Privacy Policy | EPA Bienestar IA

1. Introduction

EPA Bienestar IA (hereinafter, "the Platform") is a women's cardiovascular health platform focused on evidence-based prevention. This Privacy Policy describes how we collect, use, store, protect and share the personal and health information of users within the framework of the project "The Heart of 8000 Women".

This project is a collaboration between EPA Bienestar and the Argentine Cardiological Foundation (FCA) to conduct cardiovascular risk screening for 8,000 women, using the Life's Essential 8 (LE8) framework from the American Heart Association (AHA) and state-of-the-art technology infrastructure, with the aim of identifying risk factors early and connecting patients with a network of specialists.

By accessing and using our services through info.epa-bienestar.com.ar, you accept the practices described in this Privacy Policy.

2. Data Controller

Company name: EPA Bienestar IA
Address: Buenos Aires, Argentina
Contact email: hola@epa-bienestar.com
Phone: +54 11 69315830
Website: info.epa-bienestar.com.ar

3. About the Project "The Heart of 8000 Women"

3.1. Strategic Objectives

Awareness

Making it visible that cardiovascular disease is the leading cause of death in women.

Clinical Action

Screening 8,000 women, prioritizing Group C (Menopause) and Group B (Maternity planning/professional development).

Interoperability

Centralizing data on an FHIR server to ensure that medical history is portable and structured.

3.2. Technology Ecosystem

The project relies on a robust architecture that ensures data security and scalability:

1

Capture: Smart forms at info.epa-bienestar.com.ar.

2

Rules Engine: Logic that calculates the LE8 Score in real time.

3

Interoperability: Storage under the HL7 FHIR R4 standard.

4

Visualization: Automatic generation of a color-coded results PDF (Triage).

4. Personal Data We Collect

Within the framework of the project "The Heart of 8000 Women" and the general operation of the Platform, we may collect the following categories of data:

4.1. Personal Identification Data

First and last name
Email address
Phone number
Date of birth and age
Geographic location (city/state)

4.2. Health Data (Sensitive Data)

This data is collected exclusively for cardiovascular assessment based on the Life's Essential 8 (AHA) framework:

Information about dietary habits and diet
Level of physical activity
Tobacco/nicotine use
Hours and quality of sleep
Body Mass Index (BMI)
Cholesterol and lipid levels
Blood glucose levels
Blood pressure
Reproductive life stage (age group: Young, Maternity Planning, Menopause, 65+ Active)
Personal and family cardiovascular history
Calculated LE8 cardiovascular risk score

4.3. Browsing and Usage Data

IP address
Browser and device type
Pages visited and time spent
Cookies and tracking technologies (see specific section)

4.4. Communications Data

Newsletter subscriptions
Inquiries submitted through the contact form
Interactions via WhatsApp
Appointment booking history

5. How We Use Your Data

The personal and health data collected is used exclusively for the following purposes:

a Cardiovascular assessment: Calculate the LE8 Score and generate the color-coded risk report (triage).

b Personalized plans: Create individualized cardiovascular prevention recommendations based on identified risk factors.

c Medical referral: Identify women with high/moderate risk and facilitate connection with specialists designated by the Argentine Cardiological Foundation.

d Research (anonymized): Analyze data in an aggregate and anonymized manner to contribute to women's cardiovascular health research and improve prevention protocols.

e Clinical follow-up: Allow the medical team to access structured data to conduct informed consultations.

f Platform improvement: Optimize prevention processes and user experience based on aggregated usage data.

6. Legal Basis for Processing

The processing of personal data is carried out in accordance with Law No. 25,326 on Personal Data Protection of the Argentine Republic and its Regulatory Decree 1558/2001, under the following legal bases:

Explicit consent: Before the cardiovascular assessment begins, the user provides express and informed consent for the processing of their health data.
Vital interest (health): The prevention of cardiovascular disease, the leading cause of death in women, constitutes a vital and legitimate public health interest.
Legitimate interest: The processing is necessary to provide the screening, triage and medical referral service requested by the user.
Legal compliance: Data processing is carried out in accordance with applicable legal obligations, including current health and data protection legislation.

7. Data Sharing

Personal and health data may be shared exclusively with the following entities and under strict confidentiality conditions:

Project Medical Team

The cardiologist professionals of the project access the data solely within the scope of their clinical coordination, academic supervision and patient follow-up functions.

Argentine Cardiological Foundation (FCA)

Access to structured patient data for referral, triage and clinical follow-up through protected dashboards and electronic medical record systems.

Technology Providers

Cloud infrastructure services (AWS), payment processing (Stripe, Mercado Pago) and FHIR servers, which act as data processors under contractual confidentiality agreements and appropriate safeguards.

Important: EPA Bienestar IA does not sell, rent or commercialize users' personal or health data to third parties for advertising or marketing purposes.

8. Data Security

EPA Bienestar IA implements technical and organizational measures to protect personal and health data against unauthorized access, loss, alteration or improper disclosure:

Technical Measures

SSL/TLS encryption in all communications
Encrypted databases under the HL7 FHIR R4 standard
Access control with authentication in dashboards
Protection against XSS, SQL injection and other OWASP attacks
HIPAA-aligned practices for health data

Organizational Measures

Data access restricted to authorized medical staff
Clinical supervision by registered professionals
Confidentiality agreements with all involved staff
Regular access audits and data access logs

9. Your Rights

In accordance with applicable data protection legislation, every user has the right to:

Access

Request information about what personal and health data we have stored about you.

Rectification

Request the correction of data that is inaccurate, incomplete or outdated.

Deletion

Request the deletion of your personal data when it is no longer necessary for the purpose for which it was collected.

Portability

Request that your personal data be transferred to another controller in a structured, commonly used format.

Withdrawal of Consent

Withdraw at any time the consent given for the processing of your data, without affecting the lawfulness of processing carried out previously.

Complaint to Authority

Lodge a complaint with the competent supervisory authority if you consider that your data is not being processed correctly.

To exercise any of these rights, you can send your request to hola@epa-bienestar.com with the subject "Exercise of Data Rights", along with your full name and a clear description of your request. We will respond within a maximum of 10 (ten) business days.

10. Cookies and Tracking Technologies

Our site uses cookies and similar technologies to improve the user experience. The categories of cookies used are:

Type	Purpose	Duration
Essential	Session management, authentication and website security	Session
Analytical	Google Analytics (GA4) to understand site usage in an aggregated manner	Up to 2 years
Preference	Remember language preferences and user settings	1 year

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect site functionality.

11. Data Retention

Personal and health data is retained for as long as necessary to fulfill the purposes for which it was collected:

Health data and assessments: Retained during the active clinical follow-up period plus 10 additional years, as required by applicable health legislation, or until the user requests deletion.
Account and contact data: Retained while the account is active or until the user requests deletion.
Browsing data: Retained for a maximum period of 24 months.

12. Minors

EPA Bienestar IA services are intended for women over 18 years of age. We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor without appropriate consent, we will proceed to delete that information immediately.

13. Changes to This Policy

EPA Bienestar IA reserves the right to update or modify this Privacy Policy at any time. Any significant changes will be notified to users through the site and/or by email. We recommend that you review this page periodically. The date of the last update is indicated at the beginning of this document.

14. Contact

If you have questions, inquiries or wish to exercise your rights regarding your personal data, please contact us at:

Email: hola@epa-bienestar.com

Phone: +54 11 69315830 (Mon-Fri 9:00-18:00 hs)

Address: Buenos Aires, Argentina

15. Applicable Legislation

This Privacy Policy is governed by the following legislation:

Personal Data Protection Law No. 25,326 (Argentina): Main law governing the processing of personal data in the Argentine Republic, along with its Regulatory Decree 1558/2001.
GDPR (General Data Protection Regulation): For users residing in the European Union, we ensure compliance with the standards established by the GDPR (EU Regulation 2016/679), including the rights of access, rectification, deletion, portability and withdrawal of consent.

If you consider that the processing of your personal data does not comply with current legislation, you have the right to lodge a complaint with the Agency for Access to Public Information (AAIP), the supervisory body for personal data protection in the Argentine Republic (www.argentina.gob.ar/aaip).