Data Protection Notice

Data Protection – Key Facts

• Controller: B1OS IT Solutions, LTD (B1)
• Responsibility: We are responsible for keeping your personal data safe and secure.
• Your responsibility: Keep your B1 account credentials secure; we are not responsible for compromises caused by weak account security.
• Legal bases: We rely on a mixture of consent, contract performance, legal obligations, and legitimate interests depending on the processing.
• Rights: You have GDPR rights — see section 10 for details.

We aim to be clear and transparent about what information we collect about you and how we use it. This Privacy Notice explains how we process your personal data and your rights.

1. Who we are

B1 is a health-focused technology company committed to providing patients and healthcare professionals with a comprehensive, integrated view of an individual’s health data.

The B1 App and platform can consolidate medical records and personal health information from multiple sources — GPs, hospitals, clinics, wearables, and manual input — into a single place. Our goal is to empower individuals to take control of their health and enhance collaboration between patients and healthcare professionals.

B1 is the data controller of any information contained in your B1 profile or other personal data we collect. We ensure your personal information is processed lawfully and securely in line with GDPR and applicable laws.

2. Types of personal data we use

We may process your personal data if you use the B1 app, act for or provide services to a B1 customer, or otherwise interact with our services. This can include data we obtain directly from you or from third parties (e.g. medical practitioners, device vendors, analytics providers).

• Personal Identity Information: name, date of birth, address, contact details, trusted contacts.
• Medical Information: appointments, medication records, vaccination records, clinical notes, medical images and documents uploaded by you or your providers.
• Health and Fitness Data: info from wearable devices and fitness apps you choose to connect.
• User-Generated Content: notes, comments, messages you add to your records.
• Technical & Analytics: cookies, device details, app usage patterns (we use optional analytics cookies only with your consent).
• Identity Verification: biometric data (e.g. facial geometry), government ID for verification.
• Marketing & Communications: your preferences for receiving marketing messages.
• Financial Data: bank account or payment details when required.

We may add new services and will update this notice if new categories of data are processed.

3. Legal bases for processing of personal data

We will only process personal data when we have a lawful basis. Typical bases include:

• Consent: you have given consent for specific processing.
• Contract: processing is necessary to perform a contract with you or take steps at your request prior to entering into a contract.
• Legal obligations: to comply with statutory duties.
• Legitimate interests: where processing is necessary for B1’s legitimate business interests (with appropriate safeguards).

For sensitive health data we rely on your explicit consent. You can withdraw consent at any time, but withdrawing may limit some functionality.

4. How do we use your information

We collect and handle personal information to provide and improve the B1 App and related services: identity verification, profile management, sharing data with healthcare professionals.

We use AI-based features to provide summaries and highlight potential insights; these assist users and clinicians but are not a substitute for professional medical judgment. We cannot guarantee accuracy of AI-generated summaries.

We may contact you about product updates or offers — you can opt out at any time via unsubscribe links or account settings.

5. Who can access your personal data

We limit access to personal data to employees, agents and processors who need the data to perform their role and who are bound by confidentiality obligations.

If you allow Medical Practitioners to access your data, they act as separate controllers for the data they upload or download. B1 is not responsible for how those providers handle the data — contact them directly if you have concerns.

You are responsible for any access permissions you grant to trusted contacts. You can revoke access via the B1 App at any time.

6. How long we store your data

We retain personal data only as long as necessary for the purpose it was collected, including legal, accounting, or reporting needs. If you delete your account, your personal data will be deleted; however, we may retain copies for regulatory or dispute resolution reasons. For retention specifics, contact support@b1os.life.

7. Who we share your personal data with

We will not share your personal data with third parties outside the EU without safeguards. You may share data with medical practitioners or third parties — this is done at your risk.

We may share data with:

• Medical Practitioners: when you choose to share your records.
• Trusted Contacts: people you permit to access your data.
• Third-Party Service Providers: hosting, analytics, payments (only as necessary and under contract).
• Law & Protection: where required by law or to protect rights and safety.

8. Data processors

We engage reputable processors like hosting providers and analytics services (e.g., AWS, Microsoft). They act under our instructions and must protect your data. If you need details of specific processors, contact support@b1os.life.

9. Information for Medical Practitioners

Medical Practitioners using B1 are data controllers for the patient data they upload or access. You must ensure you comply with your own data protection responsibilities when handling patient data. Additional practitioner-specific info we may hold includes:

• Professional qualifications;
• Work contact info and clinic details;
• Credentials and regulatory permissions;
• Audit trail and usage information for your use of the B1 app.

10. Your rights under the GDPR

Under GDPR you have the right to:

• access a copy of your personal data;
• be informed about the processing of your personal data;
• request rectification or erasure;
• request restriction of processing;
• object to processing, including for marketing;
• data portability;
• withdraw consent where processing is consent-based.

To exercise rights contact our DPO/support at support@b1os.life. We may need to verify your identity. We aim to respond within one month; complex requests may take longer and we will keep you informed.

You also have the right to complain to a supervisory authority (e.g., Data Protection Commission in Ireland).

11. Changes to this privacy notice

We may update this Privacy Notice from time to time. We will publish changes here and, for substantive updates, notify by email. This notice was last updated in November 2025.