merger or acquisition, financing, reorganization, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), your personal data may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

Lawyers and Interested Parties. We will share personal data exclusively in case of management of possible disputes and other legal matters where appropriate.

HOW WE RESPOND TO DO NOT TRACK SIGNALS & GLOBAL PRIVACY CONTROL

Our website does not respond to and does not support the Do Not Track (DNT) header request field.

COOKIES AND OTHER SIMILAR TRACKING TECHNOLOGIES

Our Website uses cookies. For more information about cookies, please refer to our Cookie Policy [add link] also accessible on our Opt-out preferences webpage.

SECURITY

We are committed to the security of personal data. We implement appropriate security, technical and organizational measures to protect personal data, in particular, against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure, use or harm to the integrity of personal data. However, although we make every effort to protect the personal data which you provide to us or we generate, we cannot completely ensure the security of any personal data you transmit to us over the internet or guarantee that this personal data will not be accessed, disclosed, altered, or destroyed.

If you have found a vulnerability or would like to report a security incident, you may send an email to [email protected]

CROSS-BORDER DATA TRANSFERS

General provisions. We may store or process your personal data in several jurisdictions other than the country of your jurisdiction. In some jurisdictions, the level of protection of your personal data may be lower than in the country of your jurisdiction.

EEA Transfers. When we transfer personal data from within the European Economic Area (“EEA”) to countries or international organizations that are based outside the EEA, the transfer takes place on the basis of an adequacy decision by the European Commission, or in the absence of an adequacy decision, other legally permitted safeguards under applicable data protection law, such as standard contractual clauses.

Israeli Transfers. When we transfer personal data from the State of Israel to a third country outside Israel, the transfer takes place on the basis of: (i) a country declared as offering equivalent level of protection by the Israeli Privacy Protection Authority; or (iii) your consent to transfer your personal data to other jurisdictions through this privacy policy, understanding that in some countries the level of protection may be lower than in Israel.

THIRD-PARTY WEBSITES

This Privacy Policy does not apply to third-party websites connected by links on our Website. Please note that this Privacy Policy only applies to personal data that we (or third parties on our behalf) collect from or about you on the Website only and we cannot be responsible for personal data collected and stored by third parties. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy policy and terms and conditions of these websites prior to making use of these websites.

SOCIAL MEDIA WIDGETS

Our Website includes social media feature, i.e., LinkedIn™, X™ and Facebook™ buttons. These features will collect your IP address and which page you are visiting on our Website. They will also set a cookie to enable the feature to function properly.

Social media features are hosted by third parties. Your interactions with this feature are governed by the privacy policy of the company, social media platform or third-party service, providing it.

AMENDMENTS TO THIS PRIVACY STATEMENT

We reserve the right to make amendments to this Privacy Policy. It is recommended that you consult this Privacy Policy regularly in order to be aware of any changes. Any changes we make to our Privacy Policy in the future will be posted on this page.

Each version of this Privacy Policy will be identified by its effective date, which you can find at the top of this Privacy Policy. The new Privacy Policy will be effective from the date mentioned at the top page of the new Privacy Policy.

PERSONAL DATA RIGHTS

General Provisions

In most cases, you can exercise the following data and privacy rights free of charge.

When you ask us to exercise any of your rights under this Privacy Policy and the applicable privacy and data protection laws, we may need to ask you to provide us with certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal data which is related to others that you are not authorized to receive, and to ask you questions to better understand the nature and scope of personal data that you request to access.

Please note that you can deliver your request by contacting us at [email protected]

ISRAEL

If you are based in Israel, you are entitled to request us to: (1) Review and access your personal data that we process. (2) update, amendment, and deletion of personal data which is incomplete, incorrect, outdated or unclear.

EUROPEAN ECONOMIC AREA (EEA)

If you are based in the EEA, you have the following rights with respect to your personal data:

Right to access

You have the right to access personal data we process about you, obtain clear, transparent and understandable information on how we process your personal data and on your rights (as provided in this Privacy Policy), as well as a copy of your personal data.

Right to object

You have the right to object to the processing of your personal data when the processing is based on MDClone’s legitimate interest. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as the respect of a legal obligation (e.g., legal obligation involving the retention of documents), or for the establishment, exercise or defense of legal claims.

Right to request data portability

In certain circumstances under applicable data protection law, you have the right to request data portability, meaning that you can receive the personal data originally provided by you in a structured and commonly used format or that you can request the transfer of the personal data you provided to another data controller.

Right to rectify

You have the right to rectify the personal data if it is inaccurate or incomplete obtain clear, transparent and understandable information on how we process your personal data and on your rights (as provided in this Privacy Policy), as well as a copy of your personal data.

Right to restrict

In certain circumstances under applicable data protection law, you have the right to restrict the processing of some of the personal data during a limited period of time.

Right to withdraw your consent

You have the right to withdraw your consent when it has been obtained and processing is based on consent.

Right to delete

In certain circumstances under applicable data protection law, you have the right to delete your personal data (also known as the right to be forgotten).

Request not to be subject to a decision based solely on automated processing

If applicable, you may request not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces a legal effect concerning you or similarly significantly affects you and if automated processing is used.

Right to lodge a complaint

You have the right to lodge a complaint with your national data protection authority where we are based. If you have a complaint about how we use your personal data, we will always prefer you to contact us first. If you are unsure which data protection authority to contact, please contact us at [email protected]

CALIFORNIA

Right to know what personal data is being collected about you

A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:

The categories of personal information it has collected about that consumer.
The categories of sources from which the personal information is collected.
The business or commercial purpose for collecting or selling personal information.
The categories of third parties with whom the business shares personal information.
The specific pieces of personal information it has collected about that consumer.

Right to know whether personal data is sold or disclosed and to whom

A consumer shall have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer:

The categories of personal information that the business collected about the consumer.
The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
The categories of personal information that the business disclosed about the consumer for a business purpose.

Right to equal service and price, even if you exercise your privacy rights

A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.

A business that receives a verifiable request from a consumer to delete the consumer’s personal information pursuant to subdivision (a) of this section shall delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.

A business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:

Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
Comply with a legal obligation.
Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal data we maintain about you. For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

Financial incentives

Selling of personal data to third parties

We have not sold your personal data in the preceding 12 months.

We have not disclosed consumers’ personal data for a business purpose in the preceding 12 months.

Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement

Right to limit the use or disclosure of “sensitive personal information” (SPI)

Under certain circumstances and to the extent we use or disclose SPI, you have the right to limit the use or disclosure of SPI.

Right to non-discrimination.

You have the right to not receive discriminatory treatment if and when you exercise your rights regarding your personal data under the CCPA.

COLORADO

Right to Data Portability

When exercising the right to Access personal data, you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. You may exercise this right no more than two times per calendar year.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under Colorado law this concerns the following purposes:

targeted advertising;
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

CONNECTICTUT

Right to Data Portability

We are not required to reveal any trade secret.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the CTDPA this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

DELAWARE

Right to Data Portability

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the PDPA this concerns the following purposes:

targeted advertising;
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

Right to obtain a list of third parties to whom the controller has disclosed the consumer’s personal data.

IOWA

Right to Data Portability

When exercising the right to Access personal data, you have the right to obtain the personal data in a portable and, to the extent technically practicable, readily usable format that allows you to transmit the data to another entity without hindrance. You may exercise this right for free no more than two times per calendar year.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the CDPA this concerns the following purposes:

targeted advertising;
the sale of personal data; or
the processing of sensitive data.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

MONTANA

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

We are not required to reveal any trade secret.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the MCDPA this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

NEBRASKA

Right to Data Portability

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the DPA this concerns the following purposes:

targeted advertising;
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

NEVADA

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the Nevada Privacy Law, this concerns the sale of personal data.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

NEW HAMPSHIRE

Right to Data Portability

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the DPA this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

NEW JERSEY

Right to Data Portability

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the DPL this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

OREGON

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

We are not required to reveal any trade secret.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the OCPA this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

TEXAS

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

We are not required to reveal any trade secret.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the TDPSA this concerns the following purposes:

targeted advertising; or
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

UTAH

Right to Data Portability

When exercising the right to Access personal data, you have the right to obtain the personal data that you previously provided to us as a controller in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the UCPA this concerns the following purposes:

targeted advertising; or
the sale of personal data.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

VIRGINIA

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. You may exercise this right no more than two times per calendar year.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the CDPA this concerns the following purposes:

targeted advertising;
the sale of personal data; or
profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

CHILDREN

Our Website is not designed to attract children (an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 18, and with respect to the U.S., under the age of 13) and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

If these age requirements are not met, you are required to avoid using the Website. We will discard any personal data we receive from a minor immediately upon discovering that such a user shared personal data with us.

CONTACT US AND DATA CONTROLLER DETAILS

MDClone Inc,

360 S. Kiely Blvd. Suite 250, San Jose, CA 9512

Email: [email protected]