This is the Policy of Brain Resource, Inc. d/b/a Total Brain (“Total Brain,” “us,” “our,” or “we”), a California corporation. You can contact us here.
This Policy applies to our “Services”, which includes:
Following notice to you or your acknowledgement of this Policy (including any updates), your continued use of any of our Services indicates your consent to the practices described in this Policy.
We may change this Policy from time to time. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Services following notice of any changes indicates acceptance of any changes.
Feel free to contact us with questions or concerns using the appropriate address below.
Phone: (415) 399-7990
268 Bush St.
San Francisco, CA 94104
Our Services may be provided to organizations that have entered into an agreement with us, such as an employer or a clinic (our “Clients”). When our Services are provided as part of a Client agreement, we may share certain information with our Client about that Client’s users of our Services (“Client Users”) as part of any authorized Reporting Services and/or any authorized Clinical Reporting. The extent of this reporting will vary based on the nature of the Client relationship, your consent, rights, choices, and other variables discussed further below. This Policy reflects only how we process Personal Data through our Services. This Policy does not apply to Clients’ uses of data accessed or made available through our Services.
This Policy also does not apply to information processed by other third parties, for example, when you visit a third-party website or interact with third-party services, unless and until we receive your information from those parties. Please review any third parties’ privacy policies before disclosing information to them.
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”), including certain Personal Data that may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation (“Special Category Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Personal Data about you and your identity, such as your name, username, birth date, gender, and other Personal Data you may provide on registration or purchase forms or as part of an account profile, or otherwise when you use our Services (e.g. biographical information).
Personal Data used to contact an individual, e.g. email address, physical address, or phone number.
Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history and similar browsing metadata, and other data generated through applications and browsers, including via cookies and similar technologies.
Personal Data relating to your geographic location, such as information collected from your device’s GPS, or location information you voluntarily provide to us.
Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, and other relevant information you provide in connection with a financial transaction.
Personal data contained in any free text or unstructured format, such as notes, comments, or other text entered into a text box, whether by you, a Client User, or provided by another third party.
Personal Data relating to inferences drawn from Personal Data to create a profile about you, such as predispositions, behavior, and attitudes.
Brain Performance Data
Inference Data relating to an individual’s brain performance (such as memory, cognition, attention, or similar characteristics) that is provided by or collected from a user of the Services or that is inferred or derived from an analysis of other Personal Data we collect under this Policy.
Personal Data relating to physical characteristics, such as your height and weight, and dominant hand (this may be classified under applicable law as Special Category Data), as well as heart rate and variability (“HRV”) data.
Mental Health Data
Personal Data, including Brain Performance Data, to the extent that data relates specifically to mental health, such as risk factors for or indicators correlated with certain mental health conditions, or other similar data (this may be classified under applicable law as Special Category Data).
We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data:
Data you provide to us
You may provide us or our Clients with Personal Data directly, for example, as part of account registration or when you provide information through the Platform.
Data we create or infer
We or our Clients (or third parties operating on our behalf) create and infer Personal Data such as Inference Data, Mental Health Data, or Brain Performance Data based on our observations or analysis of other Personal Data processed under this Policy.
We may receive Personal Data from third parties with whom we or a Client have a relationship. For example, we may receive certain Personal Data when you sign up through your employer or clinical practice.
We generally process your Personal Data in connection with the following activities and purposes, as well as for the Business and Commercial purposes described below.
When you create an account on our Services, we process certain Personal Data, which typically includes Identity Data, Device/Network Data, Contact Data, and if you choose to provide it, Location Data. Additionally, if you make a purchase or initiate or renew a paid subscription through our Services, we may process Identity Data, Financial Data, and certain Contact Data. Note, third parties typically processes these transactions on our behalf.
We use Identity Data and Contact Data as necessary to create, maintain, and provide you with important information about your account. Additionally, we use the Transaction Data, Identity Data and Contact Data as necessary to complete and provide you with important information regarding your transaction. Financial Data is used only as necessary to process transactions that you request. We may also use Location data in developing geographic clustering of brain profiles, and in personalization or recommendation of activities within the Platform.
Brain Performance Platform
If you use our Platform, we process Personal Data such as Identity Data, Device/Network Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data. We generally process the Personal Data provided through the Platform as necessary in connection with our provision of the Platform and services you request, including to create Brain Performance Data and Mental Health Data, and related Inference Data regarding your mental performance and mental health.
For example, we may track and analyze your memory, attention and cognition at a point in time or over time, or in response to certain environmental or other circumstances, and provide you with a dashboard summarizing this analysis. Additionally, we may collect certain additional information, such as HRV, when you agree to share that data. When we collect HRV, we may require access to your camera in order to observe your pulse and detect variation in your heart rate without the use of wearable equipment. The HRV function records only heart rate and variability and does not collect biometric information such as fingerprints or heart rhythm/ECG data, video, or images.
If you are a Client User, we may also process this Personal Data in connection with Client Reporting or Clinical Reporting if you access our Service through a Client or a clinic/health care provider for Clinical Reporting.
Note: We process Mental Health Data, Brain Performance Data, Location Data and Physical Data only in accordance with your consent where your specific is consent required by applicable law. We may also process Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data using AI & Automated Analysis. This processing helps us better personalize the Platform, improve the accuracy and quality of our brain performance analysis, and our assessment of mental health risk factors.
We may make certain modules or features of our Services available on our Corporate Site (e.g. totalbrain.com/mental-health-test-online) as part of consumer demos, testing, or as part of partner referral engagements (“Demo Modules”). When you use a Demo Module, we may process Inference Data and Brain Performance data related to your test. While we may store test results, and use this information our internal process/service improvement, or for our AI and automated analytics (see the business purposes of processing below), we do not collect or process any Identity Data or other user-specific identifiers, and this data is stored in anonymized form. Please note, we may, from time to time, work with certain third parties, e.g. as part of referral relationships or to provide links to third party services. We do not share Personal Data with these third parties unless notified to you prior to disclosure, and we do not control the third party privacy practices. Please review any third party privacy policies before disclosing your personal data or using third party services.
We may process Identity Data, User Content and certain Contact Data if you choose to complete a customer survey, questionnaire, or similar form. Note, some surveys are operated/controlled by us, and others are operated/controlled by our third party partners. We may receive this data from third parties to the extent allowed by the applicable partner.
In certain cases, we may also offer clinical ‘Screening Assessments’ where you may answer additional questions regarding your mental health and progress, in which case we will collect additional Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data. This information will be processed in the same manner and subject to the same restrictions as data collected in connection with our Platform (described above), and in some cases, may be shared with the respective clinical Client.
Note: If you win a promotion, your acceptance of a prize may allow us to make certain Personal Data public, e.g. posting your name on a winner’s page. See the applicable program’s terms and conditions for details.
We, and certain third parties, may process Identity Data, Contact Data, Location Data, and Device/Network Data when you interact with cookies and similar technologies on our Services. We may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
Subject to users’ Rights and Choices, we use this information as follows:
Note: Some of these technologies can be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.
Business and Commercial Purposes of Processing
The following provides additional information regarding the business and commercial purposes of processing.
Service Provision and Contractual Obligations
We process any Personal Data as is necessary to provide the Services, authenticate users and their rights to access the Services, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and Services you request.
Internal Processes and Service Improvement
We may use any Personal Data we process through our Services as necessary in connection with our legitimate business interests in improving the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with logs and metadata relating to Services use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Data to understand what parts of our Services are most relevant to users, how users interact with various aspects of our Services, how our Services perform, etc., or we may analyze use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our users. This processing is subject to users’ Rights and Choices applicable to processing performed in accordance with our legitimate business interests.
We process Personal Data in connection with our legitimate business interest in personalizing the Platform. For example, the Service may be customized to you so that it displays your name, reflects service preferences or to display content that we think may be of interest to you based on your interactions with our Platform, questionnaires, assessments, etc. This processing may involve the creation and use of Inference Data relating to your preferences. This processing is subject to users’ Rights and choices applicable to processing performed in accordance with our legitimate business interests.
AI & Automated Analysis
Our Platform is powered by machine learning algorithms that rely on databases, software, and other automation tools that process the data collected via our Platform. We process this data in order to develop and help us improve the accuracy and quality of our brain performance recommendations, related analytics, for Platform personalization, and to further refine and validate our assessment of mental health risk factors.
For example, we compare User data with prior outcomes and sequences of actions that have resulted in increased brain performance, indicate areas for improvement, and in connection with Screening Assessments, assess whether test results are consistent with those of individuals reporting common mental health conditions. We analyze this information to create a personalized course of action for the User that is customized to a User’s specific performance history, cognitive predispositions, and goals.
This analysis may reveal sensitive categories of personal data related to your health. We perform this assessment using automated means. Our Screening Assessments are non-diagnostic and intended only to provide you with suggestions and additional information that you may find useful as you take advantage of company benefits, in your personal life, or have discussions with healthcare professionals.
We use data collected from the training exercises and Screening Assessments to further improve our Platform, including our algorithm. We use de-identification and anonymization techniques to protect user privacy when we handle data in connection with machine learning and AI training. Training data is subject to our strict policies limiting access and re-identification. We anonymize customer information when you close your account, following certain rights requests, and if you cease using the service for an extended period of time.
We process Client Users’ Identity Data, Brain Performance Data, and Mental Health Data in order to create aggregate, anonymized reports of mental health trends among the Client Users that are part of their organization. Unless you agree to have your Personal Data disclosed, these Client Reports consist of only Aggregated or Anonymized Data representing a summary of the productivity, mental health risks, and the mental/personality characteristics of Client Users in the Client’s organization.
With your consent and if permitted under our Client Agreement, we may disclose to Clients that a specific named individual has taken an assessment, the time the person has spent performing activities within the Platform, and the results of an assessment or any other Personal Data to the Client (note, in such cases, you may be required to provide your prior consent to us or the Client).
In certain contexts and with your authorization (e.g. where our Service is used by a health care practice or clinical environment), we may provide access to complete assessments, including the Identity Data, Brain Performance Data, Location Data, Physical Data and Mental Health Data in them, as well as additional analytics or features exclusive to a clinical offering. Certain health care providers may also provide additional Personal Data in connection with User Content they input into the Platform regarding a given user.
Anonymization & Aggregate Analytics
We will collect and aggregate or anonymize your Personal Data and information about your use of the Services in order to identify certain trends in how our Services are used, including without limitation, cognitive trends, user brain performance outcomes, geographic trends, etc. relating to our Platform (“Aggregated or Anonymized Data”). Aggregated or Anonymized Data is not Personal Data and does not contain information from which you may be personally identified, and we take steps to ensure that such information is not reasonably re-identifiable. When we process any Personal Data for this purpose, we do so subject to your consent where required by law, and at all times subject to users’ Rights & Choices.
We generally use this data in order to identify certain trends in how our Services are used, including without limitation, cognitive trends, user brain performance outcomes, geographic trends, etc. relating to our Platform. For example, we may process Brain Performance Data to determine aggregate trends in brain performance and the response to various activities, games, and other aspects of our Platform. We may also use this information in connection with AI and Automated Analysis.
We may share Aggregated or Anonymized Data with third parties, including (without limitation) for Research and Public Health purposes, or with Clients as part of Client Reporting, to give them a better understanding of our business and improve the marketability or performance of our Services.
Research and Public Health
We may also process and disclose your Personal Data for uses related to medical research, public health, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law.
Compliance, Health, Safety & Public Interest
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
We use Personal Data as necessary to provide marketing communications, and consistent with our legitimate business interests, we may send you marketing and promotional communications if you sign up for such communications or register for our Platform. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates.
Other Processing of Personal Data
If we process Personal Data in connection with our Service in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to users’ Rights and choices) unless otherwise stated when you provide it.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
We process Personal Data on behalf of Clients and may share with Clients information in connection with our Reporting Services and any Clinical Reporting.
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host portions of our Service or may disclose information as part of our own internal operations, such as security operations, internal analytics, product development, etc.
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our customers, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
In order to deliver certain advertisements, and develop better products and services, we may share with trusted third parties for marketing, advertising, or similar commercial purposes the Personal Data described in the Cookies and Similar Technology section, and any information that we may use for Marketing Communications.
Any Personal Data may be processed in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
We may disclose any Personal Data in accordance with your consent, or on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, for public health and other matters in the public interest. In addition, we may disclose Personal Data to medical providers or healthcare organizations, either with your consent, or where allowed by applicable law.
Subject to the rights granted to other individuals, and our rights to limit or deny access/disclosure under applicable law, you may have some or all of the rights listed below. We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity. You may have additional rights under local law. Additional rights and disclosures for residents of the UK/EEA/Switzerland and California, as well as parents’ rights, are described below.
You may receive a list of your Personal Data that we process to the extent required and permitted by law.
You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided directly via the Services via your account settings menu.
Erasure: To the extent required by applicable law, you may request that we delete your Personal Data from our systems.
To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
You have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
Note: As described above, we generally do not share Personal Data with Clients (except as part of Clinical Reporting. Accordingly, we are unable to directly fulfill rights requests regarding Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client to the extent necessary in the fulfillment of your request. You may exercise your rights by contacting us at the address set forth below in the Contact Us section.
You have the following choices regarding the Personal Data we process:
If you consent to processing, you may withdraw your consent at any time, to the extent required by law. You may opt out of HRV data by disabling Total Brain’s camera access via the OS settings menu. You may be required to close your account in order to withdraw consent where your consent is necessary to perform essential aspects of the service.
You have the choice to opt-out of or withdraw your consent to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Cookies & Similar Tech
To the extent we process Mental Health Data, Physical Data, Biometric Data, Brain Performance or other Personal Data relating to health conditions by automated means, you may opt-out of, or revoke your consent, to this processing or elect to have an individual review any of the results of processing.
Research and Public Health
You may request that Total Brain not use Personal Data gathered through your use of the Services for these purposes and Total Brain will promptly comply with any such request.
You may have the right under applicable law to object to our processing of your Personal Data for certain purposes, including without limitation, situations where we process in accordance with our legitimate interests. You may do so by contacting us re: data rights requests. Note that we may not be required to cease processing based solely on an objection.
Our Service is generally not directed at children under the age of 18. In limited cases, however, we may collect Personal Information subject to the Children Online Privacy Protection Act (“COPPA”). We do not knowingly collect information from children under the age of 13 without first obtaining verifiable parental consent.
Where COPPA applies to your child’s Personal Information, we will not collect more Personal Information than reasonably necessary to participate in any given activity. Parents and guardians may also access and delete the Personal Information we hold about their child, and may revoke their consent, or refuse to permit future collection of Personal Information from their children, at any time. Further, if we allow sharing of their child’s Personal Information (e.g. to a clinical Client), parents or guardians may elect to disallow sharing while allowing our collection and use of their child’s information, provided that the availability or certain features of the Service may be affected if sharing is a requirement in your agreement with the Client. Note that our Service does not allow Users to make information publicly available. Please contact us at the address below to exercise any of the rights granted to you as a parent or guardian under COPPA.
Across all of our Services, we implement and maintain reasonable security measures to safeguard the Personal Data you provide us. Additionally, we protect data collected through the Platform by implementing TLS to encrypt data in transit, and we store that data on encrypted servers in data centers required to adhere to strict security standards. While we strive to keep our Services secure, we cannot warrant perfect security and so we do not provide any guarantees that your Personal Data or any other information you provide us will remain secure. Note, we sometimes share Personal Data with third parties as noted above, and though we may require them to meet certain security requirements, we do not have control over third parties’ security processes.
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
We operate in and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the Standard Contractual Clauses (e.g. eligibility data from Clients), or other adequacy mechanisms, or pursuant to exemptions provided under EU law (e.g. if you consent when you register). Contact us for additional information regarding the mechanisms to ensure adequate protection of data subject to EU Law.
Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Rights & Choices section above, subject to your submission of an appropriately verified request (see below for verification requirements):
|Right to Know||You may request any of the following, for the 12 month period preceding your request: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties to whom we have sold your Personal Data, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you.|
|Right to Delete||You have the right to delete certain Personal Data that we hold about you, subject to exceptions under applicable law.|
|Right to Non-Discrimination||You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.|
|Direct Marketing||You may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.|
|Opt-Out of Sale||If we engage in sales of data (as defined by applicable law), you may direct us to stop selling or disclosing Personal Data to third parties for commercial purposes. We do not currently “sell” your Personal Data.|
Submission of Requests
You may submit requests, as follows (see below for summary of required verification information):
|Right to Know||You may email us at firstname.lastname@example.org. Please provide your email address, phone number and address we have on file for you along with your desire to know what Information we have on you.|
|Right to Delete||You may email us at email@example.com. Please provide your email address, phone number and address we have on file for you along with your desire to have your data deleted.|
|Direct Marketing||You may request a list of any relevant direct marketing disclosures via email to our privacy team at firstname.lastname@example.org.|
Verification of Requests
All rights requests must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Data. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
Categories of Personal Data Disclosed for Business Purposes
For purposes of the CCPA, we may disclose to Service Providers for “business purposes” the following categories of Personal Data: Identity Data; Contact Data; Device/Network Data; Location Data; Financial Data; User Content; Inference Data; Brain Performance Data; Physical Data; Mental Health Data.
No Data Sale
For the purposes of the CCPA, we do not “sell” your Personal Data.
Right to Know
|Category of Data||Category of Sources||Business Purposes||Category of Recipients|
|Identity Data||Data you provide to us; Data we create or infer; Automatic collection; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest; Marketing Communications||Clients (if and to extent authorized); Service Providers; Affiliates; Marketers; Successors; Legal Disclosures; Other|
|Contact Data||Data you provide to us; Data we create or infer; Automatic collection; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; Compliance, Health, Safety & Public Interest; Marketing Communications||Clients (if and to extent authorized); Service Providers; Affiliates; Marketers; Successors; Legal Disclosures; Other|
|Device/Network Data||Automatic collection||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest; Marketing Communications||Service Providers; Affiliates; Marketers; Successors; Legal Disclosures; Other|
|Location Data||Data you provide to us; Data we create or infer; Automatic collection; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest;||Clients (if and to extent authorized); Service Providers; Affiliates; Successors; Legal Disclosures; Other|
|Financial Data||Data you provide to us||Service Provision/Contract; Process/Service Improvement; Compliance, Health, Safety & Public Interest||Service Providers; Affiliates; Successors; Legal Disclosures; Other|
|User Content||Data you provide to us; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest; Marketing Communications||Clients (if and to extent authorized); Service Providers; Affiliates; Marketers; Successors; Legal Disclosures; Other|
|Inference Data||Data you provide to us; Data we create or infer; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest;||Clients (if and to extent authorized); Service Providers; Affiliates; Successors; Legal Disclosures; Other|
|Brain Performance Data||Data you provide to us; Data we create or infer; Clients||Service Provision/Contract; Process/Service Improvement; Personalization; AI/Automated Analysis; Client Reporting; Clinical Reporting; Aggregate Analytics; Research/Public Health; Compliance, Health, Safety & Public Interest;||Clients (if and to extent authorized); Service Providers; Affiliates; Successors; Legal Disclosures; Other|
|Physical Data||Data you provide to us; Data we create or infer; Clients|
|Mental Health Data||Data you provide to us; Data we create or infer; Clients|
Legal bases for processing
The legal bases for our processing of your Personal Data are described in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at email@example.com.
|Processing purpose||Legal Basis|
Brain Performance Platform
Surveys and Questionnaires
Promotions and Offers
|Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. This may include processing that is in connection with operations that are necessary to provide the Services themselves.|
|The following processing activities constitute our legitimate interests. We balance any potential impact on you when we process your personal data for our legitimate interests. You may object to this processing as permitted by law. For example, our legitimate interests include:|
|Determining the effectiveness of marketing campaigns|
Internal Processes and Service Improvement
Cookies and Similar Tracking Technologies
|To create, provide, support, maintain, and improve the functionality and performance of our Services, and operate our business|
Internal Processes and Service Improvement
|To secure our Platform and network, investigate suspicious activity or violations of our terms or policies; and to protect the safety of Personal Data, including to prevent exploitation or other harms to which users may be particularly vulnerable.|
|Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.|
Brain Performance Platform
|Processing is based on your consent solely to the extent these processes involve the processing of Mental Health Data or Special Category Data. Where we rely on your consent you have the right to withdraw it anytime by closing your account.|
|All Personal Data||Note, we may process and disclose Personal Data where it is in the vital interests of a data subject, to comply with a legal obligation to which we are subject, in the public interest, for public health purposes and medical or scientific research, or other appropriate legal ground which may apply under applicable law.|
In addition to the rights set forth above, EU users have the following additional rights
Right to Object
Where we process Personal Data on the basis of our legitimate interests, you can object to that processing to extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise, or defense of a legal claim.
Right to Restrict
You may have the right to restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.