PRIVACY POLICY

USER INFORMATION

This Privacy Policy explains what personal data is collected when you use our mobile applications, websites, and the services provided through them (collectively, the “Application” or “Service”), and how such personal data will be processed.

By using the service, you promise that: (i) you have read, understand, and agree to this privacy policy; and (ii) you are over 18 years old (or your parents or guardians have read and accepted this privacy policy on your behalf). If you do not agree or cannot make this promise, you should not use the Service. In such a case, you must: (a) delete your account, contact us, and request the deletion of your data; (b) cancel any subscription using the functionality provided by Apple (if using iOS), Google (if using Android), or any other app store that may be available from time to time, or by us directly if you made the purchase from our websites; and (c) delete the application from your devices.

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

STARTQUAKE S.L. is the controller of the personal data of the USER obtained through www.eternadx.com and the Eterna Diagnostics App and informs you that these data will be processed in accordance with Regulation (EU) 2016/679, of April 27 (GDPR), and Organic Law 3/2018, of December 5 (LOPDGDD).

TYPES OF DATA WE PROCESS

We collect data that you provide voluntarily (e.g., when you choose your areas of improvement or send us an email). We may also receive data about you from third parties (e.g., when you log in through Apple). Finally, we collect data automatically (e.g., your IP address). We process two types of data:

1.- Personal data:
Personal data includes all the information collected before acquiring a service that the user provides, such as name, surname, email, phone number, gender, date of birth, height, or weight. Demographic and lifestyle data are also collected through an initial questionnaire provided to the user. This questionnaire is voluntary and aims to better understand our customers’ habits to offer better care.
2.- Health data:
At Eterna Diagnostics, we use health data to provide our biological age measurement services. These data are collected only after the service has been purchased and the terms and conditions have been accepted by the user.

For ActivAge, data is collected through the TERRA API (https://tryterra.co/) from the App of the corresponding wearable device used by the user and connected to our App. The following data is collected: Calories Burned, Distance, Steps, Heart Rate, Resting Heart Rate, Heart Rate Variability, Respiratory Rate, Oxygen Saturation, Sleep Time, VO2 Max, and Activity Time. For ProAge, protein data is collected via a dried blood test necessary to calculate biological age. Blood samples are analyzed by an external lab. All data is anonymized, and there is no way to associate the data with a specific individual.

WHY DO WE PROCESS YOUR PERSONAL DATA, AND WHAT IS THE LEGAL BASIS?

Depending on the form through which we obtained your personal data, we will treat it confidentially for the following purposes:

Contact Form:

Respond to queries or any requests made by the user through the contact methods available on the website. (For the legitimate interest of the controller, Art. 6.1.f GDPR).
Conduct statistical analyses and market research. (For the legitimate interest of the controller, Art. 6.1.f GDPR).

User Registration Form in the Eterna Diagnostics App:

Manage the user’s account to provide personalized access to the Eterna Diagnostics App and its interactive services.
(With the user’s consent, Art. 6.1.a GDPR).

E-commerce Form:

Manage online purchases or orders, process payments, and proceed with the shipping or activation of the service, based on the general terms of the contract.
(For the execution of a contract or pre-contract, Art. 6.1.b GDPR).
Manage, maintain, improve, or develop the services provided. (For the execution of a contract or pre-contract, Art. 6.1.b GDPR).
Conduct satisfaction and quality surveys.
(For the legitimate interest of the controller, Art. 6.1.f GDPR).

Newsletter Form:

Send newsletters, news, offers, and online promotions.
(With the user’s consent, Art. 6.1.a GDPR).

DATA PROTECTION

The security of your information is our top priority. We implement rigorous data protection mechanisms to safeguard the confidentiality and integrity of the collected data, including:

Security and Encryption: We are committed to ensuring the security and protection of our users’ personal data. To achieve this, we have implemented a series of security measures in our mobile application and the backend that supports it.

i) Secure Communications: All communications between our mobile application and our server are conducted via encrypted HTTPS connections. This ensures that transmitted data, including personal information, is protected from unauthorized interceptions.

ii) Robust Authentication: We have implemented a token-based authentication system to control access to our services. This means that each request to the server requires a valid token, helping to prevent unauthorized access to users’ data.

iii) Data Encryption: The database where we store sensitive information is encrypted using Google Cloud encryption keys. This level of encryption ensures that our users’ data is protected, even in the unlikely event of unauthorized access to our database.

iv) Password Protection: Instead of storing passwords directly, we use a hashing method to store an encrypted version of users’ passwords. This means that even in our database, users’ actual passwords remain secret and protected.

These measures are part of our ongoing commitment to security and privacy. At Eterna Diagnostics, we understand the importance of protecting personal information, and we are dedicated to maintaining the trust our users place in us.

Authorized Access: We limit access to the collected information to authorized personnel only, who need to process this data in order to provide you with Eterna Diagnostics services. We ensure that this access is subject to strict controls and is carried out solely for specific and legitimate purposes.

Loss and Alteration Prevention: We implement measures to prevent the accidental loss or unauthorized alteration of stored data. Regular backups and integrity checks are an integral part of our approach to ensure the accuracy and constant availability of information.

Password Protection: Instead of storing passwords, we use hashing to store encrypted versions of users’ passwords.

We also implement Authorized Access, Loss and Alteration Prevention, and Continuous Monitoring to ensure data security.

HEALTH DATA PROCESSING

Health data is never transferred to third parties, except for the improvement of the app’s capabilities or performance.

In any case, health data is anonymized to prevent association with personal data. Only the responsible person within the organization can access this information.

HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

Data will be retained for as long as necessary to fulfill the purpose of the processing or to comply with legal obligations. Once no longer needed, data will be securely deleted or anonymized.

MODIFICATION AND DELETION OF DATA

Users can modify their personal data at any time through the App, cancel their subscription, or request the deletion of their data by contacting info@eternadx.com.

WHAT ARE YOUR RIGHTS?

You have the right to:

Right to withdraw consent at any time.
Access, rectify, transfer, or delete your data and restrict or object to its processing.
File a complaint with the supervisory authority (www.aepd.es) if you believe the processing does not comply with current regulations.

CONTACT DETAILS FOR EXERCISING YOUR RIGHTS

STARTQUAKE S.L.. CALLE LOS PRADOS-PARQUE TECNOLÓGICO DE GIJÓN, N.o 166 – 33203 GIJÓN (Asturias).

E-mail: info@eternadx.com

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

Users, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or download forms, expressly and unequivocally accept that their data is necessary to attend to their request by the service provider, with the inclusion of data in the remaining fields being voluntary. The user guarantees that the personal data provided to the RESPONSIBLE is truthful and is responsible for communicating any modification of the same.

The RESPONSIBLE informs that all data requested through the website is mandatory, as it is necessary for the provision of an optimal service to the USER. If all the data is not provided, it is not guaranteed that the information and services provided will be completely tailored to your needs.

3. SECURITY MEASURES

In accordance with the provisions of the current regulations on personal data protection, the RESPONSIBLE is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility. Furthermore, it is explicitly adhering to the principles described in Article 5 of the GDPR, which stipulate that data is processed lawfully, fairly, and transparently in relation to the data subject, and is adequate, relevant, and limited to what is necessary concerning the purposes for which it is processed.

The RESPONSIBLE guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and LOPDGDD in order to protect the rights and freedoms of the USERS and has provided them with the necessary information so they can exercise their rights.

For more information about privacy guarantees, you can contact the RESPONSIBLE party through STARTQUAKE S.L., CALLE LOS PRADOS-PARQUE TECNOLÓGICO DE GIJÓN, No. 166 – 33203 GIJÓN (Asturias).