Medfuture Detailed Privacy Notice

1. Introduction and scope

Capitalized terms and expressions not otherwise defined have the meaning assigned to them in Article 2.

MEDFUTURE CLINIC INC. (“ Medfuture ”, “ we ” or “ us ”) is committed to protecting the Personal Information it collects in the course of operating its business and maintaining its commercial relationships.

This Notice relating to the protection of Personal Information (the “ Privacy Notice ”) explains Medfuture’s practices regarding the processing, including the collection, use, disclosure, retention and destruction of Personal Information that we collect from you. consideration when you visit our website https://medfuture.ca (the “ Website ”), our online service platform (the “ Platform ”) as well as our mobile application from which you can access our Platform (the “ Application ”, collectively with the Website and the Platform, the “ Service ”) in accordance with the Privacy Laws. We take the necessary measures so that the Personal Information we collect is adequate, relevant, non-excessive and used for limited purposes. In certain circumstances, certain provisions of this Notice exceed the requirements of the Privacy Laws, in such situations, Medfuture has full discretion to apply them.

The Notice also describes the rights to the protection of Personal Information enjoyed by Data Subjects, including the right to object to certain of the processing carried out by Medfuture.

This Notice does not, however, apply to Personal Information collected by:

a) us offline, by any other means, including any other website operated by a third party, in such a case, please refer to the RPRP mentioned in subparagraph 3.1.2, which may send you our notice applicable to this type of collection, if applicable;

b) any third party, through any application or content that may link to or be accessible on the Service.

The Service is not intended for children (under 14 years of age) and we do not knowingly collect Personal Information relating to such children.

It is important to read this Notice along with any other notices relating to the protection of Personal Information that we may send to you from time to time when we collect your Personal Information so that you are fully aware of the ways and purposes for which we use your Personal Information . This Notice supplements any other notice or policy relating to the protection of Personal Information and is not intended to replace them. If you do not agree with our opinions, policies and practices regarding the protection of Personal Information that comply with Privacy Laws, your choice is not to use the Service. By actively transmitting your Personal Information to us through direct interactions within the Service, you indicate to us that you understand, accept and consent to the practices described in this Notice. Please note that where we collect Personal Information in a way that you are not likely to notice, for example through the use of cookies or other tracking technology, we will obtain your express prior consent ( opt-in ), in accordance with our Cookie Notice .

The Notice has been prepared in accordance with applicable Privacy Laws and is provided to you in several layers to enable you to click on the specific sections mentioned below. Alternatively, you can download a full version in PDF format by clicking here .

2. Definitions

“ Supervisory Authority ” means any independent public authority which has been established by a government agency and which is responsible for monitoring the application of a Privacy Law for the purpose of protecting the fundamental rights and freedoms of Individuals concerned in connection with the processing of Personal Information and facilitate the free movement of Personal Information.

“ Cookie Notice ” means our notice describing how we treat cookies and other trackers. You can access this notice by clicking here .

“ Confidentiality incident ” means unauthorized access, use or communication to Personal Information as well as the loss of Personal Information or any other breach of the protection of such information.

“ Privacy Laws ” means the applicable laws governing the processing of Personal Information, including the Personal Information Protection and Electronic Documents Act , SC 2000, c. 5, the Act respecting the protection of personal information in the private sector , SQ ch. P-39.1 and other similar provincial laws, as well as the regulations, interpretation bulletins, opinions and decisions of the bodies responsible for their execution relating thereto.

“ Person concerned ” or “ you ” means any identified or identifiable individual about whom Medfuture collects Personal Information through or in connection with your interactions with the Service.

“ Anonymized information ” means information which no longer allows, irreversibly, to directly or indirectly identify the Person concerned.

“ Commercial Information ” means any Personal Information identified in paragraph 4.2.

“ Depersonalized information ” means information that no longer allows the Person concerned to be directly identified.

“ Identity and Contact Information ” means any Personal Information identified in paragraph 4.1.

“ Usage or Profile Information ” means any Personal Information identified in paragraph 4.4.

“ Sensitive economic and financial information ” means any Personal Information identified in paragraph 4.4.

“ Billing Information ” means any Personal Information identified in paragraph 4.3

“ Health Information ” means any Personal Information identified in paragraph 4.8.

“ Marketing Information ” means any Personal Information identified in paragraph 4.7.

“ Personal information ” means any information relating to an identified or identifiable natural person or as that term is defined or to the term “personal data” under a privacy law, but excludes information which is not not considered Personal Information under the various Privacy Laws. Also, for greater certainty, an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, data location, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.

“ Special Sensitive Information ” means any Personal Information identified in paragraph 4.9.

“ Technical Information ” means any Personal Information identified in paragraph 4.6.

3. DATA PROTECTION OFFICER AND SUPERVISORY AUTHORITIES

3.1 Liability

Medfuture is responsible for the processing of the Personal Information that it processes and has appointed a Personal Information Protection Officer (the “ RPRP ”) who ensures that Medfuture complies with the Privacy Laws.

3.1.1 MEDFUTURE'S CONTACT DETAILS AS DATA CONTROLLER:

Clinique Medfuture inc.

c/o Alexandra Audy

18005, rue Lapointe no. 405

Mirabel (Quebec) J7J 0G2

Such. : 514 378-7000 ext. 4487

Email: rprp@medfuture.ca

3.1.2 Contact details of the RPRP:

Alexandra Audy

18005, rue Lapointe no. 405

Mirabel (Quebec) J7J 0G2

Such. : 514 378-7000 ext. 4487

Email: rprp@medfuture.ca

3.2 Supervisory authorities

You have the right at any time to file a complaint with a Supervisory Authority:

a) In certain circumstances, if you submit your Personal Information when you are located in Quebec: to the Commission d'access à l'information du Québec ( https://www.cai.gouv.qc.ca )

b) In certain circumstances, if you submit your Personal Information when located in Alberta: to the Office of the Information and Privacy Commissioner of Alberta ( https://www.oipc.ab.ca/ );

c) In certain circumstances, if you submit your Personal Information when you are located in British Columbia: to the Office of the Information and Privacy Commissioner of British Columbia ( https://www.oipc.bc. That/ );

d) If you submit your Personal Information when you are located elsewhere in Canada: to the Commission d'access à l'information ( cai.gouv.qc.ca ) or to the Office of the Privacy Commissioner of Canada ( https: //www.priv.gc.ca/ ), depending on the applicable circumstances;

However, we would appreciate the opportunity to answer your questions or discuss your issue before you contact such a Supervisory Authority. So, we would appreciate it if you would contact us first.

4. Personal information collected by Medfuture or that you provide to us

We limit our collection of Personal Information to the information necessary to allow you access and use of the Service as well as for the purposes more fully detailed in Article 6 hereof.

4.1 Identity and Contact Information.

Your first name, last name, email address, civic address, date of birth, gender, health insurance number, group insurance and telephone number.

4.2 Commercial Information.

The types and quantities of products and services you have purchased.

4.3 Billing Information.

The first name, last name and email address of the billing contact and billing postal address; amounts invoiced, amounts due or overdue.

4.4 Sensitive economic and financial information.

Your credit card number.

4.5 Usage or Profile Information.

Your email address and password to access the Platform and/or Application. Information about how you use the Service, including display language, services and products you viewed or searched for, page response times, download errors, IP address, system of operation, time and day of connection to the Service, duration of visits and information regarding interaction with pages (including scrolling, clicks and mouse-overs), which are processed using the use of cookies . To learn more about our use of cookies or similar technology, please see our Cookie Notice .

4.6 Technical Information.

Information collected during your visits to our Website. This information includes your Internet Protocol (IP) address, location data, connection and web log data, referred Internet addresses, other communications data, searches and pages visited, time, date, date, your language preferences, the browsers you use and their versions, browser add-on types and versions, device type, time zone settings, operating system and platform of your devices with which you browse or log in and use the Service. Also, to facilitate your use of the Service or for future communications, Medfuture or its service providers may use cookies to collect information relating to Internet connection and how and when you consult the Service. To learn more about our use of cookies or similar technology, please see our Cookie Notice .

4.7 Marketing Information.

Your preferences regarding receiving marketing emails or other transmitted marketing tools, third party marketing tools and your communication preferences. You may also not click on links in Medfuture marketing emails. This information may be linked to your personal identity.

4.8 Health Information.

Your information relating to biometric tests carried out on the Platform or recorded on the Platform, including your biological markers, your blood and genetic samples as well as your results from these biometric tests.

4.9 Special Sensitive Information.

With the exception of Health Information, we do not normally process any Personal Information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, sex life and sexual orientation or details of criminal offences, however, if you provide it to us as part of the Service, we will treat it in accordance with this Notice.

5. Non-Personal Information and Third Party Links

Medfuture wishes to inform you of the following:

5.1 Non-Personal Information.

Certain information mentioned in section 4 does not constitute Personal Information when it does not allow you to be identified directly or in combination with other information. As a precaution, Medfuture may treat your information as if it were Personal Information, but reserves the right not to do so.

5.2 Personal Information of Third Parties.

If you provide us with Personal Information about any other natural person, you must ensure that they understand the use that will be made of their Personal Information and that they have given you authorization to communicate it to us and to allow our suppliers to use them. Therefore, you must obtain, before this information is communicated to us, the free and informed consent of each individual regarding the communication of their Personal Information and the subsequent use by Medfuture of this Personal Information, in accordance with this Notice, unless unless otherwise permitted by law.

5.3 Third Party Links.

The Service may contain links to third party websites, plug -ins and applications. Clicking on these links or authorizing these connections may allow third parties to collect or share Personal Information about you. We do not control these third party materials and we are not responsible for their opinions or policies relating to the protection of Personal Information. When you leave the Service to use these elements, we encourage you to read the privacy notices or policies that govern them.

5.4 Payment information (credit card).

When you make a payment through the Service, unless you contact us by telephone to make that payment, we do not process any Personal Information relating to your credit card. For any payments made through the Service, we contract with a vendor to process all payments made by credit card. When you are asked to provide your Personal Credit Card Information, a window opens external to our Service, which is not under our control, but under the control of that provider. We only receive a token which allows us to validate with this supplier that you have indeed made the payment required by the Service. If you contact us by telephone, your call may be recorded for purposes of monitoring customer service quality, resolving disputes and staff training or development. At the start of your call, your consent will be required to record the conversation. You can consent to the call being recorded or object to the recording. In the second scenario, you can complete the transaction online via our Website. Once the transaction is completed over the phone, no credit card information will be retained.

6. Purposes of collecting Personal Information

Generally, we collect your Personal Information for the purpose of providing access to the Service to inform you about our company, products and services. Medfuture will collect, use, disclose or otherwise process such information only to the extent required for those purposes. If we need to use, disclose or otherwise process your Personal Information for purposes other than those set out in this Notice, we will obtain your consent before using, disclosing or otherwise processing that information, except in the circumstances discussed in this Notice. Article 9 of the Opinion.

More specifically, we collect Personal Information, to the extent permitted by law, in order to:

Purposes of processing	Type of Personal Information
Make the Service accessible	· Technical information · Usage information
Analysis of your samples and other test data that you carry out via the Platform	· Health information
Thanks to our artificial intelligence, increase the personalization of the action plans that will be recommended to you to improve your biological age clock.	· Health information
Protect the rights and preserve the security of Medfuture as well as those of any third party	· Technical information
To ensure the security of our communications and other systems and to prevent and detect security threats, fraud and other criminal or malicious activity	· Technical information
Preventing the Leak of Personal Information	· Technical information
Make the Service more efficient for all users	· Depersonalized information
Communicate promotional or informative material requested by the Data Subject (via our newsletters) and from which the Data Subject can unsubscribe by clicking on the unsubscribe link or by following the unsubscribe instructions appearing in each email from our newsletters	· Identity and contact information
To inform you of changes to our Terms of Use , Conditions of Sale , Notice relating to the protection of personal information and Notice concerning cookies	· Identity and contact information · Marketing information

Medfuture will only send you newsletters if you have, in cases where required by law, chosen to receive them and you have the opportunity at any time to no longer receive this type of commercial electronic message.

Medfuture will not use your Personal Information for the purpose of making automated decisions about you.

Medfuture will not use Personal Information for purposes other than those for which it was collected, unless the Data Subject has consented, unless:

(a) legal, medical or security reasons do not allow consent to be obtained; Or

(b) Medfuture is authorized to do so or required to do so under applicable laws.

7. Circumstances of the collection of Personal Information

The circumstances in which Medfuture may collect Personal Information about you include the following:

7.1 Direct interactions.

You may provide us with your Personal Information such as that relating to your identity, contacts and billing when you:

a) create an account on the Platform or Application;

b) fill out a form, make a quote request, interact or browse the Service;

c) make an appointment online;

d) complete a purchase on the Website; And

e) communicate with us by telephone, email or other electronic means, or in writing, or when you provide us with other information directly, including in conversations held with any member of the Medfuture team as part of the use of the Service.

7.2 Automated Interactions or Technologies.

As you browse the Website, we automatically collect your Technical Information and Usage Information.

7.3 Receiving your test results.

Our service providers who perform certain tests for you that you have purchased via the Service will send us your results which we will display on your account in the Platform.

8. Collection of Personal Information from Third Parties

Except as provided in paragraph 7.3 above, for the purposes of the Service, Medfuture will only collect Personal Information about you from third parties after obtaining your consent or to the extent required by law. 'allowed.

Here are the types of suppliers from whom we collect Personal Information about you as well as the type of Personal Information thus collected. These services are not accessible to the public.

Supplier	Type of Personal Information
Medical laboratories	Health Information
Technology developers	Health Information
Biotech	Health Information
Fitness Center Chains	Health Information and Identity and Contact Information

9. Disclosure of your Personal Information

9.1 Recipients.

Medfuture may communicate your Personal Information:

a) to our affiliated entities in connection with our provision of services to you for the purpose of continuing health care;
b) to our service providers based in Canada whom we use expressly as part of the Service, who act as subcontractors, such as:

1) Medical laboratories;

2) Electronic medical records (EMR) providers;

3) Cloud services.

c) to our service providers located in the United States whom we use expressly in connection with the Service, who act as subcontractors:

1) Online payment platforms;

2) Online store services;

3) Medical Laboratories – Biotech;

4) Online database services;

5) Online data transfer services;

6) Technology developers.

(d) to courts, law enforcement authorities, regulators, officials or prosecutors or any other party where reasonably necessary in order to initiate, exercise or oppose a legal procedure, or as part of an alternative dispute resolution process;

e) in connection with a bankruptcy, merger, sale, or transfer of assets of Medfuture, acquisition or similar transaction. In the event of such a transaction in which your Personal Information is transferred to a third party, we will make reasonable efforts to notify you. For example, we will post notice of transfer of Personal Information on the Service and, if we have your email address, we will send notice of transfer of Personal Information to that address. In addition, we will require the third party receiving your Personal Information, in such a situation, to agree to protect the confidentiality of your Personal Information in a manner consistent with this Notice and to comply with Privacy Laws. private life. It must also undertake to process your Personal Information only in accordance with this Notice unless it notifies you in advance, and when required by law, by obtaining your prior consent. In the event that we process your Personal Information based on your consent, you will have the opportunity to withdraw your consent so that this third party cannot process it; And

f) if we believe in good faith that such action is appropriate or necessary to avoid a violation of our Terms of Use of the Service or Conditions of Sale or any other agreement to which you are a party; to protect us against a claim; to protect our rights, property, safety or those of a partner, person or the public; to maintain and ensure the security and integrity of the Service or our infrastructure against improper or illegal use.

9.2 Limited Authorization.

We require any third party with whom we do business and who has access to your Personal Information to respect the security of your Personal Information and treat it in accordance with the law. By contract, we only allow our service providers to process your Personal Information for specific purposes and according to our instructions.

9.3 Law Enforcement and Communication Under Law.

We may disclose your Personal Information if we believe in good faith that such action is required by a subpoena, warrant, or other judicial or administrative order issued in accordance with the law.

10. Collection, use, disclosure and storage outside Quebec and Canada

10.1 International Transfers.

Medfuture, its service providers and other third parties to whom Medfuture discloses or transfers Personal Information pursuant to the Notice may carry out activities outside of Quebec and Canada. Any Personal Information of a Data Subject used, stored or accessed in foreign countries or in provinces other than Quebec may be subject to the laws of these countries or other provinces (for example, when a service provider carries out activities in worldwide). Therefore, Personal Information may be disclosed following valid requests or requirements from governmental authorities, courts or law enforcement authorities of foreign provinces or countries.

10.2 Server Requirements.

We require that our service providers and any third parties to whom we disclose Personal Information process your Personal Information only in Canada, except for the following Personal Information which is processed in the United States by the following service providers:

a) Medical laboratories;

b) Biotech; And

c) Technology developers.

10.3 First location of treatment.

Some of our service providers are based outside of Quebec, Canada, the EEA and the United Kingdom (“UK”; collectively with the EEA, the “EEA-UK”) therefore their processing of your Personal Information will involve processing it outside of these jurisdictions. However, such processing does not constitute a transfer of your Personal Information within the meaning of the GDPR and the UK-EEA GDPR to this other location outside the UK-EEA since the first processing (collection) of your Information personal will have been carried out in Canada.

10.4 Security Measures.

In all cases of transfer of your Personal Information to a jurisdiction other than Quebec, we ensure that your Personal Information will be treated securely in accordance with this Notice and that a written contract is entered into with the third party to whom we transfer your Personal Information regarding its processing and the security of your Personal Information. These contracts can be obtained on request from the Medfuture RPRP whose contact details appear in subparagraph 3.1.2.

10.5 Other information on request.

For any questions regarding the collection, use, disclosure or storage of Personal Information outside of Quebec, please contact the Medfuture RPRP whose contact details appear in subparagraph 3.1.2.

11. Retention

11.1 How long do you keep my Personal Information?

Medfuture will only retain Personal Information for as long as reasonably necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, accounting and disclosure requirements and to assert or defend its rights.

To determine the appropriate length of time to retain your Personal Information, we consider the number, nature and sensitivity of the Personal Information, the level of potential risk and severity of unauthorized use or disclosure of your Personal Information and whether we can accomplish the purposes by other means, as well as applicable legal, regulatory, tax, accounting and other obligations.

Below you will find the precise retention periods for your Personal Information according to their category:

Type of Personal Information	The duration of the conversation
Identity and contact information	Generally, this information is kept until the Person concerned closes their account on the Platform.
Commercial information	Generally, this information is retained for a maximum of five years.
Marketing information	Generally, this information is kept for a maximum of five years or until you unsubscribe from the newsletter.
Usage or profile information	Generally, this information is retained for a maximum of five years.
Technical information	Generally, this information is retained for a maximum of five years.
Billing Information	Generally, this information is retained for a maximum of five years.
Sensitive economic and financial information	This information is deleted as soon as it is used for the purposes for which it was collected and, in any case, kept for five years.
Health Information	This information is deleted as soon as it is used for the purposes for which it was collected and, in any case, kept for five years, except those displayed in your account on the Platform, which will be kept until whether you delete them or delete your account.
Special Sensitive Information	Generally, this information is retained for a maximum of five years.

11.2 Right of deletion.

In certain situations you may request that we delete your Personal Information as provided in paragraph 15.1g). However, upon expiry of the applicable retention period, we will securely destroy your Personal Information in accordance with Privacy Laws.

11.3 Anonymization.

In certain circumstances, we will anonymize your Personal Information (so that it is no longer possible to associate it with you) to improve the Service as well as our artificial intelligence system, in which case we may use this anonymized Information indefinitely without you notify subsequently.

11.4 Other information on request.

For any questions regarding the retention of your Personal Information, please contact the Medfuture RPRP whose contact details appear in subparagraph 3.1.2.

12. Accuracy

Medfuture uses reasonable efforts to maintain the accuracy of your Personal Information and to ensure that it is complete and up to date. However, if you notice any inaccuracies in our records or if your Personal Information changes, please notify Medfuture immediately.

13. Protection of Personal Information

Medfuture is committed to protecting the confidentiality, integrity, availability and privacy of your Personal Information. Medfuture uses protective measures that are customary in the world of websites and web platforms and which are reasonable taking into account the sensitivity of Personal Information, including material, electronic and organizational security measures.

For example, Medfuture restricts access to its offices, trains its staff accordingly, limits access to Personal Information to its staff who need to know it, which is only disclosed on an ad hoc basis and as provided in this Notice. , uses passwords with double identification factors and implements well-defined internal policies and practices which provide in particular that Medfuture personnel can only process your Personal Information in accordance with these policies. All Medfuture staff have signed a confidentiality commitment which aims in particular at the confidentiality of your Personal Information.

Unfortunately, the transmission of information over the Internet is not completely secure. Although Medfuture will do everything possible to protect your Personal Information, Medfuture cannot guarantee that there will be no security breaches when transmitting information through the Service. Any transmission by a Data Subject is made at their own risk. Once we have received information from a Data Subject, we will apply our security measures to attempt to prevent unauthorized access, use and disclosure.

14. Openness, transparency

Medfuture is committed to being transparent about its policies and invites Data Subjects to contact the RPRP with any questions.

15. Your rights and how to exercise them

15.1 Your rights.

You have various rights regarding our use of your Personal Information:

a) Access : You have the right to request a copy of or access your Personal Information that we maintain. However, we may not disclose Personal Information about you where disclosure would reveal Personal Information about another person or would violate applicable laws.

b) Accuracy : We seek to ensure that your Personal Information is accurate, up-to-date and complete. We invite you to contact the RPRP using the contact information provided in subparagraph 3.1.2 to notify us if any of your Personal Information is not accurate or if changes have been made so that we can ensure that your Personal Information is maintained. up to date.

c) Processing : You may request information about the processing of your Personal Information. More specifically, you can ask what Personal Information has been collected, how it is processed, the categories of people who have access to this Personal Information within Medfuture, the applicable retention period, the contact details of the RPRP and the source of the Personal Information if the latter were collected from third parties.

d) Refusal : In certain circumstances, you also have the right to object to the processing of your Personal Information and to ask us to block, erase and limit access to your Personal Information.

e) Right to Restriction : You have the right to request that Medfuture limit the use of your Personal Information in certain circumstances.

f) Portability : In certain cases, you have the right to request that some of your Personal Information be provided to you, or another data controller, in a structured, commonly used and machine-readable technological format.

g) Deletion : You have the right to demand that your Personal Information be deleted when it is no longer required for the purposes for which it was collected or when, in particular, your Personal Information has been used illegally.

h) Complaints : If you believe that your rights to the protection of Personal Information or data may have been infringed, you have the right to file a complaint with the applicable Supervisory Authority or have recourse to the courts .

15.2 Exercising your rights.

You may, at any time, exercise any of the aforementioned rights by contacting the RPRP using the contact details provided in subparagraph 3.1.2.

15.2.1 Access to information

Data Subjects may inquire about their Personal Information that we process by contacting the RPRP using the contact details provided in subparagraph 3.1.2.

Medfuture will generally respond to all access requests within 30 days of receipt of any necessary information. Where Medfuture is unable to grant access, or if additional time is required to fulfill a request, Medfuture will notify the Data Subject in writing.

Medfuture may not disclose certain types of information to Data Subjects due to exceptions in applicable laws (for example, where Medfuture's records contain information about other Data Subjects, the information was generated under of a dispute resolution process, that the information was collected to investigate a breach of an agreement or a contravention of applicable laws or that the information is subject to legal privilege). To the extent possible, Medfuture will remove information that is not communicated and provide the Data Subject with access to other information. If Medfuture is unable to grant access to or disclose Personal Information to the Data Subject, Medfuture will provide an explanation, subject to restrictions, to the Data Subject.

Access to your Personal Information is free. In certain circumstances, particularly if the request is excessive or unfounded, Medfuture may require you to pay an administration fee for the purposes of transcribing, reproducing or transmitting your Personal Information; Medfuture may also charge for additional copies. Before responding to a request, Medfuture will inform the Data Subject if any fees are to be charged.

15.2.2 Right to withdraw consent

If you have given your consent and it is required for the collection, processing or transfer of your Personal Information, you have the right to withdraw this consent in whole or in part. To withdraw your consent, please click on the unsubscribe links in any newsletter email sent to you or contact the RPRP.

Once we have received your notice that you have withdrawn your consent, we will no longer use the information for the purposes for which you gave your consent, unless there is another legal basis for the processing.

16. Resolution of Concerns

16.1 Confidentiality.

To the extent possible, Medfuture will treat reports, fears or concerns, complaints or incidents of conduct that violates the Notice as confidential. However, disclosure may be required for investigative purposes to adequately address the issues raised and implement solutions, where appropriate.

16.2 Reporting a Privacy Incident or Attempted Violation.

Medfuture takes any potential or actual violation or attempted violation of confidentiality obligations seriously. Any Privacy Incident is taken seriously and communicated to Supervisory Authorities and appropriate persons in accordance with Privacy Laws. The RPRP will appeal to the appropriate higher authorities to help resolve the problem.

Data Subjects may report concerns regarding the collection, use, disclosure, retention or destruction of their Personal Information directly to Medfuture's RPRP using the contact details provided in subparagraph 3.1.2.

16.3 Interpretation.

Medfuture reserves the right to interpret the Notice in its sole discretion.

16.4 Other measures.

Although Medfuture is committed to resolving all privacy matters internally, nothing in the Notice prevents a Data Subject from communicating with the appropriate Supervisory Authority as provided in paragraph 3.2.

16.5 Prohibition of Retaliation.

Medfuture will not take retaliation against a Data Subject who, in good faith and based on reasonable grounds, raises questions or concerns regarding their privacy.

17. Roles and responsibilities

Medfuture is responsible for communicating the Notice and ensuring that its team members fully comply with all relevant aspects of the Notice and related guidelines.

18. Update and revision

18.1 Applicable version.

The Notice takes effect on the date mentioned at the very beginning of the Notice and supersedes all previous versions. The version history of this Notice can be obtained upon request from the RPRP. Medfuture's collection, use, disclosure and other processing of a Data Subject's Personal Information will be governed by the version of the Notice in effect at that time.