Aurexia Health

Last updated: XXXXXXXX

1. Data Controller Identification

This Privacy Policy governs the processing of personal data carried out by:

Entity: Aurexia Health (commercial designation)

Data Controller: XXXXXXXX

Legal form: XXXXXXXX (to be defined upon formal incorporation)

Tax Identification Number: XXXXXXXX

Registered Office: XXXXXXXX

Country: Portugal

Email for data protection matters: privacy@aurexiahealth.com

Aurexia Health operates in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), applicable Portuguese legislation, and other relevant data protection laws.

2. Categories of Personal Data Processed

2.1 Data Collected Through the Website

Through the website, the following data may be collected:

• Name

• Email address

• Phone number (when applicable)

• Message content

• Business-related data in the partnership/corporate form (company name, role, institutional information)

Public website forms must not be used to submit sensitive clinical or health data.

2.2 Appointment and Scheduling Data

When scheduling sessions via Google Workspace tools (Google Calendar and Google Forms), the following data may be collected:

• Name

• Email address

• Phone number

• Information voluntarily provided by the data subject

2.3 Navigation Data and Tracking Technologies

The website may use:

• Technical cookies

• Google Analytics

• Google Ads

• Meta Pixel

• Meta Conversion API

These systems may collect:

• IP address

• Browsing data

• Device identifiers

• Interactions with advertising campaigns

Such data is used for statistical analysis, content optimization, and management of advertising campaigns.

2.4 Data Processed in the Therapeutic Context

Within the scope of therapeutic services, an individual client file may be created containing:

• Identification data

• Information relevant to therapeutic monitoring

• Session history

• Technical reports generated by biofeedback systems

Health-related information is considered a special category of personal data under Article 9 of the GDPR.

Its processing occurs exclusively:

• Based on the explicit consent of the data subject

• For the purpose of providing therapeutic services

• Within the strict scope of the requested services

3. Sharing of Reports with Healthcare Professionals

Technical reports generated by the systems used may be delivered directly to the client.

If the client wishes to share such reports with a physician or other healthcare professional, such sharing is solely the client’s responsibility.

Aurexia Health will only send reports directly to third parties upon formal request and written consent from the data subject.

4. Purposes of Data Processing

Personal data is processed for the following purposes:

• Contact management

• Session scheduling

• Provision of therapeutic services

• Personalized follow-up

• Compliance with legal and tax obligations

• Informational or promotional communications (when authorized)

Aurexia Health does not process personal data for purposes incompatible with those described above.

5. Legal Basis for Processing

Data processing is based on:

• Consent of the data subject

• Pre-contractual measures

• Performance of a contract

• Compliance with legal obligations

• Legitimate interest, where applicable

6. Processors and Technological Platforms

Processing may involve technological service providers, including:

• Google (Workspace, Analytics, Ads)

• Meta Platforms (Pixel and Conversion API)

These providers act as data processors and are bound by contractual data protection obligations.

Aurexia Health does not sell or commercially exploit personal data.

7. International Data Transfers

Certain technological providers may process data outside the European Economic Area.

In such cases, Standard Contractual Clauses or other appropriate safeguards under the GDPR are applied.

8. Data Retention

Personal data will be retained:

• For the period necessary to provide services

• For legally required retention periods

• Until withdrawal of consent, where applicable

After the retention period, data will be securely deleted or anonymized.

9. Data Subject Rights

Under the GDPR, data subjects have the right to:

• Access

• Rectification

• Erasure

• Restriction of processing

• Objection

• Data portability

• Withdraw consent

Data subjects may also lodge a complaint with the Portuguese Supervisory Authority:

Comissão Nacional de Proteção de Dados (CNPD)

www.cnpd.pt

To exercise rights:

privacy@aurexiahealth.com

10. Information Security

Aurexia Health implements appropriate technical and organizational measures to protect personal data against:

• Unauthorized access

• Improper disclosure

• Alteration

• Loss

11. Limitation of Liability

Aurexia Health does not replace medical care and does not provide medical acts.

The services provided are complementary and integrative in nature.

Information provided on the website or in technical reports does not constitute medical diagnosis or prescription.

12. Policy Updates

This Privacy Policy may be updated periodically. The most current version will always be available on the website.

13. Contact

For any data protection-related inquiries:

privacy@aurexiahealth.com