1. Scope and data controller This Privacy Policy regulates the processing of personal data and sensitive health data on the BioGALF Home Health platform. The data controller is BioGALF, without prejudice to the authorized processors and partners involved in specific operations under contractual mandate. By using the platform, you acknowledge that you have read and understood this policy and authorize the processing of your data in accordance with the purposes, limits, and safeguards described herein.
2. Collection of sensitive data BioGALF may collect and process special categories of health data, including biometrics, clinical history, laboratory results, vital signs data, physical activity metrics and performance of Live Exercise modules, nutritional data, prescriptions, and therapeutic adherence. Identity and contact data: name, email, phone, country, and account metadata. Clinical data: medical history, allergies, medication, symptoms, and assessments. Laboratory data: values uploaded by the user or integrated by authorized third parties. Training data: frequency, intensity, repetitions, times, and recovery.
3. Rechtsgrundlage und Zwecke der Verarbeitung Wir verarbeiten die Daten auf der Grundlage einer oder mehrerer rechtlicher Grundlagen: vertragliche Erfüllung des Dienstes, ausdrückliche Einwilligung für sensible Daten, Einhaltung von Vorschriften im digitalen Gesundheitswesen, berechtigtes Interesse an der Sicherheit der Plattform und Betrugsprävention sowie Schutz lebenswichtiger Interessen, wenn anwendbar. Die Zwecke umfassen die Personalisierung von Empfehlungen, klinisch-informative Unterstützung, Koordination der Telemedizin, Verwaltung von Verschreibungen und Nachverfolgbarkeit von Wohlfühl-Ergebnissen.
4. Security and HIPAA/GDPR standards Medical data is stored using high-level technical and organizational controls, including encryption in transit and at rest, access control, audit logs, and environment segregation, in accordance with principles aligned with HIPAA and GDPR. BioGALF implements least privilege policies, continuous monitoring, and periodic security assessments. However, no interconnected system can guarantee zero risk of incident, so we maintain response, containment, and notification protocols in accordance with applicable regulations.
5. Nutzung von Daten für künstliche Intelligenz BioGALF kann anonymisierte und/oder aggregierte Daten, ohne Namen oder direkte Identifikatoren, verwenden, um Modelle für Triage IA, Empfehlungssysteme und prädiktive Analytik zu trainieren, zu kalibrieren und zu verbessern. Die nominelle Identität des Benutzers wird nicht für das Training allgemeiner Modelle verwendet. Es werden Techniken zur Minimierung und Dissoziation von Daten vor ihrer analytischen Nutzung angewendet. Die Verarbeitung für KI beschränkt sich auf Zwecke zur Verbesserung der Qualität, Sicherheit und Genauigkeit des Dienstes.
6. Keine Vermarktung medizinischer Daten BioGALF verkauft keine medizinischen Daten oder personenbezogenen Daten an Datenbroker, Werbenetzwerke oder Dritte zu unabhängigen Vermarktungszwecken. Wir teilen Informationen nur mit Dritten, die unbedingt erforderlich sind, um den Dienst zu betreiben, unter einem Vertraulichkeitsvertrag und auf der Grundlage einer gültigen rechtlichen Grundlage, beispielsweise mit Telemedizin-Profis, Apotheken für Lieferungen und Anbietern von technologischer Infrastruktur.
7. Telemedicine, pharmacy, and authorized third parties In telemedicine scenarios, necessary clinical data is shared with the healthcare professional providing the consultation. For pharmacy and logistics processes, only the essential data for prescription validation, dispensing, and delivery is shared. Each third party acts as a data processor or independent controller according to their regulatory role, and must comply with obligations of security, confidentiality, and purpose limitation.
8. Retention and storage of information We retain data for the time necessary to fulfill care, contractual, regulatory, and legal defense purposes. When the retention period ends, we apply secure deletion, irreversible anonymization, or blocking as required by law.
9. International data transfers When there are international transfers, BioGALF adopts appropriate safeguards, including standard contractual clauses, risk assessment of the receiving jurisdiction, and technical controls equivalent to those required in the data's country of origin.
10. User rights and total deletion (wipe) You may exercise, according to applicable law, rights of access, rectification, updating, opposition, limitation of processing, portability, and revocation of consent. The user has the right to request the total deletion (wipe) of their account and medical history at any time, subject to minimum legal retention obligations that may be applicable.
11. Minors, consent, and tracking technologies The platform is not directed to minors without valid legal authorization. In case of detecting data of minors without legal basis, blocking and deletion measures will be applied in accordance with regulations. BioGALF may use cookies and equivalent technologies for security, performance, analytics, and session continuity, under transparent and user-controllable settings where required by law.
12. Policy changes and contact channel BioGALF may update this policy due to regulatory, technical, or business changes. The current version will be published on the platform with the date of the last update and, when appropriate, prior notification. For rights requests, security incidents, or privacy inquiries, the user must use the official support channels of BioGALF indicated on the platform. Last privacy update: March 30, 2026.