Privacy Notice
Last updated: June 2023
Prior versions of this Privacy Notice can be found at this link

About this Privacy Notice
This Privacy Notice is meant to give you information about what personal data we collect about you, how we use it, why we use it, and how you control the data processing.

Table of Contents

  1. The Basics

    1. Who We Are

      1. Neuro-Technology Solutions Ltd. offers services which can assist in diagnostic activities relating to Attention Deficit Hyperactivity Disorder and is provided through our website. Our offices are located at 80 Kohav HaYam, Hofit, Israel, and our registration number is 514105287.
      2. If you have questions about our company or your privacy, or want to exercise your rights you can contact us at [email protected].
    2. Our Role: Controller and Processor.
      Certain data protection laws, including the laws in the EU, differentiate between a party that determines why and how personal data is processed (called a “controller”) and a party that processes personal data solely on the controller’s behalf and according to the controller’s instructions (called a “processor”). We are the controller in respect of the processing described in this Privacy Notice. That said, in respect of certain personal data, we serve as a processor. Please see the section below on Personal Data We Collect as a Processor for more information.
    3. Definitions and Recommendations

      1. When we refer to “services”, we mean the services which can assist in diagnostic activities relating to Attention Deficit Hyperactivity Disorder (ADHD) and is provided through Neurotech’s website https://www.neurotech-solutions.com/, including the proprietary MOXO™ d-CPT Test (“Assessment”) and the Reports (as defined in the Terms of Service).
      2. When we refer to “personal data”, we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.
      3. When we refer to “you”, we mean any Customer and/or Permitted User and/or any Participant and/or their parent and/or legal guardian.
      4. When we refer to “Customer”, we mean any institution, clinic, healthcare facility or other such entity using the services. When we refer to “Permitted User”, we mean an employee or colleague designated by a Customer to access the services. When we refer to “Participant”, we mean the individual taking the Assessment
      5. When we refer to “Customer Agreement”, we mean the Services Agreement for the license of the services between the Customer and Neurotech, if applicable.
      6. This Privacy Notice is meant to be read together with our Terms of Service, which you can find at https://app.moxo-adhdtest.com/users/reg2. In general, we recommend that you routinely review this privacy notice and your preferences on our site.
    4. A Note on Legal Bases.
      Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU’s General Data Protection Regulation (“GDPR”), the possible legal bases include: your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.
  2. Personal Data We Collect as a Controller, How We Use It, and Why.
    Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don’t provide us with certain information, we may not be able to provide you with the associated services.

    1. Website Visitors.
      When you visit our website, we may collect the following types of data about you:

      1. Contact Form Information – When you send us a message through the contact form on our site, we collect any data you provide, such as your name, profession email, phone number, country of residence and the content of your message. When you sign up for our newsletters, we collect your email address.
      2. How We Use this Data: To respond to your message and to provide you with informational newsletters about our products and services, and provide you with promotional materials we think may be of interest to you.
      3. Legal Basis: We process this personal data based on your consent. You may withdraw your consent at any time by emailing us at [email protected].
      4. Activity and System Data (automatically collected data, including through Cookies) – When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, browsing history (e.g. the other sites you’ve visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on), including through the use of cookies and similar technologies. For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below.
      5. How We Use this Data: We mainly use this data to generate aggregated analytics data about the use of our site so we can maintain and improve the site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our site.
      6. Legal Basis: When we process this personal data which is generated from cookies and similar technologies for the purpose of developing and improving our services, we do so based on your consent. When we process this personal data, which is not generated from cookies and similar technologies, and/or for the purpose of preventing fraud, we do so based on our legitimate interests to develop and improve our services and to prevent fraud. You may withdraw your consent at any time by emailing us at [email protected]. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt-out is effective.
    2. Users.
      If you are a user of our services we collect the following information from and about you.

      1. Registration Data – In order to access our services, you must first create an account. When creating an account, you will be asked to provide us with personal data, such as your name, address, phone number, e-mail address, job function, professional license number, degree, and country of residence.
      2. How We Use this Data: We use your registration information to allow you to access to our service, protect the security of our service, prevent fraud, and address any issues that arise. We use your contact details to communicate with you about our service. We also use your contact details to send you informational newsletters and/or promotional materials about our products and services. For more information about our marketing activities and how you can control your preferences, see the section on Our Marketing Activities below.
      3. Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms of Service. When we process your registration data to maintain our service, including to prevent fraud, protect the security of and/or address issues with our service, we do so on the basis of our legitimate interest to maintain and protect our services. When we use your contact details to send you newsletters and/or promotional materials, we do so based on our legitimate interest to market our products and services. You may unsubscribe from our mailing list at any time by emailing us at [email protected].
      4. Participant Data – We process any personal data that is provided to us relating to a Participant, including, Participant’s gender, age, country of residence and results of any Assessment. The data relating to the Assessment may be deemed as special categories of data relating to your health, which is subject to special protections under the law. We will only process such data based on the Participant and/or Participant’s legal guardian’s explicit consent. We have no direct engagement with any Participant, and all data collection and obtaining consent will be done by the applicable Customer and/or Permitted User.
      5. How We Use this Data: To provide you with our services, including conducting Assessments and providing you with the Reports, as defined in the Terms of Service. We also use this data in a pseudonymized manner to improve our services and our technology.
      6. Legal Basis: When we process Participants’ personal data for the provision of services and\or, in a pseudonymized manner, for improving our services, we do so based on the Participant and/or Participant’s legal guardian’s explicit consent provided by the Participant and/or the Participant’s legal guardian to the applicable Customer. A Participant may withdraw its consent regarding use of the data for the improvement of the services by contacting us at [email protected], otherwise any consent withdrawal or rights related thereto should be addressed to the entity who administered the applicable Assessment. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective. Except for the use of data to improve our services, all other processing of such data is performed on behalf of and at the instruction of the applicable Customer.
      7. Activity and System Data (Cookies) – We collect data about your device and your activity, as described more fully above in section 2.1.2, when you use our services.
  3. Personal Data We Collect as a Processor.
    Except for personal data we use to improve our services (as detailed in Section 2.2.2), with respect to any other personal data we process about a Participant (as detailed in Section 2.2.2), such processing is conducted for the provision of services to our Customers. In that case, we serve as a processor and the Customer serves as a controller. We process that data on behalf of the relevant Customer and according to its instructions. We may share this data and the results of a Participant’s Assessment and/or Report with the relevant Customer. To learn more about our processing activities in this capacity or to exercise your privacy rights regarding them, please contact the applicable Customer directly.
  4. Our Marketing Activities.
    As described above, if you are a Customer and/or Permitted User, we may use personal data we collect for promotional and marketing purposes. We try to limit the marketing material we send to a reasonable and proportionate level. Below we describe how you can control the marketing material you receive from us.

    1. Email Marketing and Services Communications

      1. We use your contact details to send you informational newsletters and other marketing material about our products and services.
      2. You can stop the delivery of all marketing emails by following the “unsubscribe” link in any messages we send you. Alternatively, you can contact us at [email protected] to request to unsubscribe.
      3. If you are a registered user, you can change your preferences within your account to reflect how you would like us to communicate with you.
      4. Note that if you are a registered user, we may need to contact you about administrative or service-related issues as part of the services we provide to you. This is not marketing communication and you will continue to receive these messages even if you opt-out of marketing emails.
  5. Sharing the Personal Data We Collect.
    We share your personal data, as follows:

    1. Customers.
      With respect to Participant personal data we use to improve our services, the Customer who administered the applicable Assessment serves as a separate independent controller. We will share this data and the results of the applicable Assessments and/or Results with the applicable Customer. Customers maintain exclusive discretion in determining the appropriate actions concerning the personal data of the applicable Participants, including the sharing of such data, the Assessment and/or any Reports with Participant and/or Participants’ parents or legal guardians, as applicable. For further details regarding our arrangement with such controllers, please contact us at [email protected] of the applicable Customer.
    2. Service Providers.
      Below is a list of the types of service providers we use, the service each provides, and the types of data shared with each. All service providers have agreed to confidentiality restrictions and have undertaken to use your personal data solely as we direct.

      Type of Service

      Description

      Personal Data Shared

      Cloud Computing

      We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs, including your personal data. 

      All personal data that we collect from you is stored on third party servers.

      Customer Relationship Management (CRM)

      We use an external CRM tool to help us keep track of our customers and information related to them, including their personal data. 

      Your name, company, position, email address, and phone number.

      Email Marketing

      We use an independent vendor to send out marketing emails on our behalf. 

      Your name company, position, phone number and email address.

      Bookkeeping Services

      We use the services of a third-party bookkeeping service to manage our financial transactions and records. 

      Your name, phone number, position in the company, address, and bank account information.

      Analytics Providers

      We use a service provider to assist us with analytics services.

      Data collected automatically through our site, including IP addresses and cookie information.

    3. Change of Ownership.
      If we are looking to sell our company, liquidate assets, or merge with another, we may share your personal data with other interested parties as part of negotiations toward that transaction. In such case, or where we do sell our company, your personal data shall continue to be subject to the provisions of this Privacy Notice.
    4. Law Enforcement Related Disclosure.
      We may share your personal data with government agencies or other relevant parties, such as a law office or independent auditor: (i) if we believe that such disclosure is appropriate to protect our rights, property or safety (including the enforcement of the Terms and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.
  6. International Transfers.
    Some of our service providers and affiliates / additional controllers are located in countries other than your own. When we transfer your personal data internationally, we will do so safely and securely and in accordance with applicable law.

    1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area (“EEA”), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards:
      1. When we transfer your personal data to Israel, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection.
      2. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.
      3. Please contact us at [email protected] if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
  7. Security.
    The security of your personal data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:

    1. Technical Measures.
      The electronic safeguards we employ to protect your personal data include secure servers, firewalls, antivirus protections and conducting penetration testing. We encrypt data in transit and at rest using secure SSL protocols.
    2. Access Control.
      We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee’s access immediately after his/her termination.
    3. Internal Policies. We maintain and regularly review and update our privacy related and information security policies.
    4. Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.
    5. Standards and Certifications. We have been certified as compliant with ISO 27001 (Information Security Management) and ISO 27799 (Health Informatics Security).
    6. Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.
  8. Your Rights – How to Control Our Use of Your Personal Data.
    Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at [email protected]. If you want to exercise your rights regarding your personal data held by other controllers (mainly the person or entity who administered your Assessment) you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request.

    1. Right of Access. You may have a right to know what personal data we collect about you. We may charge you with a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to GDPR.
    2. Right to Correct Personal Data. You may have the request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.
    3. Deletion of Personal Data (“Right to Be Forgotten”). If you are located in the EU, you may have the right to request that we delete your personal data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your personal data is subject to GDPR.
    4. Right to Restrict Processing. If you are located in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details, if your personal data is subject to GDPR.
    5. Right to Data Portability. If you are located in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to GDPR.
    6. Right to Object. If you are located in the EU, you may have the right object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to GDPR.
    7. Withdrawal of Consent. If we are processing your data based on your consent, you are always free to withdraw your consent, however, this won’t affect processing we have done from before you withdrew your consent.
    8. Right to Lodge a Complaint with Your Local Data Protection Authority. if you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
  9. Data Retention.

    1. We retain your personal data as long as necessary to fulfill each of the purposes we described above. Once we’re done with your data, we delete or anonymize it.
    2. When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business’s retention policy.
    3. In some circumstances, we may store your personal data even after we’re finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.
    4. Please contact us at [email protected] if you would like details about the retention periods for each type of personal data we process.
  10. Cookies and Similar Technologies.

    1. What are Cookies? A cookie is a small piece of text that is sent to your browser by a website you visit. This piece of text acts as a sort of tag, letting the website know that it’s you (really, your device) that’s visiting. There are other technologies that act similarly, like web beacons, pixel tags, and Device IDs for apps, but for simplicity’s sake we’ll refer to them all as “cookies”.
    2. Websites can place their own cookies (called “first-party cookies”) but can also place cookies from other sites (called “third-party cookies”). If your browser holds both first and third-party cookies for a given website, both the website and the third party are notified when you visit the site. We may place both first and third-party cookies on our site.
    3. How We Use Cookies.
      While the specific names and types of cookies we use may change from time to time, they generally fall into one of the categories listed below. We will not place any cookies on your browser that are not strictly necessary unless you have first consented to receive them.

      Cookie Type

      Function

      Necessary

      These cookies allow the site to work correctly. They enable your access to the site, move around, and access different services, features, and tools. These cookies cannot be disabled.

      Functionality

      These cookies remember your settings, preferences, and other choices you make (like placing an item in a shopping cart) in order to help personalize and streamline your experience.

      Security

      These cookies help us identify and prevent security risks. They may be used to store your session information to prevent others from changing your password without your login information.

      Performance/ Analytics

      These cookies collect analytical information to help us understand how you use our site, for example whether you have viewed messages, clicked on links, and how long you spent on each page. This helps us improve our site to better suit your needs.

    4. How to Adjust Your Preferences.
      Most web browsers are initially configured to accept cookies, but you can change the settings so your browser refuses all cookies or certain types of cookies. In addition, you are free to delete any existing cookies at any time. Please note that some features of the services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.
  11. Third-Party Services.
    You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party’s terms and privacy policies. We do not take any responsibility for the performance of other services.
  12. Children.
    Participants under the age of eighteen (18) who are using the services may do so only upon the Customer or Permitted User’s receipt of the relevant and required parental consent. In the event that you become aware that an individual under the age of eighteen (18) has enrolled as a Participant without the necessary parental consent, please advise us immediately. Permitted Users and Customers must all be above the age of eighteen (18).

  13. Changes to the Privacy Notice.

    We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.
  14. Privacy Summary for Kids
    We are Neuro-Technology Solutions Ltd. and we think your privacy is important. That’s why we wrote this summary so that you will know what we do with the information we have about you, who we share it with and how we protect it. We also want you to know how you can make decisions about how we treat your information. It’s probably best if you read this together with a responsible grown-up, like a parent. If you have any questions, you should speak with a responsible grown-up or you can always talk to us.
    We created the test that you will be taking (the MOXO test) but someone else will actually be giving it to you, helping you with it, and managing the results of the test. That person will decide what information they need from you and will be in charge of what will happen with that information. They will send it to us so that we can store it, analyze it, and do other activities that will help them understand the results. We may use information about your test to help us improve our tests for the benefit of future test takers – such information will not include your name or identification number, or any other detail directly identifying you.

    1. What kind of information do we have about you?
      When you take the MOXO test, we get information about you like how good your attention is and other mental skills and characteristics. Since this information concerns your health, the law says that it’s in its own special category and we will only use it if we get permission from your parent or guardian. We also will get and use information that your parent or guardian gives us about you like your birthday, the country you live in and your gender.
      You can always decide that you don’t want us to have any information about you. If you decide that, then we may not be able to give you the MOXO test or any other services.
    2. Why do we need this information and how do we use it?
      We need this information so that the person running the MOXO test can run it properly. We will also use it so that we can understand how well the test is working and make it even better and create other tests and services. It can help us make sure that all of the information we have is kept safe and that no one uses it in the wrong way.
      It’s helpful for us to understand how all different kinds of people use the MOXO test and other services. To do this, we look at your information together with the information of a lot of other people and we take personal information which directly identifies you so that we don’t know what information is connected to you and what information is connected to the other people.
      If a law says that we have to use your information in a certain way, we’ll do what the law says to do. If the law says that we have to share information with someone else, we’ll also do that.
    3. How do we share your information with others?
      We work with a bunch of other business and people who help us in giving you the MOXO test and help us make sure that it works and help us understand how it works. We have to share your information with them so that they can help us create the test and understand how to improve it.
      These other businesses might not be in the country where you live. When we send them the information in the country where they are, we make sure that they are just as careful to protect your information as we are.
      If we sell our company, we’ll have to share your information with the new owner. If that happens, we’ll make sure that the new owner treats your information in the same way that we do.
      Of course, we’ll also share any information you give us with your parents or other legal guardians and the person who is giving you the MOXO test.
    4. How can you decide what we do with your information?
      You can ask us to do any of the things on this list, but you will have to get permission from your parent or guardian first:

      1. You can find out what information we have and ask us to send you a copy. You can also ask us to send a copy to someone else. Sometimes we won’t be able to give you a copy, but if we can’t, we’ll try to explain to you why not.
      2. If you find that we have some wrong information, you can ask us to correct it.
      3. You can ask us to erase any information we have. If we do, then we won’t be able to bring it back.
      4. You can sometimes ask us to stop using your information.
      5. If you’re in the EEA you can tell a supervisory authority if you think we did something wrong. You will definitely need to ask a parent or guardian before you do this.
    5. How long do we keep information?
      We only keep information as long as we need it in order to do the things we said we were going to do with it in this Privacy Summary. If we don’t need it, we’ll erase it.
    6. How is it protected?
      We looked around to see what security measures are currently available to protect you information and what other companies like us do to protect their information and made sure that we’re doing at least as good a job as they are. That doesn’t mean everything is 100% safe but we do our best!
    7. What if we change our mind about how we use your information?
      If we do, we’ll make sure to let you and your parent or guardian know (by email or by posting an updated Privacy Notice on the website).
    8. How can you reach us?
      If you have any questions or want to tell us something about how we use and collect you information, or if you want us to delete or fix your information, you can email us at [email protected] or call us at +972-8-6466107. Please remember to always speak with your parent or guardian before you do.