Privacy Policy

---

Last updated: [21/09/2024]
Privacy Policy for LISA:
This Privacy Policy explains how LISA collects, uses, and protects the personal information you provide when using our mobile application for liposuction safety. We are committed to protecting your privacy and ensuring compliance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, and other relevant global regulations.

Information We Collect
We collect and process the following types of information:

• Personal Data: Identification numbers and patient names (this data is optional and not necessary for the functioning of the app).
• Health Data: Weight, height, age, sex, and hematocrit levels.
• Technical Data: IP address, device type, operating system, and usage data. This data is collected to improve the performance and security of the app and may be considered personal data if it allows for indirect identification of a person. All will be treated with the same security measures as personal data.
• Voice Data: Voice queries made through the voice assistant are processed to improve response accuracy and provide a better experience. However, these voice queries are not stored permanently in the app or on our servers.

Data Storage

• Personal Data (names and identification numbers): Stored encrypted using advanced encryption standards (AES-256) in a separate database from other medical and technical data. This data can only be accessed by you, the authorized user, and will not be shared with third parties under any circumstances, unless required by law.
• Health Data (weight, height, age, sex, hematocrit levels): This data is used solely for analysis and training predictive models. It is not associated with any identifying data and is treated as anonymous or pseudonymized data as appropriate.

Patient Consent
The physician using LISA must have obtained explicit, informed, and verifiable consent from patients before entering their data into the application. It is the physician's responsibility to ensure that patients understand how their data will be used and that proof of the granted consent will be stored, either in digital format or another verifiable medium.

Third Party Privacy Policy
OpenAI: https://openai.com/policies/row-privacy-policy/

Purpose of Processing
We use the information collected to:

• Provide services and functionality within the app.
• Train predictive models based on aggregated data (such as weight, height, age, sex, hematocrit levels) without linking to identifying information.
• Comply with applicable legal obligations.

Legal Basis for Processing
We process your data under the following legal bases:

• Consent: The processing of personal and health data requires prior consent from the user and the patient.
• Legitimate Interests: We use non-identifiable data (such as weight, height, age, sex, and hematocrit levels) to improve our services and develop predictive algorithms. We have conducted an impact assessment to ensure that our legitimate interests do not violate the fundamental rights and freedoms of the user.
• Legal Obligation: We comply with legal requirements when necessary.

Information Sharing
We do not share personal or health data with third parties, except in the following cases:

• By legal obligation: When required by applicable law, court order, or to comply with other legal proceedings.

International Transfers
If your personal data must be transferred outside the European Economic Area (EEA) or to any other jurisdiction, we ensure that such transfers comply with local and regional data protection regulations through the use of mechanisms approved by the competent authorities, such as Standard Contractual Clauses (SCCs), adequacy decisions, or Binding Corporate Rules (BCRs).

Data Security
We implement appropriate technical and organizational measures to protect your data, including:

• Encryption: All personal and health data is encrypted both in transit and at rest using AES-256 encryption.
• Authentication: We use two-factor authentication (2FA) for user access to data stored in the application.
• Monitoring: We actively monitor access to data and protect our systems against security breaches through firewalls and intrusion detection.

In the event of a data breach, we will notify the data protection authorities and affected users within 72 hours if the breach poses a risk to the rights and freedoms of individuals.

Data Retention

• Personal Data: Will be retained for as long as necessary for the purposes indicated in this policy or as required by applicable laws. Once the purpose is fulfilled, it will be securely deleted.
• Non-identifiable Data: Data used to train predictive models may be retained indefinitely, as it is not linked to information that allows for the identification of individuals.

User Rights
As a user of LISA, you have the following rights regarding your personal data:

• Access: Request access to the personal data we store about you.
• Rectification: Request correction of any incorrect or outdated information.
• Deletion: Request the removal of your personal data when it is no longer necessary for the purposes indicated or when you have withdrawn your consent.
• Withdraw Consent: You can withdraw your consent at any time, without affecting the legality of the processing based on the consent before its withdrawal.

You can exercise these rights by contacting us using the contact details provided below. We will respond to all requests within a maximum period of 30 days.

Updates to the Privacy Policy
This Privacy Policy may be updated periodically. We will notify you of any significant changes through the App or via email, and we encourage users to review the policy regularly.

Contact
If you have questions about this Privacy Policy or wish to exercise your rights, you can contact our data protection team at:
LISA TEAM – AH MEDTECH
support@lisamultiverse.com