Elaro Vale Inc.

Privacy Policy

Effective Date: April 30, 2026

1. Introduction

Elaro Vale Inc. (“Company,” “we,” “our,” or “us”) is committed to maintaining the confidentiality, integrity, and availability of information entrusted to us.

As a medical logistics provider, we implement structured security and privacy controls aligned with industry best practices, including principles commonly associated with SOC 2 (Security, Availability, and Confidentiality).

This Privacy Policy outlines how we collect, use, disclose, and safeguard information in connection with our website and services.

2. Scope of Policy

This policy applies to:

  • Website visitors
  • Clients and partners
  • Service interactions and logistics operations
  • Systems and platforms used to support service delivery

3. Information We Collect

a. Information You Provide

  • Name, email address, and phone number
  • Organization or facility information
  • Service requests and delivery instructions

b. Operational Data

  • Pickup and delivery details
  • Chain of custody documentation
  • Delivery confirmations and timestamps
  • Routing and scheduling data

c. System & Usage Data

  • IP address and device information
  • Browser type and session activity
  • Website interaction data

d. Sensitive Data Handling

Where applicable, Elaro Vale Inc. implements safeguards to limit exposure to sensitive healthcare-related information. Any such data is handled under strict access control and confidentiality standards.

4. How We Use Information

We use collected data to:

  • Coordinate and execute logistics services
  • Provide delivery tracking and updates
  • Maintain operational records
  • Improve service performance and system reliability
  • Meet legal, regulatory, and contractual obligations

5. Security & Internal Controls (SOC 2-Aligned)

Elaro Vale Inc. maintains administrative, technical, and physical safeguards designed to protect information, including:

a. Access Controls

  • Role-based access to systems and data
  • Least-privilege access enforcement
  • Secure authentication protocols

b. Data Protection

  • Encryption in transit (e.g., HTTPS)
  • Secure storage practices
  • Controlled data handling procedures

c. Monitoring & Logging

  • System activity monitoring
  • Access and usage logging
  • Periodic review of system access and events

d. Incident Response

We maintain procedures to:

  • Identify and respond to security incidents
  • Contain and remediate risks
  • Notify affected parties when required by law

e. Personnel Security

  • Background screening where applicable
  • Confidentiality obligations for employees and contractors
  • Ongoing training on data protection and handling

6. Vendor & Third-Party Management

We may engage third-party providers to support operations (e.g., dispatch systems, communication tools, hosting services).

We implement vendor management practices including:

  • Due diligence prior to engagement
  • Confidentiality and data protection requirements
  • Ongoing evaluation of service providers

7. Information Sharing

We do not sell or rent personal or operational data.

Information may be shared only:

  • With authorized personnel necessary to perform services
  • With vetted service providers under contractual safeguards
  • When required by law or regulatory authorities
  • To protect safety, rights, or operational integrity

8. Data Retention

We retain information only for as long as necessary to:

  • Fulfill operational and contractual obligations
  • Maintain required business and compliance records
  • Meet legal and regulatory requirements

9. Availability & Business Continuity

We implement measures designed to maintain system availability and continuity of operations, including:

  • System redundancy where applicable
  • Backup procedures
  • Operational continuity planning

10. Your Rights

Subject to applicable law, you may request:

  • Access to your data
  • Correction of inaccurate information
  • Deletion of data, where permissible

Requests may be submitted using the contact details below.

11. Cookies & Tracking

We may use cookies and similar technologies to:

  • Improve website functionality
  • Analyze usage patterns
  • Enhance user experience

Users may adjust browser settings to manage cookie preferences.

12. Third-Party Links

Our website may contain links to third-party platforms. We are not responsible for their privacy practices or content.

13. Children’s Privacy

Our services are not intended for individuals under 18, and we do not knowingly collect personal data from minors.

14. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted with an updated effective date.

15. Contact Information

For questions regarding this Privacy Policy or our data practices:

Elaro Vale Inc.
Email: privacy@elarovale.com

16. Compliance Statement

Elaro Vale Inc. maintains a structured approach to data protection aligned with industry-standard security frameworks. Our controls are designed to support confidentiality, integrity, and availability of information across all operations.