Legal Governance Documents

GDPR Art.35 DPIA · Informed Consent Form (ICF) · Data Processing Agreement (DPA) · DPO Appointment — VS-4

📅 Version 1.0 · 2024-Q1 ⚖️ GDPR Art.35, 28, 37 🏛️ Austrian DSG § 2d 🇺🇸 HIPAA Safeguards Included

🔍 1. Processing Activity Description

Name of processing activity: Holistic Clinical Science Trail — Multi-Modal Biometric Biomarker Capture

Controller: Dr. Johannes K. (Independent Integrative Medicine Practice, USA)

Processor: Lebensfluss e.V. / OHM Institute (Austria) — GDPR Art. 28 DPA in effect

Data types processed (all Art.9 special categories):

Tongue photographs → health data (physiological analysis)
Iris iridology images → biometric data + health data
Voice recordings (FFT analysis) → health data when processed for physiological state
Photoplethysmography / HRV waveforms → health data
Laboratory values (eGFR, Creatinine) → health data

Legal basis: GDPR Art. 9(2)(a) — Explicit consent; GDPR Art. 9(2)(j) — Scientific research with Art. 89 safeguards; Austrian DSG § 2d.

⚠️ 2. Necessity & Proportionality Assessment

The processing is necessary for the stated scientific research purpose (longitudinal holistic biomarker correlation study). Data minimisation is applied as follows:

Raw biometric files (images, audio) are processed locally on the practitioner device and never transmitted to remote servers
Only derived scalar parameters (scores, ratios, Hz values) are committed to the ZKP Merkle Tree
Patient identity is replaced by a pseudonymous token (PAT-XXXX) at the point of commitment
No data is retained beyond the study period without renewed explicit consent

🔴 3. Risk Assessment Matrix

Risk	Likelihood	Severity	Residual Risk	Mitigation
Re-identification from ZKP Merkle data	LOW	HIGH	MEDIUM	ZKP hashes are one-way; no biometric raw data stored remotely
Unauthorised access to local biometric files	MEDIUM	HIGH	MEDIUM	Full-disk encryption on practitioner device; HIPAA physical safeguards
Cross-border transfer US→EU without adequacy	LOW	HIGH	LOW	DPA with SCC (Standard Contractual Clauses) between controller (US) and processor (EU)
Consent withdrawal — data not deleted	LOW	MEDIUM	LOW	ZKP commitment deletion protocol: practitioner deletes Merkle leaf; token orphaned
Scope creep — wellness tool used diagnostically	MEDIUM	HIGH	LOW	MDR Scope Firewall in all UIs; XAI disclaimer mandatory; practitioner training
Data breach — ZKP Merkle Tree server	LOW	MEDIUM	LOW	ZKP hashes alone are not personal data; no raw biometrics server-side

✅ 4. Measures & Safeguards (GDPR Art. 89)

Pseudonymisation: SHA-256 ZKP commitment replaces all identifiers at commit time
Data minimisation: Raw biometric files never leave the practitioner device
Purpose limitation: Data used exclusively for the registered study; secondary use requires renewed consent
Storage limitation: Raw files deleted from practitioner device 6 months post-study; ZKP hashes retained for audit integrity
Integrity & confidentiality: Full-disk encryption (AES-256), MFA on portal access, HTTPS/TLS 1.3 for all API calls
HIPAA Technical Safeguards: Audit logs for all data access; automatic timeout after 15 min inactivity; access control via practitioner credentials

📝 5. DPIA Conclusion

After applying all technical and organisational safeguards described above, the residual risks associated with this processing activity are assessed as ACCEPTABLE. The processing is necessary, proportionate, and consistent with the rights and freedoms of data subjects. DPA consultation with the supervisory authority (Österreichische Datenschutzbehörde) is not required as residual risk is low after mitigation measures.

Controller SignatureDr. Johannes K. · Date: ________
US Integrative Medicine Practice

DPO ReviewData Protection Officer
Lebensfluss e.V. · Date: ________

📝 Informed Consent Form (ICF) — Template

This ICF template complies with Declaration of Helsinki (WMA 2013), GDPR Art. 9(2)(a), Austrian DSG § 2d, and Good Clinical Practice (ICH E6 R2).

Study Title

Holistic Biomarker Convergence in Chronic Kidney Disease Recovery: A Multi-Modal Observational Study

Principal Investigator

Dr. Johannes K., M.D. — Independent Integrative Medicine Practice
Technology Provider: Lebensfluss e.V. / OHM Institute, Austria

Purpose of the Study

This observational study records wellness measurement parameters (tongue appearance, iris patterns, voice characteristics, and heart rhythm) alongside standard kidney function blood tests to explore whether these parameters change together over time. No experimental treatment or intervention is provided as part of this study.

What You Will Be Asked to Do

At each session (up to 3 over 7 months), your practitioner will: take a photograph of your tongue, photograph your iris, record a 30-second voice sample, and measure your heart rhythm via a fingertip sensor for 5 minutes. Standard blood work (eGFR, creatinine) will be reviewed from your regular labs.

Important: These Are NOT Diagnostic Assessments

The tongue, iris, voice, and heart measurements are wellness measurement tools, not medical diagnostic tests. None of these measurements constitute a medical diagnosis. All clinical assessment is exclusively provided by your licensed practitioner based on established medical criteria.

Data Protection (GDPR)

Your photographs and voice recordings are processed only on your practitioner's secure device and are never transmitted online. Only anonymised numerical parameters are stored in an encrypted, cryptographically secured database in the EU. You may request access to, correction, or deletion of your data at any time by contacting: dpo@lebensfluss.at

Voluntary Participation & Withdrawal

Your participation is entirely voluntary. You may withdraw at any time without giving a reason and without any impact on your medical care. Withdrawal will not affect your relationship with your practitioner.

Patient Declaration

I have read and understood this information. I have had the opportunity to ask questions. I freely consent to participate.

Patient name: ______________________________ Date: ____________
Patient signature: ____________________________

Practitioner name: ______________________________ Date: ____________
Practitioner signature: ____________________________

🤝 Data Processing Agreement (DPA) — Art.28 GDPR + Standard Contractual Clauses

This DPA governs the relationship between the US Controller and EU Processor, including SCC for cross-border transfers (EU Commission Decision 2021/914/EU — Module 1: Controller-to-Processor).

PARTIES

Controller (Data Exporter): Dr. Johannes K., M.D. — Independent Integrative Medicine Practice, [Address, USA]
Processor (Data Importer): Lebensfluss e.V. — ZVR-Zahl: [XXX], [Address, Austria]

SUBJECT MATTER & PURPOSE

The Processor provides the Vera Clinical digital measurement platform and ZKP data infrastructure for the Controller's holistic biomarker research project. Processing is limited exclusively to the purpose stated in the DPIA (Art.35 document).

NATURE OF PROCESSING (Art.28(3))

Committed SHA-256 Merkle hashes of pseudonymised wellness measurement parameter vectors. Duration: study period + 5 years for audit compliance. No special category raw data (images, audio) stored by Processor.

PROCESSOR OBLIGATIONS (Art.28(3)(a-h))

The Processor shall: (a) process only on documented instructions; (b) ensure confidentiality obligations on authorised persons; (c) implement Art.32 technical/organisational measures (TLS 1.3, AES-256, MFA, ZKP pseudonymisation); (d) respect conditions for sub-processing; (e) assist Controller with data subject rights requests within 72 hours; (f) delete or return all data on termination; (g) provide all information necessary for compliance demonstration; (h) allow audits.

HIPAA BUSINESS ASSOCIATE ADDENDUM (US Compliance)

As the Controller is a US-based covered entity under HIPAA, the Processor agrees to serve as a Business Associate and implement: Technical Safeguards (access control, audit controls, automatic logoff, transmission security); Physical Safeguards (workstation controls, device controls); Administrative Safeguards (training, contingency plan, incident response procedures per 45 CFR § 164.308-164.318).

STANDARD CONTRACTUAL CLAUSES (SCC)

This Agreement incorporates by reference the Standard Contractual Clauses adopted by EU Commission Decision 2021/914/EU (Module 1: Controller to Processor, for transfers from a non-EEA Controller to an EEA Processor). The Appendices are populated as described herein.

Controller (Data Exporter)Dr. Johannes K. · ____________ · ________

Processor (Data Importer)Lebensfluss e.V., DPO · ____________ · ________

👤 Data Protection Officer (DPO) Appointment — GDPR Art.37

GDPR Art.37(1)(c) requires DPO appointment when processing special-category data (Art.9) on a large scale. As the Vera Clinical platform processes biometric and health data, a DPO must be appointed and registered with the Austrian Datenschutzbehörde (DSB).

DPO APPOINTMENT NOTICE

Organisation: Lebensfluss e.V.
DPO Name: [Name of appointed DPO]
Contact: dpo@lebensfluss.at
Appointment Date: [Date]
Qualifications: [CIPP/E or equivalent certification]

DPO DUTIES (Art.39)

1. Inform and advise the organisation on GDPR obligations
2. Monitor compliance, including training and awareness
3. Advise on DPIAs (Art.35) and monitor their performance
4. Cooperate with and act as contact point for the supervisory authority (DSB)
5. Maintain Records of Processing Activities (RoPA, Art.30)
6. Handle data subject requests (access, erasure, portability) within GDPR timelines

DSB REGISTRATION

The DPO must be notified to the Austrian Datenschutzbehörde via the official DSB portal (dsb.gv.at). Contact information must be published on the organisation's website and in all privacy notices presented to data subjects.

RECORDS OF PROCESSING ACTIVITIES (Art.30) — Summary

Processing Activity	Category	Legal Basis	Retention	Recipients
Holistic biomarker research	Health + Biometric (Art.9)	Art.9(2)(a)+(j)	Study + 5yr	PI, Ethics Committee
ZKP Merkle commitments	Pseudonymised hashes	Art.89 research	Indefinite (audit)	Research platform only
EUDI consent signatures	Digital identity assertion	Art.9(2)(a)	Study lifetime	PI, DPO