Legal & compliance documents

Last updated: April 28, 2026

Index

Here you will find all the legal documents governing the use of the VRET website and SaaS platform. Each document is versioned and its last-updated date appears in its header.

The single source of truth for the subprocessor list is the DPA Annex III; the Privacy Policy and the Security page are synchronised with that list.

Published documents

Internal documents available under NDA

The following documents are not published openly, to protect operational details, but are provided to the client’s DPO under a confidentiality agreement before the DPA is signed or during the client’s audit phase:

  • Data Protection Impact Assessment (DPIA) — Art. 35 GDPR.
  • Record of Processing Activities (RoPA) — Art. 30 GDPR.
  • Internal security and acceptable-use policy for employees.
  • Security breach response runbook with Spanish Data Protection Agency/ICO templates and data-subject communication.
  • Auditable break-glass access SOP.
  • Architecture diagram with data flows and jurisdictions.
  • Signed DPAs with each subprocessor.

Request them from privacidad [arroba] vret.es with the subject «DPO documentation + clinic name».

Contact channels

General contact
contacto [arroba] vret.es

Sales, support and product questions.

Privacy / GDPR
privacidad [arroba] vret.es

Rights requests, DPO questions, DPA requests.

Security
seguridad [arroba] vret.es

Vulnerability reports, breaches, clinical adverse events.

Versioning

We keep a version history of every legal document so you can evidence which version was in force at a given time. Request prior versions by email at privacidad [arroba] vret.es.