Data Privacy Policy
Revision #5 – 2025/06/11
Extracted from LiveQMS. For the latest version, refer to LiveQMS.
PURPOSE
This Privacy Policy describes how Quore.tech collects, uses, shares and protects personal data processed through its devices, applications and platforms, in compliance with the LGPD and applicable legislation.
SCOPE
This policy applies to Quore.tech and all customers, suppliers, and third parties with which the company maintains commercial, contractual, or partnership relationships.
DEFINITIONS AND ACRONYMS
- Personal Data: Information related to an identified or identifiable person (e.g., name, CPF, email, phone).
- Sensitive Personal Data: Data on racial origin, religion, politics, biometrics, health, etc.
- QuoreOne: Heart monitoring device (ECG data).
- QuoreOne Requestor: App used to set up tests on the QuoreOne device.
- QuoreOne Patient: App for data transmission and recording symptoms/activities.
- QuoreOne AI: Platform for medical report generation using AI.
POLICY STATEMENT
Collection and Processing of Personal Data
Types of Data Collected
- Full name
- CPF (Social/Fiscal ID)
- Gender
- Height and weight
- Electrocardiogram (ECG) data
Data is collected via QuoreOne devices, apps, and diagnostic platforms.
Purpose of Processing
- Medical diagnostics and analysis
- Support for medical decisions
- Development of medical technologies
- Statistical research using anonymized data
Use of Artificial Intelligence (AI)
How AI Works
AI uses anonymized data to support clinical analysis. AI results support, but do not replace, medical decisions.
Limitations of AI
- AI does not make diagnoses or prescribe treatments.
- Results require professional validation.
- AI should not be the sole basis for decisions.
Use of Data for AI Improvement
- Training and validating AI models
- Generating statistics and research
All use complies with LGPD and GDPR.
Data Sharing
Recipients:
- Authorized healthcare professionals
- Strategic partners under contract
- Public authorities as required
Quore.tech does not sell personal data.
Security Measures
Based on ISO/IEC 27001, including:
- End-to-end encryption
- Secure authentication
- Incident monitoring and user notification
Storage and Retention
- Data is stored on secure servers in Brazil and abroad.
- Data subjects may request:
- Export of data
- Permanent deletion of data
Data Controllers
Quore.tech is the Data Controller. Operators follow contracts with security obligations.
Cooperation and Compliance
Quore.tech cooperates with authorities, customers and data subjects to ensure compliance and transparency.
Confidentiality
All involved must maintain confidentiality under administrative, civil and criminal penalties.
Data Subject Rights
- Access, correct or delete data
- Request portability
- Revoke consent
- Oppose processing
Contact the DPO:
Sérgio Santos – seg.info@quore.tech
Cancellation of Communications
To unsubscribe from emails:
- Use the “Unsubscribe” link in emails
- Or email: opt-out@quore.tech
COMPLIANCE AND ENFORCEMENT
- Lei Geral de Proteção de Dados Pessoais – Lei nº 13.709/2018
- ABNT NBR ISO/IEC 27001:2022
- ABNT NBR ISO/IEC 27701:2019
ROLES AND RESPONSIBILITIES
Information Security
- Support all areas in compliance
- Update policy and procedures
- Promote training and awareness
Data Protection Officer (DPO)
- Supervise LGPD compliance
- Act as liaison with data subjects and ANPD
- Promote internal awareness
Internal and External Parties
- Follow policy guidelines
- Cooperate with data protection procedures
