Data Processing

DATA COLLECTION AND PROCESSING OVERVIEW

At Wizey LLC, we process the following categories of data:

• Medical test results and health data (with explicit consent)
• Personal identification information
• Healthcare provider information
• Usage and analytics data
• Technical and device information

Our processing activities include:

• AI-powered analysis of medical test results
• Health trend analysis and recommendations
• Service optimization and improvement
• Security and fraud prevention
• Regulatory compliance

LEGAL BASIS FOR PROCESSING

We process personal data under the following legal bases:

• Explicit consent for health data processing, revocable at any time
• Contractual necessity for service provision
• Legal obligations under healthcare regulations
• Legitimate interests for service improvement
• Public health purposes where applicable

DATA PROCESSING PROCEDURES

Our data processing procedures include:

• Initial data collection and verification
• Secure storage and encryption
• AI-powered analysis and processing
• Regular data quality assessments
• Automated and manual data updates

DATA SECURITY MEASURES

We implement comprehensive security measures:

• End-to-end encryption for all health data (e.g., AES-256)
• Multi-factor authentication for access
• Annual security audits and penetration testing
• Access control and monitoring
• Incident response procedures

We notify you within 72 hours of any data breach, per GDPR.

DATA RETENTION AND DELETION

Our data retention policies ensure:

• Compliance with medical record retention laws
• Secure data deletion procedures upon request or contract end
• Regular data minimization reviews
• Automated retention period management
• Data backup and recovery protocols

Data is returned or deleted at the controller's request unless legally required to retain.

THIRD-PARTY PROCESSORS

We work with carefully selected processors who:

• Meet our strict security requirements
• Sign comprehensive data processing agreements
• Undergo regular compliance audits
• Require prior controller approval per GDPR
• Maintain adequate insurance coverage

INTERNATIONAL DATA TRANSFERS

For international data transfers, we ensure:

• Compliance with cross-border transfer regulations
• Implementation of Standard Contractual Clauses (SCCs)
• Assessment of receiving country adequacy
• Data localization where required
• Transfer impact assessments

DATA SUBJECT RIGHTS

We support the following data subject rights:

• Right to access and portability
• Right to rectification and erasure
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

AUTOMATED DECISION MAKING

Regarding automated decision-making:

• Transparency about AI-powered analysis
• Human oversight of automated decisions
• Right to contest automated decisions
• Alternative assessment options
• Regular algorithm audits

DATA PROTECTION IMPACT ASSESSMENTS

We conduct DPIAs for:

• New processing activities
• Technology updates
• High-risk processing operations
• Large-scale data processing
• Sensitive data handling

LIABILITY

As a data processor, our liability is limited to:

• Direct damages caused by our negligence
• Amount paid under this agreement
• Excludes liability for controller-provided data inaccuracies

Controllers may audit our processes with 30 days' notice, at their expense.