AVARE BIOTECH GLOBAL DATA PRIVACY AGREEMENT
Last Updated: [08.15.2025]
1. Purpose & Scope
This Agreement governs how Avare Biotech LLC ("Avare," "we," "our") collects, processes, stores, and shares personal and non-personal data of users ("you," "your," "Client") across our semen analysis platform, including mobile applications and web portals.
By accessing our services, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy and consent to data use in accordance with relevant data protection laws across multiple jurisdictions.
Covered Jurisdictions Include: United States, United Arab Emirates, European Union, United Kingdom, Brazil, Saudi Arabia, India, Mexico, Egypt, and others as the platform expands.
2. Compliance with Data Protection Laws
Avare complies with the following international and national frameworks:
- EU/UK: General Data Protection Regulation (GDPR)
- UAE: Personal Data Protection Law (PDPL 2021)
- US: California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA)
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Saudi Arabia: Personal Data Protection Law (PDPL)
- India: Digital Personal Data Protection Act (DPDPA 2023)
- Egypt: Law No. 151 of 2020
- Mexico: Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP)
We are also ISO 27001 compliant and follow veterinary and agritech-specific data protection best practices.
3. Data Ownership
3.1 Client-Owned Data
You retain full ownership of:
- Uploaded raw video files containing biological samples
- Individual semen analysis results (motility, concentration)
- Farm or animal-related metadata
3.2 Avare-Owned Data
Avare owns:
- Aggregated and anonymized data used for fertility mapping
- Statistical trends and AI model training outputs
- Proprietary AI algorithms and analytical tools
4. Data Collection, Processing, and Storage
4.1 Types of Data Collected
- Biological Data: Semen videos and AI-extracted analysis
- Technical Data: IP address, device info, timestamps
- Metadata: Farm and animal identifiers, environmental context
4.2 Data Processing
Data is processed by Avare’s proprietary AI engine. All personal identifiers are removed prior to aggregation. Data is encrypted in transit and at rest using AES-256.
4.3 Data Storage and Retention
Data Type | Retention Period | Notes |
Raw Videos | 5 years | Extended for longitudinal research and quality improvement |
Processed Results | Indefinitely | Available in the user's dashboard |
Metadata | 1 year | May be extended if anonymized for research |
Data Centers: AWS servers located in UAE, Germany, and the US, with geo-restrictions applied when mandated (e.g., Saudi data localized).
Standards: Full compliance with ISO 27001 and UAE cloud regulation.
5. Cross-Border Data Transfers
Jurisdiction | Transfer Mechanism |
EU/UK | Standard Contractual Clauses (SCCs), Adequacy Decisions |
Brazil | User Consent or legal safeguards |
Saudi Arabia | Local storage required for sensitive health data |
India | Government authorization may be required |
6. Third-Party Access & Data Sharing
Avare does not sell personal or identifiable data.
We may share anonymized insights under these strict conditions:
- Research: With academic institutions under signed Data Processing Agreements (DPAs)
- Commercial: With licensed partners in aggregated form only
- User Rights: Opt-in required in jurisdictions that mandate it (e.g., EU, Brazil, KSA)
7. User Rights by Jurisdiction
Right | EU/UK | Brazil | UAE | KSA | US (CCPA) | India |
Access | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Deletion | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Data Portability | ✔ | ✔ | ✖ | ✖ | ✔ | ✖ |
Withdraw Consent | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Profiling Opt-Out | ✔ | ✔ | ✔ | ✔ | ✔ | ✖ |
Grievance Redressal | ✖ | ✖ | ✖ | ✖ | ✖ | ✔ |
Submit requests by contacting: info@avareit.com
8. Fertility Mapping Participation
Using the Avare App means participating in our fertility mapping initiative.
Users grant Avare irrevocable rights to:
- Use anonymized and aggregated data for fertility mapping, trend analysis, and commercial insights.
- Retain anonymized data post-deletion request for statistical purposes.
We do not attach any personal or farm-identifiable information in external usage.
9. Data Security & Breach Notification
Security Practices:
- AES-256 encryption
- Multi-factor authentication
- Role-based access controls
- Regular ISO audits
Breach Notifications:
- 72-hour notification to authorities and affected users (GDPR, UAE, KSA)
- Notification to India’s Data Protection Board under DPDPA
- Compliant escalation per jurisdictional guidelines
10. Updates, Dispute Resolution & Legal Compliance
Policy Changes: Notice provided 30 days before major changes. Continued use = acceptance.
Jurisdiction & Disputes:
- Primary Legal Venue: UAE
- EU Issues: EU supervisory bodies under GDPR
- Others: Dubai International Arbitration Centre
11. Contact & Data Officers
General Inquiries: info@avareit.com
Office: The European Business Center, Office 170, Dubai, UAE
12. Annexes
- Appendix A: GDPR-Compliant User Notice
- Appendix B: CCPA Rights Notice
- Appendix C: DPA Template for Third Parties