Privacy Policy

1. POLICY AMENDMENTS

We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent
version of the Policy will always be posted on the website. The updated date of the Policy will be reflected
in the “Last Modified” heading. Subject to applicable law, any amendments to the Policy will become
effective immediately, unless we notify you otherwise. If we materially change the way in which we
process your previously collected Personal Data, we will provide you with prior notice, or where legally
required, request your consent prior to implementing such changes. We strongly encourage you to
review this Policy periodically to ensure that you understand our most updated privacy practices.

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

Neurolief Ltd. is the Data Controller (as such term is defined under the GDPR or equivalent privacy
legislation) of your Personal Data collected from you as a user of our services.
You may contact us as follows:

By email: dpo@neurolief.com.
By Mail: 12 Giborei Israel, Netanya, 4250412, Israel.

Please note that in certain cases, End-User’s Personal Data is processed on behalf of the relevant Healthcare Provider, who acts as the legal controller of such data, while we merely act as a processor or service provider. In those cases, our processing is governed by the applicable agreement with the Healthcare Provider (including any DPA/BAA) and by the Healthcare Provider’s instructions, and this Privacy Policy applies only to the extent we act as a Controller or as otherwise required by applicable law. Any remainder of such End-Users’ Personal Data mentioned herein is for informational purposes only.
Where such a Healthcare Provider is deemed a covered entity under The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the processing of its End-User data is subject to such Healthcare Provider’s privacy practices notice, which its End-User is encouraged to read and be familiar with.
Where a product is obtained through Advanced Medical DME, LLC (“DME”), any End-User’s Personal Data processed in connection with the services is processed on behalf of DME and is subject to DME’s instructions and privacy practices notice, as made available by DME.

3. DATA SETS WE COLLECT AND FOR WHAT PURPOSE

Below you can find information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.

Non-Personal Data: During your interaction with the services, we may collect aggregated, non-personal, non-identifiable information (“Non-Personal Data “). We are not aware of the identity of the user from which the NonPersonal Data is collected. We collect Non-Personal Data regarding your use of the services, such as the scope, frequency, latency, pages accessed and viewed, time and date stamp, interactions with content and materials displayed through our services, language preference, and other technical information regarding the device used to access the services, for example type of device, type of browser, operating system, etc.
We may sometimes process and anonymize or aggregate Personal Data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified natural person. Non-Personal Data may be used by us without limitation and for any purpose
If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data.
Personal Data: We may also collect from you, directly or indirectly, during your access or interaction with the services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.
Please note that under applicable US Privacy Laws, Personal Data does not include information that
cannot be reasonably linked to you, directly or indirectly, such as de-identified or aggregated data, and
information governed by other state or federal laws, such as: Health or medical information covered by
HIPAA, Personal Data covered by certain sector-specific privacy laws, including the Fair Credit
Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and the Driver’s Privacy Protection Act of
1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy
Act of 1974, Securities Exchange Act of 1934, higher education data and employment data, etc.

The table below details the processing of Personal Data, the purpose, lawful basis, and processing
operations:

DATA SET	PURPOSE AND OPERATIONS	LAWFUL BASIS PER GDPR
DATA SET Contact and Customer Support Information: If you voluntarily contact us in order to receive our support, you may be required to provide us with certain Personal Data, such as your name, email address, organization, role, state, a description of yourself (e.g., “I am interested in becoming a Relivion MG user”) and any additional information you decide to share with us. Please note that the requested Personal Information may vary between our different websites.	PURPOSE AND OPERATIONS We will use this data to respond to your inquiry. The correspondence with you may be processed and stored by us to improve our internal operations, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us. We may retain and manage such information using external services and platfo	LAWFUL BASIS PER GDPR We process such Contact Information subject to our legitimate interest. If you are an End-User approaching us with respect to your usage of the services, or a Healthcare Provider, the data will be processed per the contract between us.
DATA SET Suitability Questionnaire: In order to enable your use of our products and services as an EndUser, you may be required to complete an initial suitability questionnaire (“Suitability Questionnaire”). As part of this process, we may collect certain health-related information provided by you, such as demographic and general data (e.g., age, gender, height and weight), information relating to your relevant medical condition and symptoms (e.g., frequency or characteristics of symptoms, current or prior treatments or medications), and other information related to your general health status and the reasons that led you to use our services, for the purpose of assessing whether the relevant product is suitable for your use. The scope and content of the Suitability Questionnaire may vary depending on the product.	PURPOSE AND OPERATIONS We use your answers to assess your suitability for using our products, as well as to provide you with personalized suggestions and additional marketing materials, per your consent. We will always do so in accordance with and to the extent permitted by applicable law.	LAWFUL BASIS PER GDPR We process such marketing-related data subject to our legitimate interest. However, any health-related data provided through the Suitability Questionnaire is provided per your consent. You can always withdraw your consent. Please note that processing activities completed prior to your withdrawal cannot be cancelled.
DATA SET Prescription Information: In relevant cases, in order to provide our products and services, we may collect and process prescription-related information, including patient identification details (such as name, date of birth and address), and other treatment-related information.	PURPOSE AND OPERATIONS We process such health-related information for the purpose of verifying and fulfilling prescriptions and for legal compliance. We will verify the prescription as well as keep it in our records.	LAWFUL BASIS PER GDPR Our lawful basis for processing such data is compliance with our legal obligation.
DATA SET Payment and Delivery Data: When you, as an End-User, order and make payment to receive our products you will be asked to submit delivery and payment information data such as your full name, address, credit card ***If you receive the services through a Healthcare Provider or through DME, payment details are collected by such third party and are subject to its privacy policy.number, etc.	PURPOSE AND OPERATIONS We will use the information to provide you with the products. We may use third parties’ payment processors and delivery vendors and any transactions that are processed by these third-party payment processors will be governed by their privacy policies and terms which we recommend that you review.	LAWFUL BASIS PER GDPR We process such data for the purpose of fulfilling our contract with you. Certain payment data is being retained by us as part of our legal obligations (e.g., bookkeeping).
DATA SET App User Account Basic Information: Any user of the products must have an account. End-Users: As part of your usage of our services as an End-User we may collect identification and contact details (such as name, email address, phone number, username and password), as well as demographic and general data (e.g., age, gender, height and weight), information relating to your relevant medical condition and symptoms (e.g., frequency or characteristics of symptoms, current or prior treatments or medications), and other information related to your general health status. Healthcare Providers: Healthcare Providers accessing the platform may be required to provide professional and contact information, and login credentials.	PURPOSE AND OPERATIONS We will process this information to verify your identity and grant you access to our products. As part of that we may use your email or phone number as part of a Multi-FactorAuthorization process. We may also use this information in order to provide you with account management, to provide the services as well as to send you needed information related to provide you with our services and which related to our business engagement (e.g., send you a welcome message, notify you regarding any updates to our services, send applicable invoices, etc.) and additional occasional communications and updates related to the services. Such messages may be delivered to you through email or SMS in accordance with applicable law. Further, we may send you promotional and marketing emails, to the extent we are allowed to do so under applicable law (“Direct Marketing” as detailed hereunder). We may also process your user’s account information by using “cookies” (see below). However note that we will never share any health-related data with any third party for any purpose other than providing our services.	LAWFUL BASIS PER GDPR We process such data under the contract between us – to allow you to access and use the App as part of your product. Any health-related data is per processed per the End-User’s consent. We may further analyze and process your login data for security purposes, upon our legitimate interests. In some cases, and where required under applicable law, using your data for promotional purposes will be subject to your consent. In such instances, you may always withdraw your consent at any time by contacting us or unsubscribe from any marketing list through the designated feature included in such message.
DATA SET Intake and Initial Training Data: As part of the intake, onboarding, setup and initial training processes associated with the Services and the Products, we may collect and process information provided by you or generated during such interactions. This may include contact and scheduling details, account identifiers, basic demographic information, device, App and Platform configuration data, technical identifiers, and records of communications with our support or onboarding teams (including call notes, tickets, or correspondence). Depending on the context and the information you choose to share, this may also include health-related information provided in the course of setup, guidance, or technical assistance.	PURPOSE AND OPERATIONS We use this information in order to: (i) complete intake and account setup processes; (ii) provide onboarding, configuration assistance, and initial training regarding the technical operation of the Products and Services; (iii) deliver technical support and troubleshooting; (iv) document and manage support and onboarding interactions; (v) improve our onboarding, support, and service operations; and (vi) comply with applicable safety, quality, and regulatory documentation requirements. Such information may be stored, analyzed, and managed using internal systems and third-party service providers (such as helpdesk, CRM, or support management platforms), in accordance with this Privacy Policy and applicable law.	LAWFUL BASIS PER GDPR We process Intake, Onboarding and Initial Training Information as necessary for the performance of our contract with you and for our legitimate interests in providing, maintaining, and improving the Services. To the extent that healthrelated data is processed in this context, such processing is based on your consent. You may withdraw your consent at any time; however, please note that withdrawal of consent may limit our ability to provide certain Services or supportrelated functionalities, and does not affect processing activities lawfully carried out prior to such withdrawal.
DATA SET Regulatory, Safety and Medical Event Reporting Data (Vigilance and Post-Market Surveillance): As part of our obligations as a medical device manufacturer, we may collect, process, and retain information relating to safety, regulatory, quality, and medical events associated with the Products and the Services. This may include reports or notifications concerning adverse events, serious incidents, suspected device malfunctions, safety complaints, technical issues with potential clinical impact, product deficiencies, usage deviations, and other information required for vigilance, post-market surveillance, quality management, and regulatory compliance purposes. Such information may be provided directly by End Users, Healthcare Providers, distributors, or other third parties, or generated through internal monitoring, investigations, or follow-up activities.	PURPOSE AND OPERATIONS We use this information to: (i) assess, document, investigate, and respond to adverse events, safety signals, and regulatory incidents; (ii) comply with applicable medical device laws and regulations, including reporting obligations to competent authorities, notified bodies, or regulatory agencies (such as FDA or EU authorities); (iii) maintain and improve the safety, performance, and quality of the Products and Services; (iv) conduct post-market surveillance, vigilance activities, and corrective or preventive actions; and (v) maintain legally required records and documentation. Such data may be shared, where required, with regulatory authorities, notified bodies, auditors, and other authorized parties, strictly for compliance and safety purposes and in accordance with applicable law.
DATA SET Product Usage Data: End Users: As part of your usage of our services as an End-User, we may retain, keep and manage information relating to your interaction with the products, including your usage patterns, products’ configurations and management data, your intended goals and progress as reflected through your use of the products, and any other information collected and processed as part of your use of any of our products, including the synchronization between our medical devices and accompanying mobile application. Healthcare Providers: If you access and use our platform as a Healthcare Provider, we may collect and process information relating to your use of the platform, including identification and contact details as well as professional or clinical site information.	PURPOSE AND OPERATIONS We will use this information in order to provide you with our services.	LAWFUL BASIS PER GDPR We process such data for the purpose of performing our contract with you.
DATA SET Health Related Data: As part of providing you as an End-User with our services we may collect and process certain Health-Related Data, including information relating to your symptoms or condition (e.g., intensity, duration or characteristics), background or contextual information relevant to your use (e.g., triggers or actions taken), treatment-related feedback (e.g., perceived effectiveness or responses), and responses to in-app assessments during use (including PHQ9 questionnaire), as well as any other information you choose to provide voluntarily. In addition, health-related and usage data is collected automatically through the products and accompanying applications. For example, in Relivion®, such data may include intensity, scalp impedance, modulation, posture or mobility during use. The scope and type of healthrelated data collected may vary depending on the product and the manner of use	PURPOSE AND OPERATIONS We process such information and analyze it to provide you with personalized insights and enhance your experience using our products. We never share Health Related Data with Third Parties for marketing purposes, unless we make sure through contractual arrangements that their usage of such data is limited in accordance with applicable law.	LAWFUL BASIS PER GDPR We collect and process such Health-Related Data to provide you with our services, per your consent provided during your registration process, including information derived from your use of our products. You may withdraw consent at any time, however, please note that processing activities completed prior to your withdrawal cannot be cancelled. We may also use healthrelated data in a deidentified and aggregated form for research, analytics, and product improvement.
DATA SET Health Related Data Processed on Behalf of our Healthcare Providers: We may collect, retain, analyze, and otherwise process health related Data relating to EndUsers who are using any of our products through Healthcare Providers.	PURPOSE AND OPERATIONS We process such data solely on behalf of the relevant Healthcare Provider and in accordance with their instructions.	LAWFUL BASIS PER GDPR Such data is processed by us in our capacity as a Data Processor, under the legal basis established by the relevant Healthcare Provider.
DATA SET Apple Health (HealthKit) Data and Google Health Connect: If an End-User chooses to enable integration with Apple Health (HealthKit) or Google Health Connect, we may collect and process certain health data via Apple’s or Google’s authorized APIs, as permitted by our EndUser.	PURPOSE AND OPERATIONS We use such data solely to enable synchronization between the products and Apple Health or Google Health Connect and to provide you with the related functionality as part of the services.	LAWFUL BASIS PER GDPR Processing is based on your consent, provided through your device settings, which may be withdrawn at any time.
DATA SET Direct Marketing: As a user, we will send you materials and marketing content through the email information you provided during your registration.	PURPOSE AND OPERATIONS We will use this information to keep you updated with offers and content such as updates, new capabilities and features, and to send you invoices and supporting documentation. Any marketing communications are sent only based on non-Apple Health (HealthKit) and non-Google Health Connect data. We will always do so in accordance with and to the extent permitted by applicable law.	LAWFUL BASIS PER GDPR We process such data subject to our legitimate interest. You can opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. However certain operational content, such as invoices, will still be sent.

Please note that the actual processing operation for each purpose of use and lawful basis detailed in
the table above may differ. Such processing operation usually includes a set of operations made by
automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.
The transfer of Personal Data to third-party countries, as further detailed in the Data Transfer Section
below, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity theft, and any other misuse of the services and to enforce the Terms, as well as to protect the security or integrity of our databases, services, and the website, and to take precautions against legal liability. Such processing is based on our legitimate interests.

4. HOW WE COLLECT YOUR INFORMATION

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

Automatically: we may use cookies (as elaborated in the section below) or similar tracking technologies (such as pixels, tags, agent, etc.) to gather some information automatically, or automatically through the use of our products.
Provided by you or about you voluntarily: we will collect information if and when you choose to
provide us with the information, such as when you use our product and services and when granting your
consent, e.g., for collection of health related data or enabling integrations such as Apple Health
(HealthKit) and Google Health Connect, etc.
Provided from third parties: where permitted under applicable law and subject to your consent for
cookie usage, we may enrich the Personal Data collected about you with data provided by third parties.

Provided by the Healthcare Provider – Please note that as explained above, we may collect and
gather certain information pertaining to the Healthcare Providers’ End-Users on such Healthcare
Providers’ behalf. Healthcare providers are solely responsible for ensuring the proper disclosures and
consent required for such third-party integrations.

5. COOKIES

When you access or use our services, we may use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is standard industrywide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.

Essential, Functionality, Operation & Security Cookies – These cookies are essential for enabling visitor movement around the website, for the website to function properly, and for security purposes (i.e., used to authenticate visitors, prevent fraudulent use, and protect visitor data from unauthorized parties). This category of cookies either cannot be disabled, or if disabled, certain features of the website may not work.
Analytic, Measurement & Performance Cookies – These cookies are used to collect information about how visitors use our website, in order to improve our website, content, and the way we offer them, as well as assess the performance of the content and marketing campaigns. These cookies enable us, for example, to assess the number of visitors who have viewed a certain page as well as their country of origin. It enables our website to remember information that changes the way it behaves or looks, such as your preferred language.
Preference, Targeting & Advertising Cookies – These cookies are used to advertise across the internet and to display relevant ads tailored to visitors based on the parts of the website they have visited (e.g., the cookie will indicate you have visited a certain webpage and will show you ads relating to that webpage).

You may find more information about the cookies we use as well as opt-out from cookies or change your preferences at any time by using the cookies setting tool available on the footer of our website.

Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies, and we are not responsible for their privacy practices.
Although we do not sell your personal information for profit, we do engage in targeted advertising on the website, this type of advertising activity may be considered a “sale” of Personal Data under certain US Privacy Laws and may also be referred to as “targeted advertising”. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them

For IBA opt out options on desktop and mobile websites, please visit:

Digital Advertising Alliance (US) https://www.aboutads.info/choices/
Digital Advertising Alliance (Canada) https://youradchoices.ca/en/tools
Digital Advertising Alliance (EU) https://www.youronlinechoices.com/
Network Advertising Initiative https://optout.networkadvertising.org/?c=1

We also honor browser-based opt-out signals, such as the Global Privacy Control (GPC) and Universal Opt-Out Mechanisms (UOOM), by automatically disabling non-essential cookies when such signals are detected.

6. DATA SHARING

We share your data with third parties, including our partners or service providers that help us operate and make the most of the website. You can find here information about the categories of such thirdparty recipients.

Provided by the Healthcare Provider – Please note that as explained above, we may collect and
gather certain information pertaining to the Healthcare Providers’ End-Users on such Healthcare
Providers’ behalf. Healthcare providers are solely responsible for ensuring the proper disclosures and
consent required for such third-party integrations.

Categories of Recipients	Additional Information
Categories of Recipients Our Affiliated Companies	Additional Information We may share Personal Data with our affiliated companies and subsidiaries in order to provide joint services, for example, marketing, improving our services, etc.
Categories of Recipients Our Service Providers	Additional Information We share your Personal Data with our trusted service providers and business partners that perform business operations for us on our behalf (as data processors) and pursuant to our instructions. This includes the following categories of service providers: AI/ML systems, who help us improve our services; Advertising and marketing service providers, who help us with advertising measurements, email marketing, etc.; Data storage providers, with whom we entrust the hosting and storage of our data; Consent Manager (CMP), an external service that provides us with the ability to allow website visitors to control and manage their cookies preferences and consent; General IT and SaaS providers – providing us with IT systems for the management of our daily conduct; Data analytics and data management providers, who help us improve, personalize and enhance our operation. Data security partners, who help us detect and prevent potentially illegal acts, violations of our policies, fraud and/or data security breaches and ensure compliance with legal obligations.
Categories of Recipients Legal and Law Enforcement	Additional Information We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other visitor to legal liability, and solely to the extent necessary to comply with such purpose. We may further share data with relevant authorities as required per our Regulatory, Safety and Medical Event Reporting obligations.
Categories of Recipients Corporate Transactions	Additional Information In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale) we will share the Personal Data we store with our acquiring company. In any such case, we will oblige the acquiring company to assume the rights and obligations as described in our Privacy Policy.
Categories of Recipients Healthcare Providers	Additional Information Provided you are an End-User using our services under a Healthcare Provider, we may share your information with such Healthcare Provider, as the Data Controller of such data. Such sharing is not deemed as a transfer of data made on our behalf but simply as providing your relevant Healthcare Provider with the data they legally own, according to their instructions. Any further use of such data is upon the relevant Healthcare Provider’s exclusive responsibility.
Categories of Recipients Apple Health (HealthKit) or Google Health Connect	Additional Information We may share certain health data with Apple or Google, via Apple Health (HealthKit) or Google Health Connect, only if you choose to enable such integration and solely for the purpose of synchronizing data with your Apple Health or Google Health Connect account. Apple and Google both act as Data Controllers with respect to such data, and any sharing is subject to your explicit consent and Apple’s or Google’s applicable privacy policies. Such data is not used for advertising purposes and is not sold or shared with third-party advertising platforms, data brokers or information resellers.

When we share information with service providers, we ensure they only have access to such information that is strictly necessary for us to operate the services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (however, such service providers may use certain data for their own benefit subject to separate terms agreed upon with you or per your consent, as well as in the case of using merely Non-Personal Data). Please note that in case you act as an End-User under a Healthcare Provider, all your product’s information will be available and transparent to your Healthcare Provider, as the Data Controller of the data.

7. DATA RETENTION

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out, where applicable.
The circumstances in which we will retain your Personal Information include: (i) where we are required to do so in accordance with legal requirements, or (ii) for us to have an accurate record of your interaction with us in the event of any inquiries or contact requests, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obliged to retain your data for a particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.
Further, retention periods of Healthcare Providers, Apple Health (HealthKit) or Google Health Connect data are set by the relevant Healthcare Provider, Apple or Google as the Data Controller of such data, per its business needs, legal obligations and other considerations upon their sole discretion.

8. SECURITY MEASURES

We take great care in implementing physical, technical, and administrative security measures for the website and services, that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost.
If you feel that your privacy was not dealt with properly or was dealt with in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, please contact us at our email.

9. NTERNATIONAL DATA TRANSFER:

Due to our global business operation, we may store or process your Personal Data in several territories, including, for example in Israel, the UK, EU, US or in other countries (whether directly or indirectly through the use of our vendors). Thus, your Personal Data may be transferred to and processed in countries other than the country from which you accessed our websites or otherwise the country of your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer in accordance with applicable law.
Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.
In addition, some of the third parties used for cookies management on our website may store and process data globally, including in the US (e.g., Google Analytics servers). When granting consent for such cookies, you hereby acknowledge and approve such cross-border transfer, in accordance with such third party’s privacy practices.

10. YOUR RIGHTS

Data protection and privacy laws may grant you certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the processing of your Personal Data; (v) exercise your right of data portability; (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw your consent (to the extent applicable).
If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) available HERE and send it to our email at: dpo@neurolief.com.
When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. For more information, please refer to our DSR form.
You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.
Any inquiry about exercising your rights as an End-User acting under a Healthcare Provider should be referred to the relevant Healthcare Provider acting as the Data Controller of such data.
Additionally, in accordance with applicable US Privacy Laws, if we decline to take action on your request, we will inform you within 45 days (Colorado residents) or 60 days (all other U.S. jurisdictions) of receipt. Our response will include a justification for the decision and an explanation about your right to lodge an appeal. If you wish to do so, please send your appeal request with a summary of the request and decision you want to appeal to: dpo@neurolief.com. We will respond to appeals within 45 days (one 15‑day extension possible where reasonably necessary).
If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

Colorado Attorney General: https://coag.gov/file-complaint
Connecticut Attorney General: https://www.dir.ct.gov/ag/complaint
Virginia Attorney General: https://www.oag.state.va.us/consumercomplaintform
Utah Attorney General: https://www.attorneygeneral.utah.gov/contact/complaint-form/
Texas Attorney General: https://www.texasattorneygeneral.gov/consumer-protection/file-consumercomplaint
Oregon Attorney General: https://www.doj.state.or.us/consumer-protection/contact-us/
Montana Attorney General: https://dojmt.gov/consumer/consumer-complaints/
Nebraska Attorney General: https://ago.nebraska.gov/constituent-complaint-form
New Jersey Attorney General: https://www.njoag.gov/contact/file-a-complaint/
New Hampshire Attorney General: https://onlineforms.nh.gov/app/…
Delaware Attorney General: https://attorneygeneral.delaware.gov/fraud/cmu/complaint/
Iowa Attorney General: https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumercomplaint
Tennessee: https://www.tn.gov/attorneygeneral/consumer-affairs.html/

11. THIRD PARTY WEBSITES

Our Privacy Policy only addresses the use and disclosure of Personal Data we collect from you. To the extent that you disclose your Personal Data to other parties via the website (e.g., by clicking on a link to any other website or location), different rules may apply to their use or disclosure of the Personal Data you disclose to them, and this Privacy Policy does not apply to any such third-party products and services. You agree that we shall have no liability whatsoever with respect to such third-party sites and your usage of them.

12. ELIGIBILITY AND CHILDREN PRIVACY

Our services are not directed nor intended for use by children, and we do not knowingly process, sell or share children’s information. We will discard any information that we receive from a user who is considered a “child” immediately upon our discovery that such a user shared information with us. Please contact us at: dpo@neurolief.com if you have reason to believe that a child has shared any information with us.

If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at dpo@neurolief.com.

Last Modified: April 2026