DATA PROCESSING AGREEMENT

DATA PROCESSING AGREEMENT

This Data Processing Agreement (“Agreement“), forms part of the SAAS SERVICES ORDER AGREEMENT, (hereinafter referred to as the “Principal Agreement“) between Fairtility Ltd. (hereinafter referred to as “Fairtility“) and the customer acting on its own behalf the legal entity that has entered into the Principal Agreement with Fairtility for the provision of Fairtility’s Services (hereinafter referred as the “Customer“) acting on its own behalf.

The terms used in this Agreement shall have the meanings set forth in this Agreement. Capitalized terms not otherwise defined herein, as well as the terms “data subject”, “processing”, “controller” and “processor” shall take the meaning ascribed to them by GDPR. The terms of this Agreement will apply only to the extent that they are required under Data Protection Laws. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

1.      Definitions

In this Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

“Sub-processor” means any data processor (including any third party) appointed by Fairtility from time to time to process Customer Personal Data on behalf of the Customer.

“Data Protection Laws” means EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“EU GDPR”), the EU GDPR as incorporated into United Kingdom domestic law pursuant to Section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”) (together the “GDPR”), the Swiss Federal Act on Data Protection of June 19, 1992, as revised from time to time (“FADP”), as well as other data protection laws applicable to Fairtility in the processing of Customer Personal Data under this Agreement.

“Erasure” means the removal or destruction of Personal Data such that it cannot be recovered or reconstructed.

 

“EEA” means the European Economic Area.

“Third Country means any country outside the EEA, the United Kingdom or Switzerland except where that country is the subject of a valid adequacy decision by the European Commission on the protection of Personal Data in Third Countries or by the relevant data protection authorities of the United Kingdom or Switzerland, as applicable.

“Personal Data” means any information relating to an identified or identifiable natural person); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“De-identified Data” means pseudonymized patient data that has undergone the de-identification process outlined in Annex 3 of this Agreement.

“Customer Personal Data” means Personal Data provided by or on behalf of the Customer, and which is processed by Fairtility as a data processor on behalf of the Customer.

“Fairtility Personal Data” means Personal Data that is collected, stored, or processed by Fairtility, in its capacity as a data controller for its own purposes.

“Personal Data Breach” means a breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Personal Data transmitted, stored or otherwise processed.

“Services” means the services to be supplied by Fairtility to the Customer pursuant to the Principal Agreement.

 

 

 

2.      Roles of the Parties

Fairtility as Processor:

In the course of providing the Services to the Customer pursuant to the Principal Agreement, Fairtility shall process Customer Personal Data on behalf of the Customer as per the terms of this Agreement. The Parties hereby acknowledge and agree that, in relation to the processing of Customer Personal Data, the Customer shall be deemed the data controller, and Fairtility shall be deemed the data processor.

Fairtility as Controller:

The Parties acknowledge and agree that Fairtility may process the following data as an independent data controller:

  1. Personal Data of the Customer’s authorized representatives, processed exclusively for administration and management of the business relationship with the Customer.
  2. Processing of De-identified Data for Fairtility’s legitimate business purposes, which may include among others product development (e.g., data annotation for machine learning and artificial intelligence model training), research and regulatory submissions.

For the sake of convenience, the above data shall be referred to as “Fairtility Data“.

In relation to the processing of Fairtility Data, Fairtility shall comply with its obligations as a Data Controller under Data Protection Laws. This includes, but is not limited to, ensuring the lawful basis for processing and implementing appropriate technical and organizational measures.

 

3.      Customer Obligations

The Customer represents and warrants that:

  1. It has obtained all necessary consents, permissions, authorizations, or other valid legal bases under Data Protection Laws to allow for the lawful collection, processing, and transfer of Personal Data to Fairtility (or any sub-processors) in accordance with this Agreement and the Principal Agreement.
  2. All transfers of Personal Data to Fairtility, including cross-border transfers, are permitted under Data Protection Laws.
  3. It has provided the relevant data subjects with all required notices and information regarding the processing of Customer Personal Data by Fairtility as outlined in this Agreement in accordance with Data Protection Laws.

4.      Customer’s Processing Instructions

Customer hereby instructs Fairtility to process Customer Personal Data for the purpose of providing the Services as described in the Principal Agreement. Fairtility shall process Customer Personal Data only pursuant to Customer’s lawful documented instructions, including the Principal Agreement and other instructions communicated in writing directly to Fairtility and in accordance with the Description of Processing, attached hereto as Annex 3.

Fairtility may also process Customer Personal Data where required by applicable laws to which Fairtility is subject, in which case Fairtility shall inform Customer of that legal requirement before the relevant processing of that Personal Data, unless prohibited from doing so by law.

5.      Reliability and Non–Disclosure

Fairtility shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the Customer personal data, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Customer Personal Data.

Fairtility must ensure that all individuals which have a duty to process Customer Personal Data:

  • Are informed of the confidential nature of the Customer Personal Data and are aware of Fairtility’s obligations under this Agreement and the Principal Agreement in relation to the Customer Personal Data;
  • Have undertaken appropriate training in relation to the Data Protection Laws;
  • Are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and
  • Are subject to user authentication and login processes when accessing the Customer Personal Data in accordance with this Agreement, the Principal Agreement and Data Protection Laws.

 

6.      Personal Data Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing Customer Personal Data as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Fairtility shall implement appropriate technical and organizational measures (as set out in Annex 1) to ensure a level of security appropriate to the risk, including but not limited to:

·        Pseudonymization and encryption;

·        The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

·        The ability to restore the availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident; and

·        A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In assessing the appropriate level of security, Fairtility shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data transmitted, stored or otherwise processed.

7.      Sub-Processing

As of the Principal Agreement Effective Date, the Customer hereby grants general written authorisation to Fairtility to engage those Sub-processors set out in Annex 2 (Authorised Sub-processors). Fairtility shall not engage any Sub-processors to process Customer Personal Data other than with prior notice to Customer, including information regarding any new envisioned cross-border data transfer to a Third Country.  If, within thirty (30) days of receipt of that notice, Customer notifies Fairtility in writing of any objections (on reasonable grounds) to the engagement of such Sub-processor, then the Parties will make a good faith effort to resolve Customer’s objection. In the absence of a resolution, Fairtility will at its sole discretion, either not appoint the new Sub-processor, or permit Customer to suspend or terminate the affected service in accordance with the termination provisions in the Principal Agreement without liability to either party (but without prejudice to any fees incurred by Customer prior to suspension or termination).

With respect to each Sub-processor, Fairtility shall:

·        Provide the Customer with full details of the processing to be undertaken by each Sub-processor.

·        Carry out adequate due diligence on each Sub-processor to ensure that it can provide an adequate level of protection for Customer Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that its processing will meet the requirements of this Agreement.

·        Include terms in the contract between Fairtility and each Sub-processor which are substantially similar to those set out in this Agreement.

·        If the contract with the Sub-processor involves the transfer of Customer Personal Data outside of the EEA, the United Kingdom or Switzerland to Third Countries, ensure that such transfer complies with the requirements for international data transfers under applicable Data Protection Laws.

·        Remain fully liable to the Customer for any failure by each Sub-processor to fulfil its obligations in relation to the processing of any Customer Personal Data.

 

8.      Data Subject Rights

Fairtility shall promptly notify the Customer if it receives a request from a data subject, the supervisory authority and/or other competent authority under any applicable Data Protection Laws with respect to Customer Personal Data.

Fairtility shall cooperate as reasonably requested by the Customer to enable the Customer to comply with any exercise of rights by a data subject under applicable Data Protection Laws with respect to Customer Personal Data and comply with any assessment, enquiry, notice or investigation under any Data Protection Laws with respect to Customer Personal Data or this Agreement, which shall include:

·        The provision of available data requested by the Customer within any reasonable timescale specified by the Customer in each case, including full details and copies of the complaint, communication or request and any Customer’s Personal Data it holds in relation to a data subject.

·        Where applicable, providing such assistance as is reasonably requested by the Customer to enable the Customer to comply with the relevant request within the timescales prescribed by the Data Protection Laws.

·        Implementing any additional measures as may be reasonably required by the Customer to allow the Customer to respond effectively to relevant complaints, communications or requests.

 

9.      Personal Data Breach

Fairtility shall notify the Customer without undue delay and, in any case, within forty-eight (48) hours upon becoming aware of a Personal Data Breach that has affected Customer Personal Data. Fairtility will provide the Customer with sufficient information to allow the Customer to meet any obligations to report a Personal Data Breach under the Data Protection Laws.  Such notification shall as a minimum:

·        Describe the nature of the Personal Data Breach, the categories and numbers of data subject affected, and the categories and numbers of Personal Data records concerned;

·        Communicate the name and contact details of Fairtility’s Data Protection Officer, Privacy Officer or other relevant contact from whom more information may be obtained;

·        Describe the estimated risk and the likely consequences of the Personal Data Breach; and

·        Describe the measures taken or proposed to be taken to address the Personal Data Breach.

Fairtility shall co-operate with the Customer and take such reasonable steps as are directed by the Customer to assist in the investigation, mitigation and remediation of each Personal Data Breach. In the event of a Personal Data Breach, Fairtility shall not inform any third party without first obtaining the Customer’s prior written consent, unless notification is required by EU or Member State law to which Fairtility is subject, in which case Fairtility shall, to the extent permitted by such law, inform the Customer of that legal requirement and provide a copy of the proposed notification.

 

10.   Data Protection Impact Assessment and Prior Consultation

Fairtility shall provide reasonable assistance to the Customer with any data protection impact assessments which are required under GDPR and with any prior consultations to any supervisory authority of the Customer. In each case due consideration must be given to the nature of the data processed on behalf of the Customer.

 

11.     Erasure or Return of Customer Personal Data

Upon request from Customer and/or upon expiration or termination of the Principal Agreement, within ninety (90) calendar days of receipt of the request or expiration or termination of the Principal Agreement, Fairtility will securely destroy or, if directed in writing by Customer, return and not retain, all or any Customer Personal Data in its possession or control. Fairtility may temporarily retain one copy made for backup purposes in the ordinary course of business, provided that such an archive copy will be subject to the ongoing obligations contained herein and shall be destroyed upon the normal expiration of backup files in accordance with Fairtility’s backup procedures. Fairtility shall provide any such returned Customer Personal Data in the format and media reasonably specified by Customer, together with information sufficient for Customer to interpret such information. Upon request, Fairtility will certify in writing that it has destroyed the Customer Personal Data.

If any law, regulation, or government or regulatory authority requires Fairtility to retain any Customer Personal Data that Fairtility would otherwise be required to return or destroy, Fairtility will notify Customer in writing of such retention requirement, to the extent legally permitted. In such an event, Fairtility shall retain such data in compliance with all applicable Data Protection Laws.

Notwithstanding the foregoing, Fairtility may retain and use anonymized data derived from Customer Personal Data for as long as it is necessary for Fairtility’s internal legitimate business purposes , provided that: (i) Fairtility ensures that such data does not in any way identify and cannot be reasonably associated with a particular individual; (ii) Fairtility implements appropriate technical and organizational measures to safeguard the anonymization process and prevent any potential re-identification; and, (iii) Fairtility maintains and uses such data without attempting to re-identify it.

 

12.    Audit rights

Fairtility shall make available to the Customer, upon request, all information necessary to demonstrate compliance with this Agreement and allow for, and contribute to audits, including inspections by the Customer or another auditor mandated by the Customer of any premises where the Processing of Customer Personal Data takes place.  Fairtility shall permit the Customer or another auditor mandated by the Customer to inspect and audit in order that the Customer may satisfy itself that the provisions of this Agreement are being complied with.  Fairtility shall provide cooperation to the Customer with respect to any such audit. Audits will take place during normal business hours and will not unreasonably interfere with or damage Fairtility’s business activities and information and network systems. Any audit performed by Customer or another auditor mandated by the Customer shall be subject to Fairtility’s confidentially obligations and shall not be more frequent than annually, unless a Personal Data Breach occurs or there is a reasonably suspected breach of data protection laws or this Agreement by Fairtility. Customer shall bear the costs and expenses of audits, unless they are conducted as a result of a Personal Data Breach. Fairtility shall immediately inform the Customer if, in its opinion, an instruction pursuant to this section Audit (Audit Rights) infringes Data Protection Laws.

 

13.    International Transfers of Personal Data

Customer acknowledges that Fairtility is located in Israel, a country that has been deemed adequate by the EU Commission and by the United Kingdom’s Adequacy Regulations. All transfers of Personal Data from the EEA, Switzerland or the United Kingdom to Fairtility are made pursuant to such adequacy rulings. Fairtility may allow its teams located in various locations, such as the United States and India to access Personal Data for support and development purposes. While such access does not involve a transfer to a separate legal entity, Fairtility will ensure that appropriate safeguards are in place to protect the Personal Data in accordance with applicable Data Protection Laws, including implementing technical and organizational measures to maintain security and confidentiality.
To the extent that Fairtility’s use of Sub-processors involves a cross-border transfer of Personal Data to a Third Country (“Restricted Transfer”), Fairtility will ensure that such Restricted Transfer complies with applicable Data Protection Laws relating to the Restricted Transfer including, but not limited to, subscribing to a transfer mechanism permitted under Data Protection Laws such as the Standard Contractual Clauses.
For international transfers involving Personal Data governed by other Data Protection Laws, Fairtility will ensure that such transfers provide a comparable level of protection to Personal Data as required by such laws. This includes implementing adequate safeguards and measures to maintain the confidentiality, security, and integrity of Personal Data during and after the transfer.

14.    General Terms

Subject to this section, the Parties agree that this Agreement shall terminate automatically upon termination of the Principal Agreement or expiry or termination of all service contracts entered into by Fairtility with the Customer, pursuant to the Principal Agreement, whichever is later.

Any obligation imposed on Fairtility under this Agreement in relation to the Processing of Personal Data shall survive any termination or expiration of this Agreement.

This Agreement shall be governed by the governing law of Israel.

With regard to the subject matter of this Agreement, in the event of inconsistencies between the provisions of this Agreement and any other agreements between the Parties, including but not limited to the Principal Agreement, the provisions of this Agreement shall prevail with regard to the Personal Data shared between the Parties.

Should any provision of this Agreement be invalid or unenforceable, then the remainder of this Agreement shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

This Agreement forms an integral part of the Principal Agreement between the Parties and is effective and binding upon execution of the Principal Agreement. Signature of this Agreement is not mandatory for its validity.

ANNEX 1:  ORGANISATIONAL AND TECHNICAL MEASURES

 

 

  1. Organizational security measures

Security Management

  1. Security policy and procedures: Fairtility to document a security policy with regard to the processing of personal data.
  2. Roles and responsibilities:
    1. Roles and responsibilities related to the processing of personal data to be clearly defined and allocated in accordance with the security policy.
    2. During internal re-organizations or terminations and change of employment, revocation of rights and responsibilities with respective hand-over procedures is clearly defined.
  3. Access Control Policy: Specific access control rights are allocated to each role involved in the processing of personal data, following the need-to-know principle.
  4. Resource/asset management: Fairtility has a register of the IT resources used for the processing of personal data (hardware, software, and network). A specific person is assigned the task of maintaining and updating the register (e.g. IT officer).
  5. Change management: Fairtility makes sure that all changes to the IT system are registered and monitored by a specific person (e.g. IT or security officer). Regular monitoring of this process takes place.

Incident response and business continuity

  1. Incidents handling / Personal Data breaches:
    1. An incident response plan with detailed procedures is defined to ensure effective and orderly response to incidents pertaining personal data.
    2. Fairtility will report without undue delay to Customer any security incident that has resulted in a loss, misuse or unauthorized acquisition of any personal data.
  2. Business continuity: Fairtility establishes the main procedures and controls to be followed in order to ensure the required level of continuity and availability of the IT system processing personal data (in the event of an incident/personal data breach).

 

Human resources

  1. Confidentiality of personnel: Fairtility ensures that all employees understand their responsibilities and obligations related to the processing of personal data. Roles and responsibilities are clearly communicated during the pre-employment and/or induction process.
  2. Training: Fairtility ensures that all employees are adequately informed about the security controls of the IT system that relate to their everyday work. Employees involved in the processing of personal data are also properly informed about relevant data protection requirements and legal obligations through regular awareness campaigns.
  3. Technical security measures


Access control and authentication

  1. An access control system applicable to all users accessing the IT system is implemented. The system allows creating, approving, reviewing and deleting user accounts.
  2. The use of common user accounts is avoided. In cases where this is necessary, it is ensured that all users of the common account have the same roles and responsibilities.
  3. When granting access or assigning user roles, the “need-to-know principle” shall be observed in order to limit the number of users having access to personal data only to those who require it for achieving Fairtility’s processing purposes.
  4. Where authentication mechanisms are based on passwords, Fairtility requires the password to be at least eight characters long and conform to very strong password control parameters including length, character complexity, and non-repeatability.
  5. The authentication credentials (such as user ID and password) shall never be transmitted unprotected over the network.

Logging and monitoring: Log files are activated for each system/application used for the processing of personal data. They include all types of access to data (view, modification, deletion).

Security of data at rest

  1. Server/Database security
    1. Database and applications servers are configured to run using a separate account, with minimum OS privileges to function correctly.
    2. Database and applications servers only process the personal data that are actually needed to process in order to achieve its processing purposes.
  2. Workstation security:
    1. Users are not able to deactivate or bypass security settings.
    2. Anti-virus applications and detection signatures is configured on a regular basis.
  • Users don’t have privileges to install or deactivate unauthorized software applications.
  1. The system has session time-outs when the user has not been active for a certain time period.
  2. Critical security updates released by the operating system developer is installed regularly.

Network/Communication security:

  1. Whenever access is performed through the Internet, communication is encrypted through cryptographic protocols.
  2. Traffic to and from the IT system is monitored and controlled through Firewalls and Intrusion Detection Systems.

Data Back-ups:

  1. Backup and data restore procedures are defined, documented and clearly linked to roles and responsibilities.
  2. Backups are given an appropriate level of physical and environmental protection consistent with the standards applied on the originating data.
  3. Execution of backups is monitored to ensure completeness.

Mobile/Portable devices:

  1. Mobile and portable device management procedures are defined and documented establishing clear rules for their proper use.
  2. Mobile devices that are allowed to access the information system is pre-registered and pre-authorized.

Application lifecycle security: During the development lifecycle, best practice, state of the art and well acknowledged secure development practices or standards is followed.

Data deletion/disposal:

  1. Software-based overwriting will be performed on media prior to their disposal. In cases where this is not possible (CD’s, DVD’s, etc.) physical destruction will be performed.
  2. Shredding of paper and portable media used to store personal data is carried out.

Physical security: The physical perimeter of the IT system infrastructure is not accessible by non-authorized personnel. Appropriate technical measures (e.g. intrusion detection system, chip-card operated turnstile, single-person security entry system, locking system) or organizational measures (e.g., security guard) shall be set in place to protect security areas and their access points against entry by unauthorized persons.

 

ANNEX 2: AUTHORISED TRANSFERS OF CUSTOMER PERSONAL DATA TO SUB-PROCESSORS

No. Authorized Sub-processor Processing activity Personal Data Processed Location of Sub-processor
1 Atlassian Task Management Pseudonymized Patient Data EU
2 Google Cloud storage (GCP) Pseudonymized Patient Data, Platform User Data EU/US (per customer’s location)
3 MongoDB (Atlas) Cloud storage Patient Data, Clinic Staff KPI Data EU/US (per customer’s location)
4 V7 Labs AI machine learning Pseudonymized Patient Data EU
5 Zendesk Support Pseudonymized Patient Data, Platform User Data EU

ANNEX 3: DETAILS OF THE DATA PROCESSING

 

2. Patients: Fertility treatment patients at the Customer’s clinic who are the subject of data processing.3. Clinic Staff: IVF clinic staff at the Customer’s clinic (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature).
1.      Account Data: Usernames, business email address.2.      Technical and Usage Data: Logs of user activities on Fairtility’s platform, including access logs, IP addresses, and device and browser information.3.      Support and Communication Logs: Information from interactions with customer support such as support tickets.PseudonymizedPatient Data:1.      Embryo and Oocyte Images and Videos2.      Patient Metadata and Related Clinical Information: Collected automatically through the clinics’ Time Lapse Incubator (TLI) devices or provided by the Customer, including but not limited to:·        Fertility Treatment Clinical Data: clinic name/ID, country, TLI (device) ID, slide ID, patient ID, well ID, image/video ID, treatment ID, cycle ID, other IDs used by the clinic, date of treatment, date of fertilization, date of oocyte retrieval, date of transfer.·        age of the patient (by month and year), age of the oocyte, age of the ovum donor (by month and year), where applicable.·        Insemination and Embryo Details.·        Clinical and Diagnostic Data: pseudonymous clinical information, medical results and demographics as provided by the Customer.3.      Embryo and Oocyte AI Insights: data produced through Fairtility’s Services, including, but not limited to, AI-based predictions and insights, embryo and oocyte ranks, scores, and status.4.      Additional Pseudonymized Patient Data: Any other pseudonymized patient data provided by Customer, as required for the Services.Optional Data:1.      Patient Direct Identifiers: For clarification, the processing of any/all of the following data optional, and is not enabled unless actively requested by the Customer:a.      Name: First and last name, stored by default only in abbreviated form (first name and first letter of last name), or stored in full form per Customer’s active request;b.      E-mail address.2.      Clinic Staff KPI Data: (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature)a.      Name and role;b.      Clinic Activity Logs: logs of clinic activity, such as date, time and activity details (e.g. “embryologist performing insemination”);c.      Performance Insights: Analytical insights regarding staff member operations (e.g. performance rates regarding fertilization).

The categories of data subjects to whom the personal data relates 1. Authorized Users of Fairtility’s Platform and Services:
Individuals designated by the Customer to use Fairtility’s web-based platform on their behalf,
such as embryologists and other IVF clinic staff.
The types of personal data Platform User Data:
The nature and purpose of the processing Platform User Data is processed for the following purposes:

  1. Platform Access and Account Management: Processing personal data to create, manage, and secure platform user accounts, including setting up login credentials, authenticating user identity, and ensuring secure access to the Fairtility platform.
  2. Platform Performance and User Analytics: Processing user data to generate insights and reports on platform performance, user engagement, and behaviour patterns to support continuous improvement of services.
  3. Customer Support and Troubleshooting: Processing necessary to provide timely customer support, technical assistance, and troubleshooting to resolve platform-related issues.
  4. Security and Fraud Prevention: Monitoring and processing data to identify, prevent, and mitigate fraudulent activities, unauthorized access, and security risks to protect user accounts and platform integrity.

Patient Direct Identifiers (to the extent enabled by Customer) are processed for the following purposes:

  1. Identification and Usability: The patient’s name is processed to ensure that Platform Users can accurately associate data and insights with the correct patient, thereby minimizing errors and enhancing platform usability. To uphold data minimization principles and promote privacy, this name is displayed in abbreviated form unless otherwise specified by the Customer.
  2. Secure Data Sharing with Patient: The patient’s email address is processed to enable Platform Users to share Patient Data securely with the patient via the Platform’s data-sharing feature.

Pseudonymized Patient Data is processed for the following purposes:

  1. Providing the Core Services: collection, storage and analysis of data through Fairtility’s artificial intelligence tools, to deliver embryo and oocyte quality assessments and other fertility-related insights and predictions as outlined in the Principal Agreement.
  2. Providing KPI Services: In addition, for customers using CHLOE KPI™, data will be aggregated and analysed for the generation of Key Performance Indicators (“KPIs”), intended to provide health care professionals with analytical insights into their lab and clinic operational performance, as outlined in the Principal Agreement.
  3. De-identification for Fairtility’s Legitimate Business Purposes as Data Controller: Pseudonymized Patient Data undergoes an additional de-identification process, as outlined below, after which such data is used for Fairtility’s legitimate business purposes, including without limitation product development (e.g., data annotation for machine learning and artificial intelligence model training), research and regulatory submissions.

De-identification Process (De-identified Data”):

De-identified Data is Patient Data that undergoes a de-identification process which involves the following steps:

a.      Full removal of direct identifiers (name and email address, to the extent Customer chose to share such data).

 

b.      One-way hashing of pseudonymous patient identifiers used by the clinic to ensure irreversibility, including the hashing of: Slide ID; Patient ID; Well ID; Device ID; Clinic name/ID; Image/video name; Treatment ID; Cycle ID and any other internal ID that may be used by the clinic.

 

c.      Rounding down to full years of the date-based data points to further protect privacy, such as:

·        Patient age

·        Oocyte age

·        Treatment date

·        Oocyte retrieval date

·        Fertilization date

·        Transfer date

Safeguards Applied to De-identified Data

  1. Secure Data Storage: De-identified Data will be stored and accessed within a dedicated, fully secured environment to ensure data isolation and protection.
  2. Hash Key Security: One-way hashing keys will be safeguarded using industry-standard security measures to prevent unauthorized access.
  3. Irreversible Hashing: Hashing is strictly one-way, preventing any reversal from De-identified Data back to the original pseudonymized data, thereby ensuring data protection and privacy.
  4. Non-Identifiable Data Points: Inherently non-identifiable data points, such as fertilization type, country-level location, and hours post-insemination, will remain unchanged to preserve data utility without compromising privacy.
  5. Restricted Data Usage: Following the de-identification process, De-identified Data will be used solely for Fairtility’s legitimate business purposes.
  6. Key Deletion Upon Contract Termination: Upon contract termination, the one-way hashing key will be permanently deleted.

 

Clinic Staff KPI Data is processed for the following purposes (relevant to customers using CHLOE KPI™’s optional individual staff KPI feature): to aggregate and analyze individual staff activities in order to generate analytical insights into clinic and staff member operations. The ultimate purpose for using such data (e.g. quality control, benchmarks, staff appraisal), is determined solely by the customer.