Skip to main content

Data protection Policy

Data protection Policy

Bioptics Technology, LLC

Last Updated: October 14, 2025

  1. Definitions
  • Organization: Bioptics Technology, LLC, a Limited Liability Company registered in Kentucky.
  • Responsible Person: Cindy Sun, CEO/Founder
  • Personal Data: Any information that identifies or can be used to identify an individual, including but not limited to names, addresses, email addresses, biometric data, geolocation, and online identifiers.
  • Register of Systems: A register of all systems or contexts in which personal data is processed by the Organization.
  1. Scope & Applicability

This policy applies to all personal data processed by Bioptics Technology, LLC, regardless of format or location, and covers employees, contractors, customers, and third-party service providers.

  1. Legal Framework

Bioptics Technology, LLC complies with:

  • All applicable federal laws (e.g., FTC Act, HIPAA, GLBA, COPPA, CAN-SPAM).
  • Kentucky state privacy law (effective July 1, 2025).
  • Other relevant state laws where business is conducted (e.g., California CCPA/CPRA, Colorado, Virginia, etc.).
  • FTC guidance and enforcement actions, including requirements for meaningful consent, protection of sensitive data, and breach notification.
  1. Data Protection Principles

Personal data shall be:

  • Processed lawfully, fairly, and transparently.
  • Collected for specified, explicit, and legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Retained only as long as necessary for the stated purpose.
  • Protected by appropriate technical and organizational security measures.
  • Subject to individual rights, including access, correction, deletion, and opt-out.
  1. Lawful Bases for Processing

All data processing must be based on one of the following:

  • Consent (with clear opt-in and opt-out mechanisms).
  • Contractual necessity.
  • Legal obligation.
  • Vital interests.
  • Public task.
  • Legitimate interests (with documented balancing tests).
  1. Individual Rights

Individuals have the right to:

  • Access their personal data.
  • Correct inaccurate data.
  • Delete their data (“right to be forgotten”).
  • Opt out of data sales, targeted advertising, and profiling (where applicable).
  • Receive notice of data collection, use, and sharing practices.
  • Be notified in the event of a data breach affecting their information.
  1. Data Minimization & Purpose Limitation
  • Only collect and retain data necessary for business operations or legal compliance.
  • Prohibit use of personal data for marketing, targeting, or third-party purposes without explicit consent.
  1. Accuracy & Data Quality
  • Implement processes to keep personal data accurate and up to date.
  • Promptly delete or correct obsolete or inaccurate data.
  1. Data Retention & Archiving
  • Maintain a documented data retention schedule for each category of personal data.
  • Review retention schedules annually.
  • Securely delete or anonymize data when no longer needed.
  1. Security Measures
  • Use modern, up-to-date software and hardware security controls.
  • Limit access to personal data to personnel with a legitimate need (“least privilege” principle).
  • Encrypt sensitive data at rest and in transit.
  • Conduct regular security assessments and risk analyses, including for AI/ML systems impacting privacy.
  • Maintain robust backup and disaster recovery solutions.
  1. Third-Party Processors
  • Conduct due diligence and require contracts with third-party processors to ensure compliance with applicable laws.
  • Require third parties to implement equivalent security and privacy controls.
  1. Children’s Data
  • Comply with COPPA and state laws regarding children’s privacy.
  • Do not knowingly collect personal data from children under 13 without parental consent.
  1. Data Breach Response
  • Promptly assess and respond to any data breach.
  • Notify affected individuals and regulators as required by law (e.g., FTC, state AGs).
  • Follow FTC’s Data Breach Response Guide: FTC Data Breach Response Guide.
  1. AI & Automated Decision-Making
  • Conduct privacy impact assessments for AI/ML systems.
  • Implement safeguards to mitigate risks of bias, discrimination, and privacy harms.
  1. Policy Review & Updates
  • Review this policy at least annually or whenever there are significant legal or business changes.
  • Document all updates and communicate changes to relevant stakeholders.
  1. Dispute Resolution

Any dispute related to this policy or data processing activities shall be arbitrated by state and/or federal court in Kentucky. By using this site or services, you consent to exclusive jurisdiction and venue of such courts.

END OF POLICY

Privacy Policy Terms & Conditions  |  Accessibility Policy  |  Cookie Policy  |  Copyright Policy  |  Data Protection Policy  |  Website Disclaimer  |  FCOI Policy

© Bioptics Technology, LLC – 2022