This privacy policy (“Privacy Policy”) governs the data collection, processing, and usage made by Binah.ai Ltd. (“Company”, “we” or “us”). This Privacy Policy concerns the data we collect from individuals who have installed and are interacting with our mobile apps including Binah Check and Binah Connect or using the My Binah Check management dashboard (respectively “App”, “users”, “Dashboard” and collectively the “Services”). Each of the users shall also be referred to herein as “you”. This Privacy Policy is also an integral part of the applicable terms of use, or any other agreement entered into between you (or the entity that you are acting on its behalf) and us.

By using the Services, you agree to the collection and use of your data in accordance with this Privacy Policy. When using the Services, we may collect and process certain Personal Data from you to allow you to use the Services, as well as for other purposes as detailed below. By using the App, Dashboard and Services, you consent to the privacy practices described in this Policy.

If you have any questions about this Privacy Policy, please contact us at: support@binah.ai.

AMENDMENTS

We reserve the right to periodically amend or revise the Privacy Policy, which will immediately affect the implementation of the revised Privacy Policy on the App or Dashboard. The last revision date will be reflected in the “Last Modified” heading located at the top of the Privacy Policy. We will make a reasonable effort to notify you if we implement any changes that substantially change our privacy practices. We recommend that you review this Privacy Policy periodically to ensure that you understand our privacy practices and to check for any amendments.

1. Who are we and Contacting Us

Binah.ai Ltd., registration number 515413482

2 Zeev Jabutinsky St.,

Ramat Gan, 5250501

Israel

Email: support@binah.ai

Where you are a direct user of the Services, a browser or visitor of our Services, or contacting us directly, we process your personally identifiable information as the controller, meaning that legally, we deem as the owner of your personally identifiable information. In those cases, and for GDPR purposes, we assume the role of Data Controller, and any of our external suppliers shall be deemed as Data Processor.

In some other cases, the App may be provided to you by us as part of our engagement with certain third party, such as your employer (“Account Owner”). In those cases, the Account Owner may be the sole Controller or joint Controller of your data, while we act as a Data Processor processing the data on their behalf. In those cases, some aspects of the Processing of your data may be subject to separate agreements and privacy policies provided by your Account Owner.

Questions, comments, requests and complaints regarding this Privacy Policy and the information we hold are welcome and should be addressed to us by using the contact details above. All requests will be dealt with promptly and efficiently. In addition, you can always address your questions and concerns to anyone on the Study team.

Our Data protection Representation under the GDPR

We value your privacy and your rights as a European data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/17807568507

2. The Data we process

Processing of Non-Personal Data

As part of providing you with the Services, we may collect aggregated, non-personal and non-identifiable information which may be made available or gathered via your use of the Services and your interaction with us (“Non-Personal Data“). Further, we may process identified Personal Data to create a new data set which is not identified under common standards and applicable laws. Such a new data set will be considered as Non-Personal Data. Non-Personal Data may be used by us without limitation and for any purpose, including for commercial, research, or statistical purposes, without further notice to you. If we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.

Processing of Personal Data

As part of using the App or Dashboard, you will be required to register and open a user account (whether directly or through the use of access info provided to you), while providing your basic contact info, credentials and other basic data including your demographics such as sex, age, etc. Further, during the use of the Services, some usage data may be processed and kept by us, such as your measurements and vitals, stress levels, and general usage data as the dates and times of use. Such data may be deemed as “Personal Data”, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data” or “Personal Information” as defined under applicable law).

Please see below the table which specifies the Personal Data we collect and how we use it.

Please note that the actual processing operation per purpose of use and lawful basis detailed in the table above, may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure or destruction. Transfer of Personal Data to third party countries as further detailed in the Data Transfer section is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.

1. HOW WE COLLECT INFORMATION

• Automatically – we may use cookies, SDKs or similar tracking technologies in connection with our Dashboard and App. The way in which we, and third parties, place cookies in connection with the Services, use cookies and collect data, is explained in the Cookies part below.
• Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, as through the App, registration process, measurements, contact us communications, etc.
• Provided by Third Parties– such as through Apple or relevant Account Owner, or through the use of our vendors and service providers.

2. COOKIES & TRACKING TECHNOLOGIES

When you use the Dashboard, we or our third-party service providers may use Cookies to gather, store, and track certain information related to your access of, activity and interaction with the Dashboard.  You can find out more information about cookies at www.allaboutcookies.org.

The usage of Cookies in the Dashboard is under your control per the Cookie bar installed in our dashboard. You may also remove Cookies by following the instructions on your device governing the setting of your preferences. Our Cookies do not enable any access to or inspection of other information on your device. If you wish to be notified of when Cookies are placed on your device, you may set your web browser to provide such notices.

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited. Please see the following links for more information with respect to how you can block or erase cookies via your particular browser: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.

In the App, we may use specific tracking and analysis technologies, mainly known as SDKs for collection and analysis of usage data for monitoring and improvement purposes as explained above.

3. DATA SHARING

We share your data with third parties, including with trusted partners or service providers that help us provide our services and improve our services:

Where we share information with service providers and partners, we ensure they only have access to such information that is strictly necessary in order for us to provide the services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only, while ensuring compliance with all applicable data protection regulations.

We use the following SDK (a Software development kit) which is a set of tools that provide us with the ability to build a custom app which can be based on, or connected to, another program. SDKs are used only in our App. SDK create the opportunity to enhance our App with more functionality, as well as include advertisement and push notifications, if applicable.

The specific SDK we currently use, purpose of use, their privacy policy and opt-out controls are set forth in the table below:

1. HealthKit shared information

This section of our privacy policy describes how the Application interacts and shares data with Apple HealthKit.

With your consent, the application enables sharing specific application measured results with Apply HealthKit. In such case, the application shares the information collected through the usage of the Application with Apple HealthKit, so the such data will be processed as stored as part if the User’s HealthKit data, for the user usage only. The Application does not retrieve the HealthKit information and We do not get any access to the HealthKit Data.   Application’s Information that can be shared and stored with HealthKit includes:

• Pulse Rate
• Respiration Rate
• Heart Rate Variability (HRV) SDNN

Sharing of Application’s data with Apples HealthKit is always subject to your prior consent. You can withdraw your consent to the application sharing with HealthKit at any time within the relevant Apple Inc. application (e.g. Apple Health). Withdrawing your consent will not prevent you from using the application,

Your HealthKit data is not being used for advertising, and We do not sell or share your HealthKit Information to third party advertising platforms, data brokers or information resellers. Nor will we use your HealthKit Information for data-mining activities; and we will not disclose HealthKit Information to any third-party. 

2. Your Data Subjects’ rights under Privacy Protection laws

Under relevant privacy laws, individuals may possess specific rights that allow them to request information or modifications in how we process their personal data. These rights may include the following:

• Access to your Personal Data;
• Correction of your Personal Data;
• Deletion of your Personal Data;
• Restriction on our use of your Personal Data;
• Objection to our use of your Personal Data;
• Request for the transfer of your information to another organization or to provide you with a copy of your Personal Data (Portability Right);
• Withdraw your consent.

To exercise any of these rights, please contact us through the provided means of communication, directly to us or through our Data Protection Representative. We may not always be able to fulfill your request, and not all of these rights are applicable in every jurisdiction or in every case. Where we are not able to provide you with the information which you have requested, we will endeavor to explain the reasoning for this and inform you of your rights, including the right to complain to the relevant supervisory authority. We reserve the right to ask for reasonable evidence to verify your identity before providing you with any such information per applicable law.

If you are a user of the Services under an Account Owner, some or all of your rights, may be only exercised under the responsibility and discretion of such Account Owner. In such cases, please contact your Account Owner directly. Any inquiry transferred to us regarding such data will be forwarded by us to the relevant Account Owner as the Controller of such data.

If you are not satisfied, you have the right to file a complaint with the appropriate data protection supervisory authority at any time. However, we would appreciate the opportunity to address your concerns before you involve the authorities. Please do not hesitate to contact us initially.

3. Data retention

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulations, or until you express your preference to opt out, where applicable.

The criteria used by us to determine our retention periods are as follows:

• We retain Personal Data for the periods needed in order to achieve the purpose for which Personal Data was collected. For example, Contact Communications data will be retained, at least as long as necessary to address your inquiry.
• App’s usage data may be kept in an identified manner at least until the last regulatory approval is granted for our relevant products, and even for longer periods, for record keeping under ours and Study site’s legal obligations. For example, under EU legislation relating to Medical Devices (Regulation (EU) 2017/745) we must retain some data relating to our Services for a period of 10 years after the last placing of a product in the EU market.
• We retain Personal Data for the periods needed in order to comply with our obligations under applicable laws. For example, transactional data may be kept for up to seven years and sometimes more, in accordance with our bookkeeping obligations.
• If you have a dispute with us, we may retain certain types of Personal Data as necessary and as applicable to your claims, including any legal proceedings between us, until such dispute is resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. In addition, in the event you request to exercise your rights, we will maintain the relevant correspondence for as long as needed to demonstrate compliance.
• Retention of data processed by us as a Processor on behalf of an Account Owner will be retained in accordance with the instructions of such Account Owner as the Controller of the data.

At our sole discretion, we may rectify or erase information from our systems without prior notice to you, once we deem it no longer necessary for such purposes.

4. SECURITY

We use physical, technical, and administrative security measures for the Services that we believe comply with applicable laws and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed or accidentally lost.

However, unfortunately, the transmission of information via the internet and online data processing cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted via App or Services and any transmission of your data shall be done at your own risk.

5. Data Processing Location

We may store or process your Personal Data in a variety of countries, including Israel as we are headquartered there. In any such case we remain responsible for protecting your privacy and data security, in accordance with applicable law requirements.

Suppose you are a resident of a jurisdiction where the transferring of your Personal Data requires your consent. In that case, your consent to this Privacy Policy includes your express consent for such transfer of your data.

We are not responsible for the further processing, including storage and processing location, of any data transferred by us or transmitted from the App to an Account Owner, such data is managed under the sole responsibility and discretion of such an Account Owner as the Controller of such data.

 CHILDREN

Our App and Services are not directed, nor is it intended for use by children (the phrase “child” shall mean an individual that is underage defined by applicable law) and we do not knowingly process a child’s information. Please contact us if you have reason to believe that a child has shared any information with us.

Last Update: July-25-2023