- What is the GDPR? GDPR is an acronym for General Data Protection Regulation. The GDPR regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU. If You would like to read more about the GDPR, You may do so at ec.europa.eu.
- Personal Data. Under the GDPR, personal data is any information relating to an identified or identifiable natural person. It includes identifiers such as name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. This includes online identifiers such as Internet protocol (IP) addresses and cookie identifiers.
- Categories of Data that are Collected. Company collects the following personal data: (1) name; (2) address; (3) email address; (4) telephone number; (5) gender; (6) age; and (7) IP address.
- How Your Data is Collected. Company collects Your data in two ways: (1) when you access the Website, your IP address is collected through Company’s use of Google Analytics; (2) when You submit an Application to participate in the beta test, You will be asked to provide certain data; and (3) when You attempt to purchase Company’s product (when the product is available for purchase in the future), You will be asked to provide certain data.
- Purpose of Processing Your Data. Processing Your data is necessary for the purposes of the legitimate interests pursued by Company. These legitimate interests include, but are not limited to, knowing who is accessing the Website and with what frequency; knowing information about who is submitting an Application to be a beta tester; knowing information about who is seeking to purchase Company’s product (when the product is available for purchase); being able to improve the quality of the Website; and being able to improve the quality of the product (both through the beta test, and when the product is available for purchase in the future).
- Company’s Use of Your Data.
Company collects Your data for limited uses, which are the following: (1) to allow Company to track the number of visitors who access the Website, and how many times each visitor accesses the Website; (2) for purposes of the beta test, determine the range of individuals who have submitted an Application to be beta testing participants. With regards to the beta test, should You decide to submit an Application, there is additional information about the Company’s use of Your data in the agreement that You will submit in connection with Your Application; and (3) for purposes of purchasing Company’s product (when the product is available for purchase), to determine the types of individuals who are purchasing and making use of Company’s product.
- Who has Access to Your Data. Only a limited number of people who work for Company will have access to Your data. With regards to the beta test and the beta test Application, the only individuals who will have access to Your data are the individuals who work for Company who have the job responsibility of deciding the size and makeup of the beta testing pool.
Company does not share Your data with any third-party for any reason, except if Company is required to do so by Court Order, subpoena, or other similar legal process.
- Data Storage, Protection, and Security. When data is provided to Company, Company makes reasonable efforts to store and protect that data. Company has implemented data storage and protection measures. These include: a.Google Firebase’s “firestore” to store our data. Google outlines clearly the security measures for this service here: https://firebase.google.com/support/privacyb. All data in transit is done over HTTPSc. In addition to the above, we encrypt most readable data right inside the Sentur app and what is stored in the database isn’t readable by anyone without a two-factor authentication key that is associated with the user authentication key and a key that our service uses. d.Key management is also done using Google’s (KMS) Key Management Services that ensures the keys are securely managed and separated from the rest of the data.
Additionally, Your data is not stored offline (i.e., in physical form). To the extent that Your data is transferred into an offline version (e.g., printed out onto paper) for temporary use, the data will be stored in a locked cabinet that is only accessible to specific agents/representatives of Company who need to review Your data for a specific purpose. Such documents will not be shared with anyone else within Company, or anyone else outside of Company. Any such documents will be immediately destroyed upon completion of use.
Notwithstanding the foregoing, please be advised that no data protection or security measures are guaranteed to be 100% secure. Computer hackers consistently attempt to, and are sometimes successful, at circumventing data storage and security measures, even for the most secure electronic databases. Power outages or surges, technological bugs, errors, or glitches may also cause the inadvertent disclosure of Your data. Based on the foregoing, although Company takes reasonable measures to protect Your data, Company does not warrant or guaranty that Your data is 100% secure or will never be inadvertently disclosed to the public. Based on the foregoing, any transmission of data to Company is done at Your own risk. Please do not transmit any data to Company if You are at all concerned that Your data could, at any time, be disseminated to the public.
Company will notify appropriate authorities and You after becoming aware of a data breach. The notification will: (a) describe the nature of the data breach; (b) communicate the name and contact details where more information can be obtained; (c) describe the likely consequences of the breach; (d) describe the measures taken or proposed to be take and where appropriate, measures to mitigate its possible adverse effects.
- Data Retention. Data will be kept for no longer than is necessary for the purposes for which the data are processed, but under no circumstances will Your data be kept for no longer than two weeks.
- Right of Access. You have the right to obtain confirmation from Company as to whether or not personal data concerning You is being processed, and where that is the case, access to personal data and certain information. Should You make such a request, the first copy will be provided to You by Company free or charge. However, Company may charge a reasonable fee for all subsequent copies based on administrative costs associated with producing such copies.
- Right of Rectification. You have the right to obtain from Company without undue delay the rectification of inaccurate personal data concerning You.
- Right of Erasure (Right to be Forgotten). You have the right to obtain from Company the erasure of personal data concerning You, and Company shall have the obligation to erase personal data without undue delay under the circumstances that are delineated in GDPR, Chapter 3, Article 17, as may be amended from time to time.
- Right to Restriction of Processing. You have the right to obtain from Company restriction of processing under the circumstances that are delineated in GDPR, Chapter 3, Article 18, as may be amended from time to time.
- Right to Data Portability. You have the right to receive the personal data concerning You, which You have provided to Company, in a structured, commonly used and machine-readable format, and You have the right to transmit those data to another company without hindrance from Company under the circumstances delineated in GDPR, Chapter 3, Article 20, as may be amended from time to time.
- Right to Object. Based on the fact that the data is being collected for a legitimate business purpose of Company, You have the right to object, on grounds relating to Your particular situation, at any time to processing of personal data concerning You subject to GDPR, Chapter 3, Article 21, as may be amended from time to time.
- Right not to be subject to a Decision. You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly affects You, subject to the limitations set forth in GDPR, Chapter 3, Article 22.
- Marketing. Company will not use your data to send you any marketing, advertising, or other information. Company will not use Your data to send promotional items, materials, or other information to You.
Cookies are used whether You access this Website on a computer or though a mobile device (i.e., a tablet or a cell phone).
You can set Your browser to not accept cookies, and the website referenced above (www.allaboutcookies.org) describes how You can remove cookies from Your browser. However, in a few cases, some of Company’s Website features may not function as a result. You can prevent the use of Google Analytics by downloading and installing the browser plugin available which can be found at: https://tools.google.com/dlpage/gaoptout?hl=en-GB
- Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority, in particular in the Member State or the place of Your residence, work, or place of the alleged infringement.
- Contact information. Company can be contacted at the following:
Integrated Mental Health Technologies, LLC
c/o Sarah Houy, Registered Agent
7120 East Orchard Rd., Ste. 370
Centennial, CO 80111