Privacy Policy

KineTech Mobility: Clinical Privacy & Data Protection Policy

Effective Date: March 29, 2026

Governing Law: Personal Data Protection Act, No. 9 of 2022 (Sri Lanka)

1. The Controller & Data Protection Officer (DPO) KineTech Mobility (hereinafter "KineTech", "we", or "us") acts as the primary Data Controller. We determine the purpose and means of processing your personal and medical data. Oversight of this process is managed by our Chief Medical Founder, who acts as the designated Data Protection Officer (DPO) to ensure compliance with clinical confidentiality standards and Sri Lankan law.

2. Data Triage: What We Collect

We collect data strictly for the operation of the KineTech 4-Pillar Pathway. This includes:

Standard Personal Data: Buyer name, billing/shipping address, and contact details.

Special Categories of Personal Data (Health Data): The wearer’s blood group, known allergies, chronic medical conditions, pharmacological history (current medications), and emergency contact information.

3. The Clinical Purpose & Lawful Basis for Processing We do not sell data. We do not use health data for marketing. We process your data exclusively to facilitate rapid medical triage during a health crisis.

Consent: By purchasing the DualAlert™ Band, the buyer (acting as the legal proxy or guardian) provides explicit consent to store this data.

Vital Interests (The Emergency Bypass): We publicly display this data upon an NFC scan because processing is strictly necessary to respond to an emergency that threatens the life, health, or safety of the wearer, who may be physically or legally incapable of giving consent in that "Golden Minute".

4. The "Golden Minute" Disclosure (NFC/QR Access)

The DualAlert™ Band acts as a physical token of consent. Anyone with an QR/NFC-enabled smartphone who physically taps the band will be redirected to an obfuscated URL displaying the wearer’s emergency medical dossier. By activating the band, you acknowledge and accept that this data is accessible to 1990 Suwaseriya paramedics, first responders, or any bystander who physically interacts with the device during an emergency.

5. Data Security & Cross-Border Flow To guarantee 24/7 uptime during emergencies, your data may be hosted on secure global cloud infrastructure (Cross-Border Data Flow). We utilize appropriate technical and organizational measures , including randomized, obfuscated URLs, to prevent unauthorized digital scraping or search engine indexing.

6. Retention Protocol We retain the medical dossier only for as long as the DualAlert™ Band is active. If a subscription lapses or the product is retired, all associated Special Category data will be surgically extracted (erased) from our active servers, except where retention is mandated by Sri Lankan law for evidentiary purposes.

7. Your Clinical Data Rights

Under the PDPA, the data subject (or their authorized buyer/proxy) has the right to:

Right of Access & Rectification: View and update medical records or emergency contacts at any time via contacting KineTech customer portal.

Right to Erasure ("Surgical Extraction"): Request the permanent deletion of the medical dossier.

Right to Withdraw Consent: Deactivate the band and withdraw consent for data storage at any time.

Right of Appeal: Lodge a formal complaint or appeal with the Data Protection Authority of Sri Lanka if you believe your rights have been violated.

To execute any of these rights, contact our DPO at kinetech.mobility@gmail.com.