This Privacy Policy (‘POLICY’) is a legal agreement between the User, an individual or legal entity (the ‘USER’) and ADDHERE TECHNOLOGIES LIMITED., a private legal entity, company number: 13119313, a UK-based limited company based at The Innovation Centre, Sci-Tech Daresbury, Keckwick Lane, Daresbury, WA4 4FS, UK (‘ADDHERE’), for evaluation of the Addhere software Application.

The Addhere app is committed to the highest ethical standards when providing all of its related content and services. The app is committed to providing objective and reliable information and guidance designed to support the diagnosis of ADHD.

The general data policy of the Addhere application covers all content, both data and guidance, including texts, video and audio resources, interactive tools and images.

In all cases, we ensure that the data is accurate and clearly presented and that the content meets the USER’s needs, is secure, evidence-based and based on the best scientific knowledge.

The following sections set out our principles, standards and processes.

1. DATA COLLECTION AND STORAGE – GENERAL INFORMATION

The collection of personal data can be carried out to satisfy the USER’s need for registration and integration in our electronic platform, such as: Full name, date of birth and photograph; contact data (e-mail), affiliation, behavioral data of patients, in addition to preferences and patterns of access and navigation.

The collected data can also be used for research and innovation with the goal of generating the social good associated with supporting the individual’s ADHD diagnosis. We use the information available to us to conduct and support research and innovation on topics related to general social welfare, technological advancement, public interest, health and well-being, including sharing the data with research institutions and universities and specialized teams, in preserving the anonymization of the data.

The treatment is carried out based on the GDPR (General Data Protection Regulation), when necessary for the conclusion of a contract or preliminary procedures related to a contract to which the data subject is a party, upon request of the data subject. The DPO responsible for data processing is Guilherme Augusto Dias Reis, contact email: [email protected]

The USER’s personal data will be kept for a period of up to 5 (five) years, counted from the date of insertion in the application, except if any specific regulation requires storage for a longer period, and the holder may exercise the right to request anonymization, blocking or deletion of unnecessary data.

If sensitive data is collected, such as the collection and recording of digital, voice or image identification, this will occur based on the legal hypotheses for processing sensitive personal data, to comply with a legal or regulatory obligation on the part of the person responsible for the treatment and/or to guarantee the prevention of fraud and the security of the holder, in the processes of identification and authentication of registration in electronic systems.

Under the terms of the legislation in force, for the purposes of providing services and tax, consumer and regulatory obligations, ADDHERE, as the application provider, must keep the following indirect personal data: Access number and other identifiers (e-mail, IP) ; Access history to available digital platforms, with date, time, IP, Logical access port and session duration and access logs.

Information about device identification, IP addresses and information collected through cookies in our application may also be collected, which may be used for statistical purposes, security and improvement of communication with the USER. The cookies policy is displayed when the USER accesses the application for the first time and will ask for acceptance before starting navigation.

Any processing of personal data that is not provided for in this policy will only be carried out with the prior, free and unequivocal consent of the holder for the specific purpose or specific service or even, for the legitimate interest of the controller, provided that it is preceded by an analysis the impact on privacy. , where any risks to the holder’s individual rights and freedoms will be assessed and mitigated.

Personal data is protected by ADDHERE, always considering the best practices and information security protocols to preserve data privacy and in compliance with the General Data Protection Law and other laws and regulations in force and applicable to our products and services.

With regard to data protection, the following apply: a) measures of a physical nature of security and access control; b) technical measures, such as: protection against malicious software, cryptography and backup routines and c) organizational and procedural measures, among them: contractual repertoire with security, privacy and Compliance clauses, demanding from partners and suppliers the same guarantees provided for in this , hiring of reference logical storage companies, data restriction considering the principles of necessity and purpose, etc.

Personal data is stored in cloud computing providers, with a high level of Well-Architected security, configured by an authorized AWS partner and contracted by ADDHERE, to carry out the processing based on the purposes determined in this policy.

In accordance with the General Data Protection Law, every natural person must have their fundamental rights of freedom, intimacy and privacy guaranteed, thus being able, from the entry into force of the legislation, to request through our service channels: confirmation of the existence of treatment, access to your data, correction of incomplete, inaccurate or outdated data, portability, if applicable, revocation of consent or deletion of data, which eventually are treated exclusively based on consent and information about the entities with which your data were shared.

The USER acknowledges and accepts that ADDHERE has access and gives authorization to ADD to the photo and name data already registered in its facebook social network, if it chooses to use the login through this platform.

The collection, storage and use by ADDHERE of the USER’s personal information is carried out in compliance with all applicable laws and regulations.

2. DATA COLLECTION AND STORAGE – TYPES OF COLLECTED DATA

When using the App, we may ask the USER to provide us with some personal and school data that can be used to contact or identify him. Information includes:

USER: First and last name, photo and email address

Schools: school country, class name/number and school name

From device: type of mobile device used, IP address and operating system of your device.

Responses will also be collected regarding the behavioral sheets to generate reports and recommendations regarding the respective identified pathologies and which are not intended to be considered as final or clinical diagnoses, but only to support the diagnosis.

3. DATA SHARING

Addhere strives to collect the minimum amount of personal data and only shares them with other organizations where the law allows it or where it requires and has obtained your consent from the USER.

Data can be transferred and stored on computers, maintaining the national data protection law.

If USER is located outside of the UK and chooses to provide information on this app, your personal data will be processed here in the UK. All necessary measures will be taken so that your data is treated safely and without transferring your personal data outside the aforementioned national territory.

Your data may be disclosed for the following good faith reasons:

• To comply with legal obligations
• To prevent and investigate possible service-related infringements
• To protect the personal safety of the USER of the service or the public.

They may also be shared with partners in the national territory, for processing purposes, exclusively based on the purposes determined by ADDHERE and based on the legal bases of contracting or contract execution, credit protection and fraud prevention and the security of the holder, in the identification authentication of processes and records in electronic systems.

4. LINKS IN ADDHERE APPLICATION

Addhere is extremely careful about the websites the app links to, but is not responsible for the content on those websites.

The inclusion of a link to an external website from the Addhere Application should therefore not be construed as an endorsement of that website, its content or any product or service it may provide. Transactions between the USER and any external website are not the responsibility of the Addhere application.

If the USER accesses any third-party link through the Addhere application, he is aware that he must be informed about their privacy policies, as Addhere’s privacy policy is not valid on third-party websites or applications.

If the USER himself adds a third-party link to the Addhere application through the comments areas in which the USER will be free to insert texts and photos, the USER becomes responsible for his own insertions, and Addhere does not have any responsibility for the content inserted by the USER.

5. USER RIGHTS

The user has the right to request the termination of their account at any time. The user’s account can be terminated upon request, subject to prior communication sent to the email address: [email protected], using the email address used during the application registration. In this email, the user must explain the reason for the request and clearly indicate whether the deletion will only apply to their registration data or the data entered by them in the application. Upon receiving the respective email, Addhere will have up to 30 (thirty) days to respond to the request and up to 90 (ninety) days to permanently delete the data, which will no longer be recoverable.

The user has the right to choose to delete only their registration data, while other data entered by them in the application may be stored in the database for use as already described in this policy. If the user requests the deletion of their personal data and/or the data entered by them in the application, they may choose to receive the data for portability purposes. Addhere will arrange for the data to be sent in an anonymized format, such as an Excel spreadsheet, where it will not be possible to identify them.

The user has the right to withdraw their consent for the use of their personal data within the specificities stated in this policy. The procedure for requesting withdrawal of consent must follow what has been described in clause 3.2. By choosing to withdraw consent, the user is aware that their registration will be automatically deleted from the Addhere database.

The data entered in the ADDHERE application will not be deleted under any circumstances by ADDHERE, except in the case of an explicit request made by the user.

ADDHERE will have a period of up to 30 (thirty) business days to evaluate and respond to the email regarding the request for rights, starting from the date of receipt.

6. ACCESS CARRIED OUT BY MINORS

To prevent unwanted access by a person under 18 years of age to the application, it is recommended to use a secure email account that includes multi-factor authentication, using an additional factor that the minor does not have access to.

Any potential access, if it occurs, does not pose an objective risk to the individual under 18 years of age. However, accessing diagnostic support results without the proper context and understanding by the parent or guardian may cause harm for which Addhere, the school, or its partners cannot be held responsible. It is the sole responsibility of the parents themselves to use the application following the recommendations proposed above.

The USER may request the deletion of data in the case of access by minors by sending an email to [email protected] using the email address used during the application registration. In this email, the USER should explain the reason for the request and clearly indicate which data should be deleted from the application. Upon receiving the respective email, Addhere will have up to 30 (thirty) days to respond to the request and up to 90 (ninety) days to permanently delete the data, which will no longer be recoverable.

7. SUPPORT AND CLEARING DOUBTS

Questions or complaints regarding your personal data can be made through the email: [email protected]. Addhere will have a period of up to 30 (thirty) days to respond to your email starting from the date of receipt.

DOUBTS AND APPLICATION USAGE ISSUES

Questions and/or reports of issues encountered by the user while using the Addhere application can be sent through the email: [email protected]. Addhere will have a period of up to 10 (ten) business days to evaluate and respond to the email, starting from the date of receipt, providing an answer to the question or containing the estimated date for resolving the reported issue. The estimated date will have a limit of up to 30 (thirty) days for resolution.

SUPPORT

The USER may request support from Addhere through the email: [email protected] using the email address used during the application registration. Addhere will have up to 5 (five) business days to respond to level 1 support requests, up to 10 (ten) business days to respond to level 2 support requests, and up to 30 (thirty) days to respond to level 3 support requests.

Level 1 support is considered low complexity support, level 2 support is considered medium complexity support, and level 3 support is considered high complexity support. The complexity will be determined by Addhere based on an evaluation conducted by the Team.

8. LIABILITY

We assume no liability to the USER if we fail, are interrupted or delayed in fulfilling any obligation due to:

(a) the unavailability or failure of any telecommunications or IT services, systems, equipment or software operated or provided by the USER or by third parties;

(b) any other event not reasonably within our control

We do not assume any commitment or liability towards you in relation to the content of the ADDHERE application provided by another USER of the website or by third parties.

By using the application, the user agrees to the privacy policy in its entirety.

9. VALIDATED ALGORITHM

The Addhere APP uses an instrument whose algorithm is scientifically validated.
The declaration of the external health professional can be found at this link

10. CHANGES IN THE PRIVACY POLICY

ADDHERE reserves the right to change its Policies at any time.

Updated on June 13, 2023.