Your GDPR Rights

Introduction

Under the EU General Data Protection Regulation (GDPR), you have specific rights regarding your personal data. Tech4Pioneers, as the data controller for Pain2Care, is committed to upholding these rights. To exercise any of the rights below, contact us at privacy@pain2care.com. We will respond within 30 days and will never charge a fee for handling your request.

1. Right of Access (Art. 15 GDPR)

You have the right to request a copy of the personal data we hold about you, including information on how it is processed, where it is stored, and with whom it is shared. We will provide this information in a clear and readable format free of charge.

2. Right to Rectification (Art. 16 GDPR)

If any of your personal data held by us is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay. Most profile data can also be updated directly within the Pain2Care app.

3. Right to Erasure — "Right to be Forgotten" (Art. 17 GDPR)

You may request that we delete your personal data where:

• The data is no longer necessary for the purpose it was collected
• You withdraw your consent and no other legal basis applies
• You object to the processing and we have no overriding legitimate grounds
• The data has been unlawfully processed

We will fulfil verified deletion requests within 30 days.

4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances — for example, while we verify the accuracy of data you have contested, or while a complaint is being assessed.

5. Right to Data Portability (Art. 20 GDPR)

Where we process your data by automated means on the basis of your consent or a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g. JSON or CSV) and to transmit that data to another controller. Contact us at privacy@pain2care.com to request a data export.

6. Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims. We do not use your data for direct marketing.

7. Right to Withdraw Consent (Art. 7 GDPR)

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw consent by deleting your account within the app or by contacting us directly.

8. Rights Related to Automated Decision-Making (Art. 22 GDPR)

Pain2Care does not make automated decisions that produce significant legal or similarly significant effects on you. Any AI-generated content within the app (such as wellbeing insights) is informational only and does not constitute a decision about you.

9. Right to Lodge a Complaint (Art. 77 GDPR)

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu):

• Website: tietosuoja.fi
• Email: tietosuoja@om.fi
• Phone: +358 29 566 6700

10. How to Exercise Your Rights

Send your request to privacy@pain2care.com with the subject line "GDPR Request". Please include your registered email address so we can verify your identity. We will respond within 30 days and will never charge a fee for exercising your rights under GDPR.

Last updated: 27 March 2026

11. Contact

Tech4Pioneers · Oulu, Finland
Email: privacy@pain2care.com
Website: www.pain2care.com