GDPR Compliance

Last updated:

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union (EU) and European Economic Area (EEA). At Livanu Inc. ("Livanu", "we", "us", or "our"), we are committed to ensuring full compliance with the GDPR for all users, regardless of their location.

This GDPR Compliance Policy outlines how we adhere to the principles and requirements of the GDPR, and details the specific rights afforded to EU/EEA residents under this regulation.

2. Our Role Under GDPR

Under the GDPR, Livanu acts as both a:

  • Data Controller: We determine the purposes and means of processing personal data collected through our website, mobile application, and health monitoring devices.
  • Data Processor: We process personal data on behalf of our users according to their instructions when they use our health monitoring services.

As both a controller and processor, we maintain appropriate technical and organizational measures to ensure data protection by design and by default.

3. Legal Basis for Processing

Under the GDPR, we process your personal data only when we have a valid legal basis to do so. Depending on the specific processing activity, we rely on one or more of the following legal bases:

3.1 Consent

We process certain data based on your explicit consent. This includes:

  • Processing of health data through our monitoring devices and applications
  • Sending marketing communications
  • Using cookies and similar technologies for non-essential purposes
  • Sharing your data with third parties where not otherwise justified

You have the right to withdraw your consent at any time, and we make this process simple and straightforward through your account settings or by contacting our Data Protection Officer.

3.2 Contractual Necessity

We process data as necessary to fulfill our contractual obligations to you, including:

  • Creating and managing your account
  • Providing our health monitoring services
  • Processing payments and subscriptions
  • Delivering customer support

3.3 Legal Obligation

We process data to comply with legal obligations, such as:

  • Maintaining financial records for tax purposes
  • Responding to valid legal requests from law enforcement or regulatory authorities
  • Complying with health and safety regulations
  • Fulfilling mandatory reporting requirements

3.4 Legitimate Interests

We process data based on our legitimate interests, provided these interests are not overridden by your rights and freedoms. These legitimate interests include:

  • Improving and developing our products and services
  • Protecting the security of our systems and users
  • Preventing fraud and unauthorized use
  • Conducting business analytics and research

For each processing activity based on legitimate interests, we conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.

4. Your GDPR Rights in Detail

The GDPR provides EU/EEA residents with specific rights regarding their personal data. We are committed to honoring these rights and have implemented processes to enable you to exercise them:

4.1 Right to Be Informed

You have the right to be informed about the collection and use of your personal data. We provide this information through our Privacy Policy, this GDPR Compliance Policy, and specific notices at the point of data collection.

4.2 Right of Access

You have the right to obtain confirmation that your data is being processed and to access your personal data. You can request a copy of all personal data we hold about you, along with:

  • The purposes of processing
  • Categories of personal data concerned
  • Recipients or categories of recipients
  • Retention period or criteria for determining the retention period
  • The source of the data (if not collected directly from you)
  • The existence of automated decision-making, including profiling

To exercise this right, you can use the "Export My Data" function in your account settings or contact our Data Protection Officer.

4.3 Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete. Most of your personal information can be updated directly through your account settings. For data that cannot be modified through your account, please contact our Data Protection Officer.

4.4 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in specific circumstances, including:

  • When the data is no longer necessary for the purposes for which it was collected
  • When you withdraw consent and there is no other legal ground for processing
  • When you object to processing and there are no overriding legitimate grounds
  • When the data has been unlawfully processed
  • When the data must be erased to comply with a legal obligation

You can initiate account deletion through your account settings or contact our Data Protection Officer for specific erasure requests.

4.5 Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances:

  • When you contest the accuracy of your data (while we verify accuracy)
  • When processing is unlawful and you oppose erasure and request restriction instead
  • When we no longer need the data but you require it for legal claims
  • When you have objected to processing (pending verification of whether our legitimate grounds override yours)

To request restriction of processing, please contact our Data Protection Officer.

4.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance. This right applies when:

  • Processing is based on consent or contractual necessity
  • Processing is carried out by automated means

You can export your data in a portable format through your account settings or by contacting our Data Protection Officer.

4.7 Right to Object

You have the right to object to:

  • Processing based on legitimate interests or the performance of a task in the public interest
  • Direct marketing (including profiling)
  • Processing for scientific/historical research and statistics

To exercise your right to object, you can adjust your preferences in your account settings or contact our Data Protection Officer.

4.8 Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Where we use such automated decision-making:

  • We will inform you about the logic involved
  • We will explain the significance and envisaged consequences
  • We will implement suitable safeguards
  • We will enable human intervention, expression of your point of view, and contestation of the decision

5. Data Processing Records

In accordance with Article 30 of the GDPR, we maintain records of all data processing activities, including:

  • The name and contact details of Livanu and, where applicable, our representative and Data Protection Officer
  • The purposes of the processing
  • A description of the categories of data subjects and personal data
  • The categories of recipients to whom the personal data has been or will be disclosed
  • Transfers of personal data to third countries or international organizations
  • The envisaged time limits for erasure of the different categories of data
  • A general description of the technical and organizational security measures

6. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in a high risk to the rights and freedoms of individuals, particularly when:

  • Implementing new technologies
  • Processing special categories of data (such as health data) on a large scale
  • Systematically monitoring publicly accessible areas
  • Profiling individuals on a large scale

Our DPIAs assess the necessity and proportionality of processing, risks to individuals, and measures to address those risks.

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  • Include in our notifications:
    • The nature of the breach
    • The name and contact details of our Data Protection Officer
    • The likely consequences of the breach
    • The measures taken or proposed to address the breach
  • Document all breaches, including facts, effects, and remedial actions taken

8. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure that adequate safeguards are in place:

  • We use EU-approved Standard Contractual Clauses
  • We transfer data only to countries with an adequacy decision from the European Commission
  • We implement supplementary measures as recommended by the European Data Protection Board
  • We conduct transfer impact assessments to evaluate the level of protection in the recipient country

For more information about our specific data transfer mechanisms, please contact our Data Protection Officer.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for:

  • Informing and advising Livanu and our employees about GDPR obligations
  • Monitoring compliance with the GDPR and other data protection laws
  • Providing advice on Data Protection Impact Assessments
  • Cooperating with supervisory authorities
  • Acting as a contact point for data subjects and supervisory authorities

Our DPO can be contacted at:

Data Protection Officer
Livanu Inc.
Email: dpo@livanu.com

10. EU Representative

As required by Article 27 of the GDPR, we have appointed an EU representative who can be contacted by supervisory authorities and data subjects on all issues related to processing:

Livanu EU Representative
European Data Protection Office
Email: eu-representative@livanu.com

11. Supervisory Authority

If you are located in the EU/EEA and believe we are not handling your data in accordance with the GDPR, you have the right to lodge a complaint with your local data protection authority. A list of data protection authorities in the EU is available at:https://edpb.europa.eu/about-edpb/about-edpb/members_en

12. Updates to This Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification if we have your contact information
  • Displaying a notice in our application

We encourage you to review this policy periodically to stay informed about our GDPR compliance practices.

Back to Home

Printed from Livanu website - 9/3/2025

For the most up-to-date version, please visit: https://livanu.comgdpr-compliance