Data Protection Policy

Lifetime Analytics, LLC

Last Updated February 17, 2023

This document represents the data protection principles which govern the practices of Lifetime Analytics, LLC and any apps or other software services provided by Lifetime Analytics, LLC.

Data Protection Principles

All data collected or processed by the Company shall be collected in a manner consistent with all applicable laws.

All personal data shall be collected in a transparent manner.

All personal data shall be collected and archived strictly as necessary for the fulfillment of legitimate business purposes.

Adequate, relevant and generally accepted safeguards shall be maintained by the Company.

All access to personal data shall be limited by the Company on a need-to-know basis with sufficient safeguards put in place.

All personal data shall be processed in a manner that assures against accidental loss, destruction or damage, using appropriate technical measures.

General Principles

This policy applies to all personal data collected or processed by the Company.

The Data Protection Officer shall be the responsible person for maintaining the Company’s compliance with this policy.

This policy shall be reviewed at least annually.

Commitment to Data Minimization

The Company shall maintain its commitment to only collecting data that it needs for fulfillment of transactions and the provision of services as requested of the Company.

Review of Data Protection and Processing Procedures

Company shall review its data protection and processing procedures at least annually and more often as may be required by changes in the law.

Individuals may have a right to access their personal data, and any such request shall be handled in a timely manner.

Accuracy

The Company shall take reasonable steps to ensure that personal data is accurate. As may be permitted by law, but only if permitted by law, Company may take steps to ensure any personal data that is retained is kept up to date

Archiving and Removal

To ensure that personal data is not kept longer than necessary, the Company shall maintain its archiving policy for each type of personal data that is collected and the archiving policy shall be reviewed annually.

Security

The Company will keep all personal data stored securely using up-to-date software and commercially reasonable practices for data security.

The Company will limit access to personal data on a need-to-know basis and assure that appropriate confidentiality and other agreements as may be necessary are put in place to prevent the unauthorized sharing of information.

When personal data is deleted, it shall be done in a manner that assures that the data is irrecoverable.

The Company shall maintain appropriate back-up and disaster recovery plans.

Breach

In the event of a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or, or access to personal data, the Company shall promptly assess the risk to people’s rights and freedoms and report any such incident to the Data Protection Officer.