The Biologix app, as well as the websites “biologix.com.br” and “biologix.com.ar”, are operated by Biologix Sistemas S.A., with its office located at Henrique Monteiro Street, No. 90, 3rd Floor, Office 32, Pinheiros, City of São Paulo, São Paulo State, postal code: 05406-150. Biologix Sistemas S.A. is a private legal entity registered under CNPJ/MF [Brazilian National Registry of Legal Entities/ Ministry of Finance] No. 21.892.103/0001-83 (hereinafter “Biologix”). All these elements comprise the Biologix Platform, herein referred to as the “Service”.

This Privacy Policy (hereinafter “Policy”) sets forth the general conditions governing the processing of personal data collected by Biologix from Service users, including accredited centers and their patients who use the solutions offered by Biologix.

DISCLAIMER: Please read this Policy carefully before providing any personal information to Biologix. If you do not agree with its content, we advise you not to use the Service or access the Biologix Platform.

By using the Service, you agree to the terms and conditions outlined in this Policy and the principles that support them.

This Policy governs the processing of personal data collected through the Service. As this is a public document, its content must not be disregarded.

● “Personal Data” means information that allows direct or indirect identification of a natural person.

● “Sensible Personal Data” means information related to racial or ethnic origin, religious beliefs, political opinions, union membership, health condition, sexual life, genetic or biometric data of a natural person.

● “Processing of Personal Data” means any operation performed on personal data, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, retrieval, information control evaluation, modification, communication, transfer, circulation or deletion.

● “Data Subject” (or “Holder”) means the natural or legal person to whom the processed personal data refers.

● “Controller” means the natural or legal person, whether public or private, who makes decisions regarding the processing of personal data. In this Policy, Biologix is the Controller.

● “Consent” means the free, informed and explicit expression of will by the Data Subject authorizing the processing of their personal data for specific purposes.

● “Data Protection Act” refers to the body of regulations governing personal data processing, including, but not limited to, Act n.º 13.709/2018 (Brazilian General Data Protection Law - LGPD in Portuguese).

● “Accredited Centers” refers to clinics, practices or professionals registered in Biologix authorized to distribute the Oxistar Sensor and conduct examinations through our solutions.

Biologix processes user data to link individuals to the Service. Such data may or may not constitute personal data:

● Identification Data: Name, email, telephone, company (if applicable), identity document, and date of birth.

● Sensitive Personal Data: Medical information that may be required to complete questionnaires, medical history or examination results.

● Access Data: Browser, IP address, timestamps, user location, actions taken within the Service, mobile device information, network provider, and user interactions with Biologix via website, email and telephone, among other automatically collected information.

● Other Data: Any additional information provided directly or indirectly through the use of the Service, online presence, other websites or linked accounts.

We process this data to manage your relationship with Biologix and ensure the full functionality of the Service’s features, including the personalization and enhancement of the user experience. Specific features include:

● Operating, protecting and optimizing the Service and user experience. ● Conducting analysis and research, sending promotional and marketing content. ● Sending alerts, reminders, technical support updates, security notifications, and other relevant information.

● Complying with legal obligations, resolving disputes, and executing third-party agreements

● Exercising legal rights in administrative, legal, or arbitration proceedings. As well ass fulfilling their legal or regulatory obligations, according to applicable law.

This Policy does not apply to third-party products, services, or platforms accessed through the Biologix Service.

When you access such third-party links, you leave the Service environment, which may involve the collection or use of your information by third parties. Biologix does not control, endorse, or assume responsibility for third-party websites or their privacy practices. We recommend reviewing their privacy policies before providing any personal data.

Suppose you provide us with third-party personal data. In that case, you confirm that you have obtained the appropriate authorization and consent to permit its use under this Privacy Policy.

You are not obligated to provide the requested personal data. However, if you choose not to, we may be unable to offer certain services or respond effectively to your inquiries.

Below is a list of services that may be affected if certain personal data is not provided:

Personal Documents (e.g., full name, company, medical specialty—if applicable—identity document, and date of birth)

Access Data (e.g., browser, IP address, timestamps, user location, actions taken within the Service, mobile device

information, network provider, and user interactions with Biologix via website, email and telephone, among other

automatically collected information)

The Service will not function properly on your device. Applicable law requires internet service providers to collect and store certain data.

Other Data: Includes information about products or services that we offer or that you have previously requested or

consulted, including any additional information necessary to deliver such products or services and to respond to your inquiries; data obtained from

questionnaires; and any other additional information related to you that you may directly or indirectly provide to us through the Service, your online presence, other websites, or other accounts that you may have authorized us to access for the purpose of collecting information.

Biologix will be unable to respond to your inquiries or fulfill your requests.

IV. Personal Data Exchange with Third Parties

Biologix can share your personal data with:

● Affiliated companies within the same economic group, to support strategic decision-making.

● Service providers or partners to manage specific operational functions, such as hosting, data storage, fraud prevention, customer service, sales processing, content personalization, advertising and marketing (including digital and personalized advertising), and IT services.

● Third parties involved in the operation of our services, such as financial institutions and credit analysis companies.

We share personal data only when necessary to: (i) optimize operational costs; (ii) strengthen data security; and (iii) analyze data obtained through our services.

Biologix only partners with third parties that uphold the same standards for privacy and data protection.

V. International Data Transfer

Biologix may transfer personal data to entities located outside Brazil, primarily due to the use of cloud servers abroad. Such transfers will always be aligned with the purposes outlined in this Policy and may be made to countries with or without comprehensive data protection laws.

However, Biologix ensures that all transfers comply with applicable law.

To protect transferred data, we use the legal mechanisms prescribed by law.

VI. Automatic Collection of Personal Data

Under this Policy, Biologix and its service providers may collect personal data through the following methods:

● Through a Browser or Device

We automatically collect information from most internet-connected browsers or devices, such as computers, smartphones, or tablets. This includes screen resolution, operating system name and version, device model/manufacturer, language, browser type/version, hardware information, IP address, device ID, advertising ID, serial number, and network data. This data helps ensure the proper functioning of the Service.

● Use of Cookies

Cookies collect information about your interaction with the Service to enhance its functionality. Said cookies collect data directly from your computer or device. They collect information such as browser type, session duration, visited pages, preferred language, and other anonymous traffic data. This information helps improve security, personalize the user experience, and monitor online activity. We also collect statistical data to enhance the design and functionality of the Service and to understand how users access our website.

● Use of Pixel Tags and Similar Technologies

We use pixel tags (also known as web beacons or invisible GIFs) to track activity, measure marketing effectiveness, and compile statistics on Service usage and response rates. Third-party behavioral advertising partners may use these technologies to report on the visibility of Biologix ads. These parties may collect data about your behavior across our Services and other websites. Biologix is not responsible for third-party use of these technologies.

If you prefer not to allow cookie-based tracking, you can set your browser to automatically reject cookies or to alert you before accepting them. You may also selectively allow or reject specific cookies. Note that these settings may affect your browsing experience and limit certain Service features.

The preferences you select may affect your browsing experience and the operation of certain functionalities that require the use of cookies. Biologix is not liable for limitations in Service functionality resulting from the deactivation of cookies.

By using our Service, you agree to the use of cookies.

VII. User Rights

As a user of Biologix and subject of personal data, you have the following rights, which can be exercised by submitting a request to Biologix:

● Right of Confirmation: Confirm whether we process your personal data. ● Right of Access: Access the personal data collected about you.

● Right of Rectification: Request the correction of inaccurate, incomplete, or outdated data.

● Right to Anonymization, Blocking, or Deletion: Request anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data.

● Right of Data Portability: Request the transfer of your data to another service provider, provided that Biologix’s commercial or industrial secrets are not compromised. ● Right to Deletion: Request the deletion of personal data processed with your consent, within the limits permitted by law.

● Right to Information: Be informed about the public and private entities with which we have shared your data, and the consequences of denying consent.

● Right to Withdraw Consent: Withdraw consent at any time.

Biologix shall process your requests with due diligence to uphold your rights. We may ask for identity verification to ensure data is only disclosed to the rightful data subject.

In certain cases, we may not be able to fulfill your request immediately or at all due to legal or regulatory constraints.

VIII. Personal Data Security

To protect your personal data, Biologix implements appropriate technical and organizational security measures in accordance with the Brazilian General Data Protection Law (LGPD).

These include the use of Hypertext Transfer Protocol Secure (HTTPS) for accessing the Service and AES-128 encryption for safeguarding data stored on the Oxistar Sensor, ensuring protection from unauthorized access by third parties.

These measures apply once Biologix receives your data. We cannot guarantee the security of your device or internet connection.

While we employ industry-standard practices, no system is completely secure. If your personal data is compromised, Biologix will notify you within a reasonable time with relevant details.

If you suspect that your interaction with Biologix has been compromised (e.g., you suspect that it has been breached), please notify us immediately.

IX. Minors Using the Service

The Service is not intended for users under the age of 18. We recommend that minors do not provide personal data to Biologix. Should it be necessary to process the data of a minor, we will require the express consent and/or authorization of a parent or legal guardian.

X. Updates

Biologix shall notify users of any material updates to this Policy and, where appropriate, it will request consent. If changes involve: (i) the specific purpose of data processing; (ii) the method and duration of data processing, in accordance with Biologix’s trade and industrial secrets; (iii) the identity of the data controller; and/or (iv) information about the sharing of personal data by the controller and the purpose thereof,

Biologix will notify users through direct communication or via the website. Please note that Biologix will not process personal data for new purposes unless legally required.

Continued use of the Service after updates indicates acceptance of the revised Policy. If you do not agree with the adjustments, we recommend discontinuing use of the Service.

XI. Contacting Biologix

To exercise any of the rights aforementioned or to ask questions about personal data processing, please contact us via email at: sac@biologix.com.br.

XII. Applicable Law and Jurisdiction

This Policy is governed by the laws of the Federative Republic of Brazil.

The parties elect the Court of the Judicial District of São Paulo, State of São Paulo, as the sole and exclusive jurisdiction for resolving any disputes arising from or relating to this Policy.

Biologix controls and operates the Service from its headquarters in Brazil and targets its content exclusively to individuals located within Brazilian territory. We do not guarantee that the Service is appropriate or available outside Brazil, nor that access to such content is lawful in all countries. If you access the Service from abroad, you are solely responsible for complying with local laws. The Service and its content may not be used where such use is unlawful.

	complete questionnaires, medical history or examination results. ● Access Data: Browser, IP address, timestamps, user location, actions taken within the Service, mobile device information, network provider, and user interactions with Biologix via website, email and telephone, among other automatically collected information. ● Other Data: Any additional information provided directly or indirectly through the use of the Service, online presence, other websites or linked accounts.
Access to Personal Data	We collect personal data directly from you or third parties when you: ● Visit our website. ● Use our app. ● Access the Biologix platform to use its solutions. ● Contact Biologix through the Service. ● Subscribe to receive content from Biologix via email.
Specific Purpose of Data Processing	We collect personal data for the following purposes: ● To manage consultations, registrations, and other interactions. ● To process diagnostic exam results. ● To transfer information to the accredited center associated with Biologix to manage authorizations. ● To provide visibility of exam reports to the selected accredited center.
Identification of the Data Controller	Biologix Sistemas S.A. Address: Henrique Monteiro Street, No. 90, 3rd Floor, Office 32, Pinheiros, São Paulo, SP – 05406-150 CNPJ/MF: 21.892.103/0001-83
Contact Information of the Controller	If you wish to exercise your rights, consult, or file a complaint regarding our Privacy Policy, use of your personal data, or a possible

	privacy law violation, contact: sac@biologix.com.br.
Instructions for Shared Data and Purpose	In addition to sharing data with accredited centers, we may also share personal data with affiliated companies, service providers, and business partners who have previously signed agreements that comply with good data protection practices.
Responsibility of Data Processing Agents	Biologix authorizes data processing by third parties only under current contractual obligations that ensure personal data protection. If your concerns are not resolved, you may contact the relevant government authorities or pursue judicial remedies.
Rights of the Data Subject	You may exercise the following rights at any time by submitting a written or electronic request to sac@biologix.com.br: (i) Confirmation as to whether your personal data is being processed. (ii) Access to your personal data. (iii) Correction of incomplete, inaccurate, or outdated data. (iv) Anonymization, blocking, or deletion of data that is unnecessary or processed unlawfully. (v) Portability of data to another service provider, provided it does not compromise trade or industrial secrets. (vi) Deletion of data processed with your consent, as permitted by law. (vii) Information about entities with whom we share your personal data. (viii) Information on the possibility of withholding consent and the potential consequences thereof (e.g., Biologix may not be able to provide certain services or fulfill specific requests). (ix) Revocation of previously granted consent.