SIP THERMOVISION SRL (herein after referred to as "we", "Thermovision", "Company"), acts as controller of the personal data provided by you when using our App.

Thermovision is committed to respecting the confidentiality of your personal data. We will treat all personal data provided by you as confidential and will process only the information allowed by applicable legislation. This privacy notice describes our policies and practices regarding the collection and use of your personal data and establishes your privacy rights.

The confidentiality of information is a permanent responsibility, and thus, we reserve the right to amend the Privacy Policy at any given time without prior notice. As such, any changes that may not follow the purpose or the intent of the prior consent will require a new consent input from our users, meaning that we will notify you of any changes and request your additional consent. Thermovision is set to respect Regulation 2016/679 no. of the European Union and the European Economic Area (GDPR) and all other relevant legislation and regulations for this matter.

If you do not agree with the way Thermovision processes personal data or with the type of data we process, we instruct you to reject our policy which will render our services unusable in turn.

Thermovision uses third-party service providers that help us improve our services and processes. Such services include but are not limited to: medical institutions and independent researchers and clinics, payment providers, and financial institutions.

We process your data to supply you with our health-related services, which are associated with detection and prevention of skin cancer. These actions can be traced by certain patterns on the skin of our users.

We collect, process and store your data to fulfill the best type of services our company can offer you. Each type of data processed by us will be further explained in relation to its purpose.

Moreover, Thermovision requires certain data from its user to provide our customers with our complete services and supply assistance in any reasonable way we can. Your data may be used for various purposes such as marketing, legal and customer service.

To use our website and mobile app, we will process your email information. For our website, we will collect data about the browser you are using, while for the mobile App, we will collect information concerning your mobile device. Other examples of data we collect and process for our services can include geo-location, the type of software you use and IP address.

To fully utilize our services as given their intended use, camera access via the Thermal imagery camera attached to your mobile device must be granted by the user. If you do not allow a connection through the Thermal camera, you may not be able to fully utilize our services. Our app may also ask for your location services. The request for location services is fully optional and serves as an UV indicator in our app for users.

To deliver our Services effectively, we collect the following personal data:
• Registration Details: Name, date of birth, age, and email address (required to create an account).
• Profile Preferences: Optional details such as profile photo, gender, location, contact number, and preferred language.
• Health-related Data: Thermal images captured using our devices, annotated body maps, and any related notes. This data is processed only with your explicit consent.
• Payment Information: Includes name, email, IP address, country, and transaction details processed securely through third-party providers.
• Support Interactions: Data you provide when contacting customer support or submitting feedback.

We do not process data about other individuals and heavily discourage our users from submitting other individual data to us.

• Information about your device, hardware, and software, such as your hardware identifiers, mobile device identifiers (like Apple Identifier for Advertising [IDFA], or Android Advertising ID [AAID]), platform type, settings and components, and the presence of required plugins;
• Approximate geolocation data (derived from IP or device settings);
• Browser information, including your browser type and the language preference;
• Referring and exit pages, including pages viewed and other interactions with web content;
• Internet or Electronic Network Activity information; such as, browsing history, search history, and information regarding interactions with our website and application.
• Technical performance data of your device on our App and website (such as error logs, crash reports).

We also may collect and store information locally on your device, using mechanisms like cookies, browser web storage (including HTML 5), and application data caches.

• we get or generate from your use of our application or services. We collect information related to your activity, the services that you use and how you use them, and your devices and activities when you install or access our services.
• we obtain data collected by the third party cookies implemented on our application in order to recognise you and your device, provide interest-based advertising to you, allow us to understand how you interact with our website (for example, where we use cookies such as the Google Analytics cookie on our Websites), allow our payment processors to process your payment instructions.

All personal information processed under this chapter are recorded/kept only for the period necessary to fulfil the purposes for which the data were collected, imposed by the applicable legal provisions in the field, respectively by the provisions on archiving.

Your information is utilized for the following purposes:
• Health Insights: To analyze thermal images and support personal health tracking.
• Service Enhancements: To maintain, improve, and optimize our website, app, and overall service.
• Customer Assistance: To address your inquiries and provide tailored support.
• Promotional Communication (Optional, Requires separate consent): To inform you about new features or offers
• Legal Compliance: To adhere to legal requirements and resolve legal matters.
• Scientific Research (Requires separate consent): To advance our technology through anonymized data used in research.

a. For fulfilling the contract concluded between us;

b. Consent in the following situations:
- Cookies - Information stored on your device so that we can better understand how our sites and apps are used and send more relevant offers to you.
- Mobile push notification - Managed in the mobile device settings
- Marketing communications.
- Processing sensitive personal data.

c. Legitimate interests in the following situations:
- Analytics & data segmentation
- Training & development
- Statistics/reporting
- Troubleshooting and diagnostics
- Data Privacy Notifications System
- Social Media Content Management
- Research and studies
- Finance and accounting

d. Legal purposes in the following situations:
- Legal compliance
- Litigation or pre-litigation
- Security monitoring and Investigations

Thermovision will use your personal data that is tied to your medical profile and conditions in order to improve our services and to provide better and more accurate results for our customers. As such, your medical profile and details enjoy the extra privileges of protections conferred by the GDPR regulations.

The data will be collected for a explicitly declared purpose and legitimate purpose; it cannot be used for other purposes that are not encompassed in the original stated scope. However, the same data can be re-used for archiving purposes, research or statistical purposes.

The data processed by us will be used in such a manner that minimizes risks to confidentiality or integrity to the data itself, or the person whose data is collected.

Some of your personal data, such as health information and medical records or profiles, are classified as "sensitive data" under the GDPR due to their nature and purpose. The processing of such data is subject to strict conditions and protections.

In accordance with GDPR, processing of sensitive data—including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, or data concerning a natural person's sex life or sexual orientation—is generally prohibited. Exceptions to these restrictions may apply only under certain conditions, for example, when explicit consent has been obtained or when processing is necessary for specific legal or medical purposes.

To process sensitive data, we require your explicit and unambiguous consent. This means that you must freely agree to our collection and processing practices through an affirmative action, such as giving written, oral, or electronic consent.

Your consent must be explicit and unambiguous, meaning it should be clearly given without coercion or pressure. Silence, failure to tick boxes on our apps or website, or refusal to provide consent will be considered as non-consent and may restrict certain processing activities. We do not include pre-checked boxes or pre-opted options regarding your sensitive data.

You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

In respect of GDPR, consent must be informed. It must be addressed and collected in an intelligible and easily accessible form with clear language and distinctively. Whenever we seek your consent for the processing of sensitive personal data, it will be obtained through a clear and explicit written declaration. If this declaration is part of a broader document covering other subjects, the request for your consent will be presented separately, in a manner that is clearly distinguishable from other content.

We will ensure that this request is provided in an accessible, understandable format, using clear and plain language so that you can easily comprehend what you are consenting to. Your consent will be given freely and unambiguously, through an explicit action or statement indicating your agreement.

Please note that any part of the declaration that does not comply with GDPR requirements, including confusing, misleading, or non-transparent language, will not be considered valid and will not be binding. Your trust and understanding are our priorities, and we are committed to respecting your rights regarding personal data processing.

The user has the right to:
• The right of access to personal data, to be informed about what information is being processed by Thermovision. The right to rectification of data, to correct any errors. The data subject has the right to request Thermovision rectification of inaccurate personal data concerning the user. With regards to the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
• The right to erasure of data (right to be forgotten), including the possibility to delete the account and associated documents.
• The right to object to data processing.
• The right to withdraw your consent at any time.
• File a complaint with a data protection authority

You have the right to obtain from Thermovision confirmation that your data is being processed. You may also ask for access to your personal data and the following information:
• the purposes of the processing
• the categories of personal data concerned
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
• the right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source

Thermovision will also provide a copy of the personal data that is undergoing processing. If any further copies are requested by the data subject, we may charge a reasonable fee based on administrative costs. Such a fee can be inferred when you request the data more than once, in a repetitive and unfounded manner. An exception may occur where the data is the context of scientific research.

Thermovision reserves the right to identify, by any legal measures, the data subject when the user is making any requests concerning its data.

All such requests communicated to Thermovision will be addressed to our dedicated e-mail address and fulfilled by electronic means, unless such means are not possible, or the user makes a request to be provided in a different manner.

To request the deletion of all personal data stored by Thermovision, you may directly contact our Data Protection Officer at: dpo@thermovisioncare.com.

You have the right to address to any European or Local/State-wide authority regarding the way Thermovision collects and processes your data.

Thermovision also guarantees the Right to erasure (right to be forgotten). You have the right to obtain from us the erasure of personal data in the following cases:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
• the data subject withdraws consent
• the data subject objects to the processing
• the personal data have been unlawfully processed
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

However, such an erasure may not be considered in the following situations:
• for exercising the right of freedom of expression and information
• for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
• for the establishment, exercise or defence of legal claims.

In such cases, the personal data, except for archiving or storage, will only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legel person or for reasons of important public interesent of the Union or of a Member State.

Following the restriction of data processing, the user shall be informed by us before the restriction of processing is lifted.

Notice: The erasure and restriction of processing may interfere with the continuance of our services. In such cases, the user will be notified and prompted to accept that if the data is erased or stopped being processed, it may no longer access or use the services provided by Thermovision. The consent of these actions can only be expressed by the user and data holder of the data we process.

You are also entitled to the Right to data portability as established by art. 20. You shall receive the personal data that you provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Thermovision. This process is carried out by automated means.

The information we collect from you will be processed within the European Economic Area depending on the purpose of the processing. Thermovision strives to apply appropriate guarantees to protect the confidentiality and security of your personal data during transfer and to use it only in accordance with your relationship with Thermovision and the practices described in this Privacy Policy.

If situations which imply that your information will be transferred to and processed outside the EEA and the EU arise, we use European Commission approved Standard Contractual Clauses to protect your information.

To the extent permitted by applicable data protection laws, we may disclose your personal data to:
- Partners and service providers – we may disclose your personal data to third party contractors, consultants and suppliers in relation to their work for us. Personal data may for example be disclosed to external parties which provide us with IT services and third parties which assist us in administering, operating, maintaining and supporting the application. In these cases, we ensure that these third parties process your personal data in accordance with this Privacy Policy based on a specific data processing agreement.

In the event you make a payment on our site through a payment service provider, we may transfer your contact details, that is name, address and e-mail address, to the applicable payment service provider, where it is necessary for the execution of payment.

We may disclose your personal data to law enforcement or other government officials, as Thermovision, in its sole discretion, deems necessary or appropriate to investigate or resolve possible crimes or to respond to judicial, regulatory, agency or similar inquiries. Disclosure may also be necessary in emergency situations and to ensure the rights and safety of users, Thermovision staff or third parties.

- service partners for secure payment processing, data hosting, and technical support, research organizations for academic studies, using anonymized data with your consent.

We will clearly specify to you each data recipient if they are well known at the time the processing is initiated.

• Legal Entities: When required by law or legal proceedings. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

All third parties are contractually obligated to ensure the confidentiality and security of your data.

We implement appropriate technical and organizational measures such as data encryption, access management procedure, clean desk policy, business continuity and disaster recovery, IT systems risk assessment, physical and logical access segregation, process in case of personal data breach policy, etc. In addition, we will take reasonable steps to assure that third parties to whom we transfer any personal information will provide sufficient protection. We restrict access to your personal information to those employees who have absolute need of processing your personal information. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

Even so, please be aware that no security measure is 100% perfect. Thus we cannot guarantee the security of your information at all times. You should always be diligent when it comes to the protection of your personal information.

Your data is retained only as long as necessary to provide our Services and comply with legal obligations. Following account deletion, personal data will be kept for up to 12 months unless extended by legal requirements. Anonymized data may be preserved for research purposes

Your personal data, including sensitive data such as health information and medical records, are stored by Thermovision on its servers.

Data processed based on your explicit and unambiguous consent will be retained for an indefinite period—either until your consent is withdrawn or as required by applicable legal obligations—and only for the purposes for which it was collected.

If you do not provide your consent or if you withdraw it, we will retain only minimal personal data (such as your full name, contact details, references, and notes) for statistical or reporting purposes, or when justified by other legal grounds such as our legitimate interests.

Without prejudice to other provisions of this section, we will retain personal data, including sensitive data, in the following circumstances:
• to comply with legal obligations;
• if the information or documents are relevant to ongoing or potential legal proceedings; and
• to establish, exercise, or defend our legal rights, including providing information to third parties for fraud prevention.

We ensure that all processing, storage, and retention of personal and sensitive data are conducted in accordance with GDPR requirements, with appropriate safeguards in place.

On account to our company's nature, scope, context and purpose of processing, we have implemented the appropriate technical and organizational measures to ensure the security of all your data in accordance with all regulations. Such measures can be updated at any moment without notice and without exposing your data to any security risks which may render it vulnerable.

Your personal data may be processed outside your country of residence, following strict safeguards and in compliance with applicable data protection laws.

Thermovision does not collect data from other people or data holders beside the user which creates an account and accepts a payment plan or its approved medical staff or third parties that are partnered with us.

Your data is also used to improve our services and provide better services on our website, mobile apps and business.

Your data is collected and processed by:
SIP THERMOVISION S.R.L.
Str. Zării nr. 9, Sector 5, Bucharest, Romania
General inquiries: office@thermovisioncare.com
Data Protection Officer (DPO): dpo@thermovisioncare.com