This Privacy Notice aims to inform participants about how ReflexDAO ("ReflexDAO") collects, shares, and uses wearable and other health data within the Reflex Lab Resource. We provide this information in accordance with the UK GDPR requirements.

Please note that this Privacy Notice is distinct from the privacy policy available on the main reflexDAO website Privacy Policy - Reflex | Connected health & wellbeing wearable, which covers personal information provided outside of the Reflex Lab Resource. This includes data provided when you visit https://www.reflexdao.com, purchase a device, sign up for events, give feedback, provide testimonials, or interact with us via social media, phone, or in person. It also applies if you are a researcher applying to access the Reflex Lab Resource.

This Privacy Notice is periodically updated to reflect changes in law, regulation, and practice.

Self Sovereign

Your data is self sovereign. ReflexDAO will endeavour, to the best of its abilities, to identify ways to utilise that data that is in the interests of participants who share their data.

ReflexDAO is committed to processing, storing, and accessing your data consistently with the original purpose for which you joined the Reflex health data sharing research project.
GET REAL HEALTH DATA SHARING RESEARCH PROJECT INFO

This Privacy Notice outlines the types of data we collect from you, how and by whom it is used, the legal basis for processing your data, your rights as a data subject, and your right to withdraw from the Brainstem health data sharing research project.


Your data is completely de-identified; we do not ask for your name or any other identifiable information. Your data is identified only by the wallet address in the Reflex app, and this information will never be shared with third parties who have access to your health data.


With your data and samples, we generate further data to enhance the Reflex Lab, such as computed biomarkers. All data generation is conducted in a manner that ensures participants remain de-identified. Researchers must publish their results, which will be made available for future research.


Reflex Lab employs a privacy-preserving “compute-to-data” (C2D) environment, provided by Ocean Protocol, which ensures that the data resource remains on a secure server controlled by ReflexDAO. Researchers can run their algorithms on the C2D host but cannot download a copy of the data itself. It is not possible to access the wallet information of the user in this environment to reduce the risk of re-identification.


We do not collect or process your personal data (data that can identify you) and as such, any data you share with us is anonymous. For the benefit of any doubt we comply with UK GDPR.


Under the UK GDPR, we must inform you of the legal basis on which we process your personal data. Since this is a research project, all participants provided consent to participate. We process anonymized shared data based on legitimate interests, specifically for scientific research to improve healthcare.


ReflexDAO is the "data controller" under the UK GDPR. Legitimate interests are defined as processing necessary for the purposes pursued by the controller or a third party unless overridden by the data subject's rights. We follow a three-step test to demonstrate legitimate interests:

Each participant explicitly consented to join the Reflex data sharing research project. ReflexDAO respects this consent fully and allows participants to withdraw at any time without affecting their participation.


Under the GDPR, you have various rights:

ReflexDAO stores your data securely and regularly tests its IT systems to maintain high security standards. Shared data is anonymized and associated only with a public wallet address, making re-identification extremely difficult. ReflexDAO will not disclose the public wallet address associated with each user's data. Additionally, researchers accessing data must sign a legal agreement prohibiting attempts to identify participants.


ReflexDAO will retain participants' data for as long as there is a legitimate interest. The project is long-term, but participants can opt out at any time via the Reflex app. Data is currently stored in the United Kingdom.


For any questions or concerns about Brainstem’s data protection practices and compliance with the UK GDPR, please contact our Data Protection Officer (DPO) at team@reflexdao.com.


You can withdraw from the study at any time without providing a reason. If you decide to withdraw, your stored data will be deleted.


For any inquiries, please contact ReflexDAO at team@reflexdao.com.