Privacy notice

Personal information deserves a defined purpose.

This draft separates website and sales information from patient information processed in a customer deployment, then makes roles, retention, rights, and provider dependencies visible.

Last updated
July 17, 2026
Market
Mexico
Language
English review copy

What this notice covers

This notice covers personal information collected through Norwyn’s website, contact forms, sales conversations, security reviews, and account administration. It does not replace a healthcare organization’s patient privacy notice or the customer data processing agreement for a production call agent.

For production calls, the healthcare organization will normally decide the purposes of patient information processing. Norwyn and its providers process that information according to documented instructions, subject to the final agreement.

Responsible party

Norwyn is responsible for the website and sales-lead processing described here. The final publication must identify the Norwyn legal entity, its domicile, and the channel responsible for personal data requests.

No patient information in this form

Do not enter symptoms, diagnoses, medical record details, or other patient information in the website contact form.

Information we collect

  • Contact and professional details such as name, work email, phone number, organization, role, and preferred contact window.
  • Evaluation details such as organization type, approximate call volume, requested plan, security questions, and implementation needs.
  • Technical and security data such as IP address, device and browser information, request timestamps, abuse-prevention results, and service logs.
  • Communications that you choose to send to Norwyn.

Norwyn does not ask for sensitive patient information through the website. If it is submitted accidentally, Norwyn should restrict access and handle it under the approved incident and deletion process.

Why we use it

Primary purposes are to respond to requests, prepare a relevant demo, assess technical and security requirements, create and administer an account, prevent abuse, protect the website, meet legal obligations, and maintain records of the relationship.

Norwyn will not use website contact details for unrelated advertising without the required choice or consent. Any optional marketing purpose and opt-out method must be disclosed before launch.

Providers, transfers, and processing locations

Norwyn uses carefully selected hosting, telecommunications, voice-processing, security, and workflow services to operate the website and product. The applicable data-processing terms identify relevant categories, purposes, processing locations, and transfer mechanisms for a production deployment.

Depending on the approved workflow, these services may process call audio, transcripts, summaries, phone identifiers, metadata, dynamic variables, and related records. Production processing and cross-border transfers are governed by the customer agreement, data-processing terms, and deployment-specific notice.

Retention and deletion

Website lead information should be kept only for the approved sales, security, account, or legal purpose. Final time periods must be added to a retention schedule before publication.

Production-call retention is configured separately for each deployment. Norwyn requires a written decision for recordings, transcripts, summaries, metadata, downstream copies, deletion, and legal exceptions before activation.

Deletion may be delayed where information must be preserved for fraud prevention, billing, dispute resolution, legal claims, or another legal obligation. The reason and applicable period should be documented.

Your choices and ARCO rights

Subject to applicable law, a person may request access to personal information, rectification of inaccurate information, cancellation when appropriate, or opposition to certain processing. A person may also ask about consent withdrawal and limitations on use or disclosure.

Use the contact page and select “Privacy or ARCO request.” The final process must identify the request channel, identity-verification steps, required information, statutory response period, and appeal or authority route. Norwyn will ask only for information necessary to verify and complete the request.

Security and incidents

Norwyn uses a layered model that combines application controls, infrastructure safeguards, customer-configurable settings, and contractual commitments. The security page explains these responsibilities and operating boundaries.

If an incident presents a material risk to a person’s rights or information, Norwyn will follow the notification and response obligations approved in the final incident plan and customer agreement.

Changes and contact

Material changes to purposes, categories, transfers, rights, or the responsible entity will be reflected in an updated notice and communicated as required. The publication date will appear at the top of this page.

For privacy questions, use the contact page. A dedicated privacy email and physical domicile must be inserted before final publication.