Flairz Health Privacy Policy – General Data Protection Regulation Addendum

This General Data Protection Regulation Addendum supplements the Flairz Health Privacy Policy, and is effective as of May 31, 2021. The Flairz Health Privacy Policy describes the information we collect, the sources from which we collect it, the purposes for which we use/process it, the circumstances under which we share it, and with whom we share it. These additional disclosures are required by the General Data Protection Regulation (“GDPR”) and are intended for individuals located in the European Economic Area:

Data Controller and Application of this Addendum

If an organization with which you are associated (an “Organization”) contracts with Flairz Health for the provision of our services, your Organization may share personal information about you with us in connection with our provision of services to your Organization. To the extent, we process that personal information solely in order to provide these services to your Organization, under the GDPR, to the extent applicable, we will act as a processor (as defined in the GDPR) on behalf of your organization in respect of that personal information. In that case, this Privacy Policy will not apply to the processing of that personal information and your Organization will act as a controller (as defined in the GDPR) in respect of that personal information and is responsible for having a lawful basis for processing that information, for acting in all matters in accordance with all applicable laws, and for providing you with all requisite information as required by applicable law. To the extent, we process your personal information for any other lawful business purpose of ours, under the GDPR, to the extent applicable, we will act as a controller of such personal information and this Addendum will apply to the processing of such personal information.

Data Storage and Retention

Flairz Health securely stores all of your data on servers located in North America. All data is stored in accordance with security procedures and protocols that meet or exceed applicable industry standards.

Personal information Flairz Health collects is retained for varying lengths of time according to the type of information in question and the purposes for which it is collected and used. Flairz Health deletes personal information when there is no longer a need to use it for the purposes for which it was collected, or subsequent purposes related to and compatible with the original purposes of collection. Flairz Health may retain archival copies of personal data as part of our customary practices for the backup storage of information in the ordinary course of business.

Lawful Basis for the Processing of Your Data

Flairz Health generally processes personal information provided by visitors through our website on the basis of consent.

We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for
(i) compliance with our legal obligations,
(ii) performance of a contract with the data subject, or
(iii) protecting vital interests.

Transfers of Personal Data Outside of the European Economic Area

Flairz Health is based in the United States of America and that’s where the processing of personal information collected through our website occurs. By providing Flairz Health with personal information, you hereby consent to
(i) Flairz Health’s processing and disclosure of such personal information in accordance with the Flairz Health Privacy Policy and this Addendum;
(ii) the transfer of such personal information to the United States; and
(iii) Flairz Health’s disclosure of such information in compliance with lawful requests by public authorities, including meeting national security or law enforcement requirements.
The United States does not have an adequate decision from the European Commission, which means that the Commission has not determined that the laws of the USA provide adequate protection for personal information. Although the laws of the USA do not provide legal protection that is equivalent to EU data protection laws, we safeguard your personal information by treating it in accordance with this Addendum and the Flairz Health Privacy Policy.
We take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website.
We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Addendum.

Your Data Protection Rights

You have the following rights under the GDPR:

• The right to access – You have the right to request Flairz Health for copies of your personal information.
• The right to rectification – You have the right to request that Flairz Health correct any information you believe is inaccurate. You also have the right to request Flairz Health to complete the information you believe is incomplete.
• The right to erasure – You have the right to request that Flairz Health erase your personal information, under certain conditions.
• The right to restrict processing – You have the right to request that Flairz Health restrict the processing of your personal information, under certain conditions.
• The right to object to processing – You have the right to object to Flairz Health’s processing of your personal information, under certain conditions.
• The right to data portability – You have the right to request that Flairz Health transfer the information that we have collected to another organization, or directly to you, under certain conditions.
• If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us pursuant to the contract information listed below.

How to Contact Flairz Health

You may exercise your data protections rights by submitting a request to privacy@flairzapp.com. You may also exercise such rights or provide any other questions, comments, complaints or requests regarding this Addendum, by contacting us at:

Flairz Health, Inc.
3240 El Camino Real Suite 130
Irvine, CA 92602

Flairz Health Data Privacy Officer
privacy@flairzapp.com
714-665-6240

How to Contact the Appropriate Authority

Should you wish to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The European Union Commission has a list here.