PRIVACY POLICY

Basic Information on Data Protection

At AIMENTIA HEALTHTECH, S.L. (hereinafter, “AIMENTIA”) we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to do so. We care about your privacy and believe that we should be transparent about it.

For this reason, and for the purposes of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter, “RGPD”) concerning the protection of individuals with regard to the processing of personal data and the free movement of these data, and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (hereinafter, “LSSI”), AIMENTIA informs the User that, as responsible for the treatment, it will incorporate the personal data provided by the Users into a automated file.

Our commitment begins by explaining the following to you:

• Your data is collected so that the User experience improves, taking into account your interests and needs.
• We are transparent about the data we obtain about you and the reason why we do it.
• Our intention is to provide you with the best possible experience. Therefore, when we are going to use your personal information, we will always do so in compliance with the regulations, and when necessary, we will request your consent (processing of special categories of personal data, transfers of data, etc.).
• We understand that your data belongs to you. Therefore, if you decide not to authorize us to process them, you can ask us to stop processing them.
• Our priority is to ensure your security and treat your data in accordance with applicable national and European regulations.

If you want more information about the processing of your data, consult the different sections of the Data Protection Policy below:

Who is responsible for the processing of your personal data?

• Identity: AIMENTIA HEALTHTECH, S.L.
• Registered office: C/ Caballero 76, 2nd 1st C/ Caballero 76, 2nd 1st — 08029 - Barcelona
• C.I.F. No.: B-67450049
• E-pošta: info@aimentia.com

AIMENTIA has appointed a Data Protection Officer or an internal contact person within its organization. If you want to ask a question regarding the processing of your personal data, you can contact him at privacy@aimentia.com.

What personal data do we collect?

The personal data that the user may provide:

• Name, address and date of birth.
• Phone number and email address.
• Information regarding payments and returns.
• IP address, date and time when you accessed our services, the internet browser you use and data about the device's operating system.
• Any other information or data that you choose to share with us.
• Information related to your health, testing and treatment.

In some cases, it is mandatory to complete the registration form to access and enjoy certain services offered on the web; likewise, not providing the requested personal data or not accepting this Data Protection Policy makes it impossible to subscribe, register or use our services.

Why and for what purpose do we process your data?

At AIMENTIA HEALTHTECH, S.L. we process the information provided to us by interested persons for the following purposes:

• Manage our services.
• Provide psychological services by Health Professionals (Psychiatrs/Psychologists), as well as maintain and manage their medical history and documentation.
• Manage the sending of the information requested from us.
• Develop commercial actions and carry out the maintenance and management of the relationship with the User, as well as the management of the services offered through the website and information tasks, being able to carry out automatic evaluations, obtaining profiles and segmenting Users in order to customize the treatment according to their characteristics and needs and improve the User's online experience.
• In some cases it will be necessary to provide information to Authorities or third companies for auditing purposes, as well as to handle personal data from invoices, contracts and documents to respond to complaints from Users or Public Administrations
• We inform you that the personal data obtained as a result of your registration as a User will form part of the Register of Treatment Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the RGPD.

What is the legitimacy for the processing of your data?

The processing of your data can be based on the following legal bases:

• Execution of a contract or the provision of a service based on a business relationship that has the consent of the interested party.
• Legitimate interest in sending commercial information about services (direct marketing).
• Legitimate interest in contacting and maintaining relationships with patients and psychologists.
• Explicit consent of the user for the processing of their health data, profiling, contact forms, requests for information or registration in e-newsletters.
• Compliance with legal obligations for fraud prevention, communication with public authorities and third-party complaints

How long do we keep your data?

The processing of data for the purposes described will be maintained for the time necessary to fulfill the purpose of its collection (for example, for the duration of the contractual relationship), as well as for the fulfillment of the legal obligations deriving from the processing of the data.

To which recipients are your data communicated?

In some cases, only when necessary, AIMENTIA will provide User data to third parties. However, the data will never be sold to third parties. The external healthcare professionals with whom AIMENTIA works may use Users' data to provide the corresponding services, however, they will not use such information for their own purposes or for transfer to third parties.

AIMENTIA will guarantee the security of personal data and ensures that third-party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties are required to ensure that the information is treated in accordance with data protection regulations.

In some cases, the law may require that personal data be disclosed to public bodies or other parties, only as strictly necessary to comply with those legal obligations will be disclosed.

The personal data obtained may also be shared, where appropriate, with other companies in the group.

Where is your data stored?

In general, data is stored within the EU. Data sent to third parties that do not belong to the EU, we will ensure that they offer a sufficient level of protection, because the Standard Contractual Clauses (EU) are signed.

What rights do you have and how can you exercise them?

You can contact us and exercise your rights by making a request to the following email: privacy@aimentia.com

In accordance with the provisions of the RGPD, you can exercise:

• Right of access: you can request information about the personal data we have about you.
• Right to rectification: you can report any changes to your personal data.
• Right to deletion and to be forgotten: you can request the deletion after blocking personal data.
• Right to restrict processing: involves the restriction of the processing of personal data.
• Right to object: you can withdraw your consent to the processing of the data, opposing that they continue to be processed.
• Right to portability: in some cases, you can request a copy of personal data in a structured, commonly used and machine-readable format for transmission to another controller.
• Right not to be subject to individualized decisions: you can request that decisions are not made that are based solely on automated processing, including profiling, that produces legal effects or significantly affects the interested party.

In some cases, the request may be rejected if you request that data necessary to comply with legal obligations be deleted.

Also, if you have a complaint about data processing, you can file a complaint with the competent Data Protection Authority (Spanish Data Protection Agency).

Who is responsible for the accuracy and veracity of the data provided?

The User is solely responsible for the veracity and correctness of the data included, exonerating AIMENTIA from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated.

The User agrees to provide complete and correct information in the registration or subscription form. AIMENTIA reserves the right to terminate the contracted services that have been concluded with the Users, in the event that the data provided is false, incomplete, inaccurate or not up to date.

For their part, Healthcare Professionals state that they comply with regulations relating to the protection of personal data and that they have obtained the consent of their patients for the incorporation of their health data, including their medical records, into the Platform owned by AIMENTIA.

AIMENTIA is not responsible for the veracity of information that is not of its own production and for which another source is indicated, and therefore it does not assume any responsibility for hypothetical damages that may arise from the use of such information.

At AIMENTIA HEALTHTECH, S.L. we process information because NoSAIMENTIA reserves the right to update, modify or delete the information contained in its web pages and may even limit or disallow access to such information. Likewise, AIMENTIA is exempt from liability for any damage or harm that the User may suffer as a result of errors, defects or omissions in the information provided to AIMENTIA HEALTHTECH, S.L. provided that it comes from sources other than the same. They provide interested persons for the following purposes:

In addition, the User certifies that they are over 14 years of age and that they have the necessary legal capacity to provide consent regarding the processing of their personal data.

How do we treat the personal data of minors?

In principle, our services are not specifically aimed at minors. However, in the event that any of them are aimed at children under fourteen years of age, in accordance with Article 8 of the RGPD and Article 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), AIMENTIA will require the valid, free, unambiguous, specific and informed consent of its legal guardians to process the personal data of minors. In this case, the National Identity Document (DNI) or other form of identification (Passport, NIE) will be required from the person giving the consent.

In the case of people over fourteen years of age, data may be processed with the consent of the User, except for those cases in which the Law requires the assistance of the holders of parental authority or guardianship.

What security measures do we apply to protect your personal data?

AIMENTIA has adopted the legally required levels of security for the protection of personal data, and seeks to install those other means and additional technical measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the personal data provided to it

AIMENTIA is not responsible for hypothetical damages or losses that may result from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational operation of this electronic system, caused by causes beyond its control; delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center (CPD), in the Internet system or in other electronic systems, as well as for damages that may be caused by third parties through illegitimate interference beyond the control of AIMENTIA. However, the User must be aware that Internet security measures are not impregnable.

Links to other websites

The aimentia.com and aimentiahealth.net websites may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, and AIMENTIA is exempt from any type of responsibility regarding its privacy policy.

How do we use cookies?

The AIMENTIA website uses cookies, in order to optimize and personalize your browsing through it. Cookies are physical information files that are stored in the User's own terminal, the information collected through cookies serves to facilitate the User's navigation through the portal and optimize the browsing experience. The data collected through cookies can be shared with their creators, but under no circumstances will the information obtained by them be associated with personal data or data that can identify the User.

However, if the User does not want cookies to be installed on their hard drive, they can (i) configure the browser to prevent the installation of these files or (ii) disable cookies from our website. For more information, see our Cookie Policy.

Can the privacy policy be changed?

This privacy policy may be amended. We recommend that you review the privacy policy from time to time.