PRIVACY POLICY

INTERPRETATION

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

INTRODUCTION

Welcome to the T1D Registry Patient Application. This page outlines how Data Controller (hereinafter referred to as \"we\" / \"our\" / \"us\") handles your personal data. We are committed to protecting your privacy and ensuring the security of your data.

NOTICE OF PRIVACY PRACTICES

This Privacy and Security Policy [\"Privacy Policy\"] describes our policies and procedures on the handling of your data when you use the outlined services and tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve our Service. However, the policy does not apply to the information collected by any third-party websites, plug-ins or applications to which we provide links, to information provided to, or collected by, third-parties through cookies, web beacons, or other third-party technologies served during your visit to the Website and/or Application.

By using this Website and/or Application and providing us your data and personal information, you signify your agreement to this Privacy Policy. If you do not agree with any of the terms in this Privacy Policy, please do not provide us your personal data or use this Website and/or Application.

Kindly note that the Services referred to within this document and provided through the Website and/or Application are provided by us. Furthermore, we hold the responsibility towards maintaining and handling (collection, usage, storing and sharing) of your personal data so provided by you as described within this Privacy Policy and as per the applicable laws.

In addition to this Privacy Policy, we have established Terms of Use (ToU) that sets forth the general rules and policies governing your use of the Website and/or Application. A copy of the Terms of Use can be found at the T1D Registry Patient Registry Application and/or Website.

SCOPE

This Privacy Policy applies to T1D Registry Patient Registry's Website and/or Application and describes our practices concerning data handling (collection, use, storing and sharing) This Website and/or Application has been developed by a third-party whose role is limited to the extent of developing the said Website and/or Application.

OUR COMMITMENT TO YOUR PRIVACY

We are dedicated towards maintaining the privacy of your personally identifiable information, including your protected health information (collectively, \"PII\"). PII includes information about you that may be used to identify you (such as your name or address) and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you. In order to provide you with our services we shall receive and create records containing your PII. We are required by law to maintain the privacy of your PII and to provide you with notice of our legal duties and privacy practices with respect to your PII.

We shall abide by the terms of this Privacy Policy while it is in effect. This current Privacy Policy takes effect on the date specified above, and will remain in effect until we replace it. When/if we change the terms of this Privacy Policy, the new terms shall apply to all PII that it maintains, including PII that was created or received before such changes were made. When/if we change this Privacy Policy, the new Privacy Policy shall be made available to you on this Website and/or Application. You agree to accept electronic communications and/or postings of revised versions of this Privacy Policy on the Website and/or Application and agree that such electronic communications or postings constitute notice to you of the revised version of this Privacy Policy.

Note: The laws and regulations in different countries impose different (and even conflicting) mandates on data protection. The Website and/or Application has been made available within the territory of [Insert name of Country/Region] and the servers for this Website and/or Application are also located in the said territory. All matters relating to the Website and/or Application are governed by the laws of [Insert name of the Governing Jurisdiction], without reference to its conflicts of law/rules that would result in the application of the laws of any other jurisdiction. Please note that any information/data you provide will be transferred to the concerned department of the Government of [Insert name of Country], and by using the Website and/or Application or providing us your PII, you authorise the said sharing/ transfer.

INFORMATION COLLECTED

Our Website and/or Application collects your personal data through the use of cookies. Cookies may be used to collect the date and time of your visit, your browsing history, your preferences, etc.

Kindly note that your consent will be requested for the collection of your cookie data on accessing the Website and/or Application. You may consent to the handling of your personal data for select cookies and refuse for others. If you disable or refuse cookies, please note that some parts of our Services/Platform may become inaccessible or not function properly. For more information on the cookies we use, please see our Cookie Policy found at the T1D Registry Patient Registry Application and/or Website.

Our Website and/or Application also collects the following types of personal data:

• Health Information: Data related to an individual's health conditions and treatments.
• Personally Identifiable Information (PII): Information that can identify an individual, such as name, address, contact details, and other identifiers.
• Any other related information.

COLLECTION, USE, AND DISCLOSURE OF PERSONAL DATA:

We collect the following PII:

1. Contact information such as name, email address, mailing address, phone number, etc.
2. Health or medical information

We are fully compliant with the privacy provisions of the General Data Protection Regulation (\"GDPR\") and [Insert National/Regionally applicable law(s)]. Our staff, employees, and agents receive necessary training concerning our confidentiality and privacy policies. Our staff, employees and agents will use your PII only as necessary to provide you with our services or for other authorised, legitimate reasons that are compliant with GDPR and [Insert National/Regionally applicable law(s)]. Access to your PII will be limited to those employees and authorised agents who require this data in order for us to provide our services to you. You agree to supply our staff, employees and/or authorised agents with all necessary PII.

TYPES OF DATA COLLECTED

A. Personal Data

While using the Website and/or Application, we may ask you to provide us with certain PII that can be used to contact or identify you. These PII may include, but is not limited to:

• Email address
• First name and last name
• Phone Number
• Address, City and/or Country data.
• Health or medical data.

B. Usage Data

Usage data is collected automatically when using the Website and/or Application. Usage data may include information such as your device details (meaning any device that can access the Website and/or Application such as a computer, a cell phone, or a digital tablet, amongst others), Internet Protocol Address (IP Address), browser type, browser version, the pages of the Website and/or Application that you visit, the time, and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Website and/or Application by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of device you use, it's unique ID, it's IP address, operating system, the type of Internet browser you use, unique device identifiers, and other diagnostic data.

We may also collect data that your browser sends whenever you visit our website and/or Application or when you access the Website and/or Application by or through a device.

Purpose Strings for Data Access

In compliance with App Store guidelines, we provide explicit descriptions of data usage:

• Location Access: This app requires location access to provide real-time location-based healthcare services and direct users to nearby healthcare facilities.
• Microphone Access: This app requires microphone access for telemedicine consultations, allowing users to communicate with healthcare professionals.
• Camera Access: This app requires camera access for scanning prescriptions, uploading medical records, and engaging in video consultations.
• Contacts Access: This app requires access to contacts to enable emergency contact linking for healthcare notifications.

USE OF YOUR PERSONAL DATA

We may use your personal data for the following purposes:

• To monitor the usage/supply of our services.
• To manage your registration within the Website and/or Application, if any. This shall apply to registration as a user and registration as a Data Subject within the Website and/or Application. The personal data that you provide can give you access to different functionalities and services of the Website and/or Application that may be made available to you on registration.
• To contact you via email, telephone calls, SMS, or other equivalent forms of electronic communication. We may contact you regarding updates or informative communications related to the functionalities, or services, including security updates, when necessary or reasonable for their implementation.
• To attend and manage your requests to us.
• Tracking Disclosure & User Permission
  • We do not track users across third-party apps for advertising purposes.
  • We do collect cookies for functionality and service improvement
  • We do not track users for advertising or data brokering.
  • Users who deny tracking permissions will still have access to the core features of the app without tracking-based personalization.
  • Users can update their tracking preferences anytime in the app settings.

We may share your personal data in the following situations:

• We may share your personal data with Service Providers to monitor and analyse the use of the Website and/or Application, to contact you.
• We may share your personal data with our affiliates, in which case we will require those affiliates to honour this Privacy Policy. Affiliates include our subsidiaries, joint venture partners, or other companies that we control or that are under our common control.
• We may share your personal data for any other purpose with your consent.

RETENTION OF YOUR PERSONAL DATA

We shall retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

We shall also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen data security or to improve the functionalities of our service, or when we are legally obliged to retain this data for longer time periods.

CREDIT CARD, DEBIT CARD, AND BANKING INFORMATION

We do not collect or store your Credit Card or Debit Card or banking information. We do not collect or store any form of financial data/information whatsoever.

DATA PROCESSING AND OWNERSHIP

Our Website and/or Application is deployed for the territorial region of [Insert Country name/region name/worldwide as applicable], and we are acting in the capacity of a Data Controller for this Website and/or Application. This means:

Data Controller: The entity that deploys the Website and/or Application and is responsible for determining the purposes and means of processing of personal data.

Data Processor: The entity that processes data on behalf of the data controller and disclaims any ownership of the data collected.

DATA SECURITY

We implement industry-standard security measures to protect your personal data from unauthorised access, use, or disclosure. Data Processors may be engaged by us to provide our services to you, we shall ensure that the Data Processors engaged by us implement industry-standard security measures in a similar manner to protect your personal data.

THIRD PARTY SERVICES

We may use third-party services for collection, hosting, data storage, or other functionalities. These services are contractually bound to protect your data in accordance with the industry- standard security.

HANDLING OF YOUR PERSONAL DATA

We may handle (collect, process, retain, use and/or share) your personal data under the following conditions:

1. You have given your consent to the handling of your personal data for one or more specific purposes.
2. Handling of your personal data is necessary for the performance of our agreement with you and/or for any pre-contractual obligations thereof.
3. Handling of your personal data is necessary for compliance with a legal obligation to which we are a subject.
4. Handling of your personal data is necessary in order to protect your vital interests or of another natural person.
5. Handling of your personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in us.
6. Handling of your personal data is necessary for the purposes of the legitimate interests pursued by us.

In any case, we will gladly help to clarify the specific legal basis that applies to the handling of your personal data, and in particular whether the provision of personal data is a statutory or contractual requirement, arising out of public interest, arising out of consent, a requirement necessary to enter into a contract, etc. as listed above.

YOUR DATA PROTECTION RIGHTS

We undertake to respect the confidentiality of your personal data. A user has the rights as provided under this Privacy Policy, and by applicable laws. You shall have the rights:

• to access, update or delete your personal data. You can access, update or request the deletion of your personal data directly by contacting us using the information provided herein.
• to have your incomplete or inaccurate data corrected.
• to object to the processing of your personal data.
• to request for the deletion or removal of your personal data when there is no good reason for us to continue handling it.
• to withdraw your consent towards the handling of your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of our services. Kindly note that withdrawal of consent shall not affect the processing of your personal data undertaken before such withdrawal.

You may raise a request to obtain a summary of the personal data provided by you. We will provide to you, or to a third-party you have chosen, a summary of your personal data being handled by us and the processing activities undertaken by us utilizing your personal data.

You may also raise a request to obtain the identities of all other parties with whom your personal data has been shared by us along with a description of the personal data so shared.

EXERCISE OF YOUR DATA PROTECTION RIGHTS

You may exercise your right to access, rectification, cancellation, and opposition by contacting our Data Protection Officer.

Contact us on: contact@duretechnologies.com

Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.

Note: You have the right to complain to a Data Protection Authority in case of any grievance related to collection and use of your personal data.

PRIVACY OF DATA SUBJECTS UNDER THE AGE OF (Age of minority to be inserted based on the applicable local laws)

We collect personally identifiable information from Data Subjects under the age of 18 (Eighteen) years, only with the consent of their parent/guardian. We shall collect the consent from the parent/guardian of such Data Subjects at the time of registration and/or before the collection of the Data Subject's personal data.

If you are a parent/guardian of a Data Subject under the age of 18 (Eighteen) years and you become aware that said Data Subject has provided us with their personal data without your consent, please contact/notify us through the contact information provided herein. On receipt of any knowledge/awareness that we have collected personal data from a Data Subject under the age of 18 (Eighteen) years without the consent of parental/guardian, we shall, after verification, take timely steps to remove such Data Subject's personal data from our servers.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. You will be notified of any changes by posting the new Privacy Policy on this page. You will also be notified via email and/or text notification on your registered contact number and/or through a prominent notice on the service (Website and/or Application), prior to the change coming into effect and update the \"Last updated\" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

GRIEVANCE

In case if you have any grievance, you can reach us at:

Email: contact@duretechnologies.com