Institute of Biophysics and Biomedical Engineering Faculty of Sciences, University of Lisbon Campo Grande – 1749-016 Lisbon
- email: info@neroes.tech
- +351 914 796 058
This Privacy and Security Policy regulates the use of digital platforms (website and App) owned by NEROES.
If you wish to contact Neroes regarding these digital platforms, you may do so using the following email address info@neroes.tech
Access and use of the website and App are the sole responsibility of the User, who is subject to the acceptance of this Privacy and Security Policy and the data processing described herein. The access and use of the services provided assume that the User has read, understood and accepted the Terms and Conditions of their use, that can be consulted here.
Neroes reserves the right to change and review this Privacy and Security Policy at any time, as well as the data processing described herein, whenever deemed appropriate, with or without prior notice.
This Privacy Policy constitutes an agreement between you, the User, and NEROES which applies to the use of these digital platforms. It is the sole responsibility of the user to read the Privacy and Security Policy whenever accessing the website or App, in order to be aware of any changes made, as it may affect its rights.
This policy intends to inform about the privacy rules in the scope of the services provided by NEROES, LDA (NEROES), Portuguese tax number 515917915, with headquarters at Centro Empresarial – Zona Industrial 6060-182 Idanha-a-Nova, Portugal, also designated as Responsible Entity. The personal data you provide is treated with the security and confidentiality guarantees required by the legal framework relating to the protection of personal data.
Any attempts to alter the information, or any other action that may cause damage and jeopardize the integrity of the system and services, are strictly prohibited under current legislation. The User undertakes to scrupulously comply with the applicable legislation, namely, in terms of computer crime and intellectual property rights, being solely responsible for the violation of these rules.
NEROES MENTAL TRAINING PLATFORM is a computational platform (App) that allows the User to improve performance through mental training and enhancement of emotional control.
This training makes use of the neurofeedback technique combined with a videogame that is controlled by the brain’s electrical activity signals of the User. These signals are collected through a wearable electroencephalography (EEG) device that is placed over the head of the User. In addition, the App allows qualitative and quantitative assessments of the mental abilities of the User before, during and after the referred mental training, by filling out questionnaires, testing specific game/assessments and from the signals of the brain’s electrical activity themselves.
However, it should be noted that the App is not a medical device and does not provide or can be used in order to obtain any diagnosis or mental health therapy.
The data collected is intended for the provision of the service requested by the User, with no personal data being collected that are not necessary to provide the service or without express consent of the User.
There are other types of information, non-personal and non-individualized, that are recorded keep website running appropriately and ensure a good browsing experience for visitors. This is statistical information that is usually by definition recorded through the browser window such as: the website address of the website that brought you directly to the neroes website, most visited website pages, type of browser, operating system, etc.
Personal data is information relating to a living, identified or identifiable person. Personal data can also be considered the set of different information that can lead to the identification of a specific person. Personal data that has been uncharacterized, encoded or pseudonymised, but that can be used to re-identify a person, remains personal data.
Personal data that has been made anonymous so that the person is not or ceases to be identifiable are no longer considered personal data. For data to be truly anonymized, anonymization must be irreversible.
Therefore, the data collected and used by the App, related to the brain’s electrical activity, with questionnaires and specific tests/assessments available on the App, are only considered personal data if associated with a living, identified or identifiable person. Otherwise, the data is not considered as personal data.
Since the App service will use data encoding or pseudonymisation, it is necessary to obtain explicit consent for the treatment of such personal data for one or more specific purposes.
However, the data collected is subject to irreversible anonymization and used for the overall improvement of the service provided, namely in the optimization of the algorithms used in the App, for aggregate statistical evaluation of the usage of the service, and in case the retention period ends.
3.1 Brain’s electrical activity signals: The collection and processing of data aims to do mental training through a video game, using the neurofeedback technique, and also to evaluate and monitor the mental abilities of the User associated with the training.
3.2 Self-reported questionnaires or reported by institutional employee: The requested and collected data aim to assess mental abilities associated with training, personality trait, and also the mental health state of the User. These data will be aggregated and combined with the previous data to report the current status, to monitor mental training and to optimize the training process.
3.3 Data derived from specific tests/games: The collected data reflects the performance of specific tests/games that assesses mental abilities, which include the duration of the execution, rate of correct answers, and scores. These are intended to complement the evaluation of the mental abilities of the User, collected during the training. These data will be aggregated and combined with the previous data to report the current state of the User, monitor the mental training and to optimize the training process itself.
3.4 Demographic data: The requested and collected data aim, together with the previous data, to optimize the training process.
3.5 Contact details: The requested data is only intended to enable the creation of a personal and/or institutional User account. They can also be used to contact the User for operation notifications and to obtain feedback on the service provided.
3.6 Anonymization and aggregation of data for service optimization: The data collected is irreversibly anonymized and used by NEROES in an aggregated way to improve the service provided through the statistical evaluation of the usage, optimization of the algorithms or in case the retention period ends.
The App enables users to create individual and institutional profiles by providing explicit consent during profile creation, by accepting the checkbox related to the agreement of the Terms and Conditions. This is done prior to using the App.
The individual User profile is intended for individuals, over 18 years old. When the user is a minor, he/she must be accompanied by the legal guardian, both when giving consent, and when using and filling in the App data.
The profile of the organization/institutional User (e.g. clubs, companies), allows institutions, being responsible for the collection and processing of data of their employees and assuming the responsibilities imposed by law in terms of protection of personal data, can, in a nominal, pseudonymised or anonymized way, enter and collect the data of their employees on the App. In this profile, institutions will be able to conduct and monitor the mental training of their employees on an individual basis and still have an aggregate view of the group of employees.
NEROES, in its role as the data controller, is responsible for the collection and processing of data in strict compliance with national and community legislation in force. In fulfilling this role, NEROES ensures that:
In addition to the above, NEROES is committed to implementing appropriate technical and organizational measures to protect the personal data of its users against accidental, unlawful loss, alteration, dissemination, or unauthorized access. An appropriate level of security is considered to be in effect regarding the data handling risks, given the sensitive nature of the data to be protected.
NEROES utilizes Amazon Web Services (AWS) as a cloud service provider for the storage of data in databases. In this capacity, AWS acts as a data processor, processing data on behalf of NEROES. The responsibilities and roles in this relationship are as follows:
AWS’s Role as Data Processor:
Data Security with AWS:
Compliance and Auditing:
By using AWS for data storage, NEROES ensures enhanced security and reliability in the management of user data. NEROES remains committed to the protection of personal data and will continue to uphold the highest standards of data privacy in all aspects of its data collection and processing activities.
NEROES undertakes to only allow access to the employees or entities under confidentiality agreements, as the company’s current practice. NEROES may, with express and prior consent, only transmit the data to this entities for the purpose of scientific and research studies. The transmission of this data will be done in compliance with the rules on the irreversible anonymization of personal data.
6.1 Security Measures: In carrying out its activities, the Responsible Entity employs a comprehensive set of technologies and security procedures to protect personal data from unauthorized access or disclosure. These include:
NEROES maintains its own database for storing all personal data registered by the User, ensuring the protection of this data through both physical and logical security measures.
6.2 Safety Procedures for Special Category Data: NEROES recognizes that physiological signals and self-reported mental health data fall under ‘special category data’ as defined by GDPR, which requires heightened protective measures:
6.3 Data Breach Notification Procedures: In the event of a data breach, NEROES has established comprehensive procedures to promptly and effectively respond, especially when special category data is involved:
6.4 Commitment to Data Integrity and Confidentiality: NEROES is dedicated to maintaining the highest standards of confidentiality and integrity in all personal data processing, with a special emphasis on special category data. All necessary steps will be taken to safeguard this sensitive information, ensuring it is used only for its intended purpose and protected against unauthorized access or disclosure.
NEROES may, with your express and prior consent, transmit the data for the purpose of scientific studies. The transmission of this data will be done in compliance with the rules on the anonymization of personal data, as well as, under the protection of Non-Disclosure Agreement.
In the course of providing services, NEROES may transfer personal data across borders, including to regions outside the European Union (EU) and the European Economic Area (EEA). The regions where data transfers are expected to occur include, but are not limited to, the EU/EEA, North America (specifically the United States and Canada), Brazil, and Australia.
Safeguards for Data Transfers:
User Consent and Notification:
Review and Compliance:
This section ensures transparency regarding the international transfer of personal data and at providing users with the assurance that their data is protected, irrespective of where it is processed.
NEROES is committed to ensuring that Users have full control over their personal data. To this end, the following mechanisms are in place:
8.1 Providing Consent:
8.2 Withdrawing Consent:
8.3 Access to Personal Data:
8.4 Rectification, Erasure, Objection, and Restriction:
8.5 Response Time:
8.6 Right to Lodge a Complaint:
By providing these mechanisms, NEROES ensures complete transparency and control for Users over their personal data, in compliance with data protection regulations.
Your personal data is retained for the period necessary to fulfill the purposes for which it was collected. The specific retention periods are as follows:
The Responsible Entity undertakes to adopt appropriate conservation and safety measures throughout the retention period. NEROES remains committed to regular reviews of data retention practices to ensure compliance with industry standards and applicable regulations.
If you have any specific concerns or questions about the retention period for your personal data, please contact info@neroes.tech
NEROES uses cookies and similar technologies to enhance user experience and improve performance, as detailed below.
Cookies are small text files with relevant information that your access device (computer, mobile phone, smartphone, or tablet) carries through the browser when a site is visited. The use of cookies optimizes navigation by adapting information and services to user interests, providing a better experience with each visit.
Cookies used by NEROES do not collect personal information that identifies the user but store generic information, such as the form or place/country of access and user preferences. NEROES uses cookies for the following purposes:
Users can choose to be notified of and block cookies at any time through their browser. Note that refusing cookies may limit access to certain areas of the site and affect the overall browsing experience.
Newsletters/emails may contain a small image for statistical purposes, allowing users to unsubscribe if desired.
Users can disable cookies at any time through browser settings. However, note that disabling cookies may affect web service functionality. For example, in Google Chrome you may do it by accessing the following link: Google Chrome
The App uses cookies for Functionality and Performance, excluding targeted advertising. Users can control cookie preferences. The following cookies are used:
Cookie | Lifetime | Description |
---|---|---|
_ga | 2 years | Used to distinguish users |
_gid | 24 hours | Used to distinguish users |
_gat | 1 minute | Used to control request rate |
Token | Session | Used to identify the user |
Session | – | Used to maintain user session |
AWSALB | 6 days | Used to control connections and request rate |
AWSALBCORS | 6 days | Used to prevent fraudulent attacks |
To opt out of non-essential cookies, change browser settings. Most browsers accept cookies, but preferences can be adjusted in privacy settings.
For more information about cookies, including how to disable them, visit https://aboutcookies.org/.
You can contact us to clarify any doubts or questions at the following addresses:
This Privacy and Security Policy is governed and interpreted in accordance with Portuguese law. The Lisbon area court is competent, to the exclusion of any other, to settle any conflicts that result from the interpretation and application of this Privacy and Security Policy.
This Privacy and Security Policy, which you must read carefully may be changed considering that the changes come into effect as of the date of its publication on this website, with express reference to the date of update.
Date of the last update of the Privacy and Security Policy: November 11, 2023
Institute of Biophysics and Biomedical Engineering Faculty of Sciences, University of Lisbon Campo Grande – 1749-016 Lisbon