Privacy Policy – Neuropredict

1. General Information

This Privacy Policy describes how NEUROPREDICT LAB SL (hereinafter, "NEUROPREDICT"), as Data Controller, processes the personal data of users (hereinafter, the "User") who access and browse the www.neuropredict.eu website (hereinafter, the "Website"), in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and other applicable regulations.

NEUROPREDICT is a research project in neurotechnology and artificial intelligence applied to neurological rehabilitation.

2. Identity of the Data Controller

• Data controller: NEUROPREDICT LAB SL
• NIF: B27651041
• Postal address: Calle Infanta Mercedes, 16 – 4 IZ
• Website: www.neuropredict.eu
• Contact email: support@neuropredict.eu

For the purposes of processing personal data collected through the Website, NEUROPREDICT acts as the Data Controller.

3. Personal data we process

Depending on the User's interaction with the Website, NEUROPREDICT may process the following categories of personal data:

• Identification and contact details: name and surname, email address.
• Communication data: content of queries or requests sent by the User.
• Browsing and usage data: IP address, device type, browser, operating system and technical data associated with the use of the Website.

4. When do we collect data?

NEUROPREDICT may collect personal data from the User in the following instances:

• While browsing the Website, using cookies and similar technologies, in accordance with the Cookies Policy.
• When the User sends queries, requests for information or communications through the means provided on the Website.
• During subsequent interactions between the User and NEUROPREDICT for the management of such requests or communications.

5. Purposes of the processing and legal basis

NEUROPREDICT will process the User's personal data for the following purposes:

a) To respond to information requests and other communications from Users.

• Legal basis: consent of the data subject (art. 6.1.a GDPR).

b) To process the contracting of products and services requested, and carry out the necessary procedures for the proper maintenance of the contractual relationship.

• Legal basis: performance of the contract (art. 6(1)(b) GDPR).

c) Regulatory compliance and defence against claims or exercise of rights by Users.

• Legal basis: compliance with legal obligations (art. 6(1)(c) GDPR) and legitimate interest (art. 6(1)(f) GDPR).

Processing based on legitimate interest:

a) Technical, functional and security management of the Website, to ensure proper functioning, security and prevention of improper use.

• Legal basis: legitimate interest of the Data Controller (art. 6.1.f GDPR).

b) Statistical analysis and improvement of the Website, to obtain aggregated and anonymised statistics for analytical and improvement purposes.

• Legal basis: legitimate interest of the Data Controller (art. 6.1.f GDPR) and, where required, consent of the User for analytical cookies.

You may object to processing based on legitimate interest at any time by exercising your right as indicated in the User Rights section.

6. Recipients and data communications

In general:

• No personal data will be communicated to third parties, unless legally obliged.
• The data may be accessed by technology providers who provide services to NEUROPREDICT (e.g. web hosting, maintenance or technical support), acting as data processors under contracts in accordance with Article 28 of the GDPR.

Under no circumstances will NEUROPREDICT transfer the User's personal data to third parties for commercial purposes.

7. International Data Transfers

In general, international data transfers outside the European Economic Area are not planned.

In the event that, exceptionally, a supplier involves an international transfer, this will be carried out by adopting the appropriate guarantees required by the GDPR (for example, standard contractual clauses or other legally enabled mechanisms).

8. Retention periods

Personal data will be kept for the time necessary to fulfil the purpose for which they were collected, and in particular:

• Data associated with requests and communications: for the time necessary for their management and, subsequently, blocked during the limitation periods of applicable legal actions.
• Browsing and analytical data: during the periods indicated in the Cookies Policy and as long as the consent, if applicable, remains valid.

Once the indicated periods have expired, data will be kept blocked when necessary for compliance with legal obligations.

9. Security and confidentiality

NEUROPREDICT processes personal data confidentially and has adopted appropriate technical and organisational measures to guarantee a level of security appropriate to the risk, preventing its loss, alteration, unauthorised access or improper processing, taking into account:

• the state of the art,
• the nature of the data processed, and
• the risks associated with the processing.

10. User Rights

As the owner of the personal data, you have the right to contact the entity at any time and free of charge to exercise the following rights:

• Right of Access: you have the right to be informed whether your personal data is being processed and to access such data.
• Right of Rectification: you may request the rectification of inaccurate personal data.
• Right to Revoke Consent: you may revoke consents granted at any time, without affecting the lawfulness of prior processing.
• Right to Object: you may object to the processing of your personal data in certain circumstances.
• Right to Data Portability: you have the right to receive your data in a structured, commonly used and machine-readable format.
• Right to Challenge Automated Decisions: you have the right to obtain human intervention in the event of automated individual decisions.
• Right to Restriction of Processing: you may request that processing be restricted in certain circumstances.
• Right of Erasure: you have the right to request the erasure of your personal data.

To exercise these rights, send a request to: privacy@neuropredict.eu

The User also has the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es).

11. Cookies and Similar Technologies

The Website uses cookies and similar technologies. The User can obtain detailed information on their use, typologies, purposes and settings in the Cookies Policy available on the Website.

12. Modifications to the Privacy Policy

NEUROPREDICT reserves the right to modify this Privacy Policy to adapt it to regulatory, technical or operational changes. The current version will be available on the Website, indicating the date of the last update.