We collect and process the following categories of personal data :

• Patient Data : Name, contact information, medical history, diagnostic information, and any other data necessary for diagnosis and treatment.

• Healthcare Provider Data : Name, contact information, professional credentials, and facility details.

• Technical Data : IP addresses, device information, and usage data for system optimization and security.

• Communication Data : Any information provided during customer support interactions or consultations.

• To provide accurate and effective AI-powered diagnostic services.

• To ensure compliance with medical and regulatory standards.

• To improve our software through research and development.

• To maintain security and prevent unauthorized access.

• To communicate with healthcare providers and patients about our services.

Under GDPR, we process personal data based on :

• Consent : When explicit consent is obtained for processing sensitive health data.

• Contractual Necessity : To fulfill service agreements with healthcare providers.

• Legal Obligation : To comply with regulatory and legal requirements.

• Legitimate Interests : To enhance service delivery and system functionality while ensuring data security.

As a provider of healthcare-related software, we comply with HIPAA requirements by :

• Implementing strict access controls and encryption to protect Protected Health Information (PHI).

• Signing Business Associate Agreements (BAAs) with covered entities. Conducting regular risk assessments to identify and mitigate potential vulnerabilities.

• Conducting regular risk assessments to identify and mitigate potential vulnerabilities.

• Training our employees on HIPAA regulations and security best practices.

We do not sell personal data. We share data only with :

• Authorized Healthcare Providers : To facilitate diagnostic services.

• Service Providers: : Third-party vendors under strict confidentiality agreements for IT support, data hosting, or analytics.

• Regulatory Authorities : To comply with regulatory and legal requirements.

• Legitimate Interests : When required to comply with legal obligations.

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specific retention periods include :

• Patient Data : Retained for [insert period] in compliance with medical record-keeping requirements.

• Technical Data : Retained for [insert period] to ensure system optimization and security.

We implement robust security measures, including :

• Encryption of data at rest and in transit.

• Regular security audits and vulnerability assessments.

• Role-based access controls to limit data access.

• Incident response protocols to address breaches promptly.

Individuals have the following rights:

• Access : To request a copy of their personal data.

• Rectification : To correct inaccurate or incomplete data.

• Erasure : To request deletion of data, subject to legal obligations.

• Restriction : To limit processing under certain circumstances.

• Data Portability : To receive personal data in a machine-readable format.

• Objection : To object to data processing for specific purposes.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website, and significant changes will be communicated directly to affected individuals where applicable.

For questions or concerns about this Privacy Policy or our data protection practices, please contact us :

• Email : rajiv@arholdings.co.uk

• Phone : +447776715106

• Address : 128, City Road, London EC1V 2NX.