Privacy Policy

Effective Date: 8.19.2022

This Privacy Policy for the HeartScan mobile application (“HeartScan,” “we,” “us,” or “our”), describes our privacy practices as well as how and why we might collect, store, use, and/or share (“process”) your information when you use our mobile application HeartScan (the “App”).

This Policy applies only to information we collect in the App, email, text, and other e-communications sent by you through or in connection with the App.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register with, or use this App. By downloading, registering with, or using the App, you agree to this privacy policy.

Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our App. If you still have any questions or concerns, please contact us at support@heartscan.app.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Policy, but you can find out more details about any of these topics in the relevant section below.

What Personal Data do we process? When you visit and use our App, we may process Personal Data depending on how you interact with the App, the choices you make, and the products and features you use.

Do we process any sensitive Personal Data? We process sensitive Personal Data related to health with full compliance with the law.

Do we receive any information from third parties? We do not receive any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our App, conduct medical research, communicate with you, for security issues, and to comply with the applicable law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which parties do we share Personal Data? We may share information in specific situations and with specific third parties.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your Personal Data. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, and or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your Personal Data.

How do I exercise my rights? The easiest way to exercise your rights is by filling out our data subject request form available here, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

1. WHAT INFORMATION DO WE COLLECT?

We collect information from and about users of the App:

• directly from you when you provide it to us;
• automatically when you use the App;
• from third parties, for example, our scientific and research partners such as medical universities and institutions, and other third parties that help us provide our products and services to you.

The Personal Data You Provide to Us

In Short: We collect Personal Data that you provide to us.

We collect Personal Data that you voluntarily provide to us when you register on the App, express an interest in obtaining information about us or our apps, when you participate in activities on the App, or otherwise when you contact us.

Contact Information. The Personal Data that we collect depends on the context of your interactions with us and the App, the choices you make, and the products and features you use. The Personal Data we collect may include the following:

• user name
• email address

Sensitive Information Related to Health. We process sensitive information in strict compliance with data protection laws. This information is processed by our service to produce results and recommendations. Without the processing of this information, our in-app services will not be available. This information includes heart activity measurements on your device. This data is stored locally and can only be transmitted for further processing with your consent.

Automatic Information Collection and Tracking

When you download, access, and use the App, it may use technology to automatically collect:

Usage Details. When you access and use the App, we may automatically collect certain details of your access to and use of the App, including traffic data, logs, and other communication data, date/time stamps associated with your usage, device event information (such as system activity, error reports, hardware settings), and features that you access and use on or through the App.

Device Information. We may collect information about your mobile device and internet connection, including the device’s unique identifier, IP address, operating system, and network information.

Location Information. This App does not collect real-time information about the location of your device. You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. This information is processed for the purpose of determining service availability in your location and applicable laws.

Aggregated and De-identified Data

Subject to applicable law, including but not limited to our obligations under the GDPR, we may license, sell, or otherwise share aggregated, de-identified versions of your data and other data (“De-identified Information”) with our subsidiaries, affiliates, partners, customers, investors, providers, and contractors for any purpose. You agree and acknowledge that HeartScan is the sole and exclusive owner of any De-identified Information created by HeartScan and that you have no ownership or other intellectual property rights in or to such De-identified Information. This De-identified Information can also be included in the machine learning model on the basis of which our service operates.

Third-Party Information Collection

When you use the App or its content, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:

• analytics companies;
• your mobile device manufacturer;
• your mobile service provider.

These third parties may use tracking technologies to collect information about you when you use this App. The information they collect may be associated with your personal data or they may collect information, including sensitive data, about your online activities over time and across different websites, apps, and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties tracking technologies or how they may be used and we do not monitor your interactions with third parties. Any interactions you have with third parties are solely your responsibility. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers.

Third-party Applications/Websites

We do not control the privacy practices of websites or applications that we do not own. Users are encouraged to read the privacy policy of those properties to make an informed decision regarding their use of them.

2. HOW DO WE PROCESS YOUR INFORMATION?

We process your Personal Data for a variety of reasons, depending on how you interact with our App, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To conduct scientific research. We may process or share with medical institutions your depersonalized (fully anonymized) information for conducting scientific research, building data sets, and machine learning models.
• To deliver and facilitate the delivery of services to the user. We may process your information to provide you with the requested service.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To request feedback. We may process your information when necessary to request feedback and contact you about your use of our App.
• To protect our App. We may process your information as part of our efforts to keep our App safe and secure, including fraud monitoring and prevention.
• To evaluate and improve our App, products, services, and your experience. We may process your information when we believe it is necessary to identify usage trends and evaluate and improve our App, products, services, and your experience.
• To identify usage trends. We may process information about how you use our App to better understand how they are being used so we can improve them.
• Notify you when App updates are available, and of changes to any products or services we offer or provide through it.
• To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

While using the App, we do not make any automated decisions about you. The App and our services can analyze your data received from device sensors and build on it the definitions of the data that you manage on your own. This data is not transferred to third parties; you can do so by voluntarily sharing your data with such a third party.

Our legal basis for processing

Our legal basis for processing your Personal Data will typically be one of the following:

Consent. You have actively consented for us to process data, including sensitive personal data, by completing a form on the App, or have indicated your consent with another affirmative act.

Legitimate interests. We have a Legitimate Interest in processing your personal data, and our reasons for it do not override your data protection rights. Our Legitimate Interests in processing your Personal Data are:

• to ensure our services meet the high standard of usability and security you would expect;
• to help us identify areas for improvement;
• to enable us to communicate effectively regarding our services; and
• to enable us to process queries or complaints.

Legal obligation. It is necessary for us to process your Personal Data for us to comply with our legal or regulatory obligations.

Contractual obligation. It is necessary for us to process your Personal Data to perform the tasks associated with a contract to which you are a party, or to take steps at your request prior to you entering into a contract.

Machine Learning

Our service may use machine learning to process De-identified Information such as records with results of measurements, RAW sensor data, errors, crashes, reports, and other data to provide and improve the App and available service, including improving forecasting and optimization models and models recommendations accuracy provided by the App.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may share your information with selected third parties including but not limited to:

• Business partners, suppliers, service providers, and sub-contractors for the performance of any contract we enter into with you.
• Local councils and clinics with which we collaborate to advise and support them in the delivery of their public health function, but only in an anonymized manner with your consent. This transfer of your data is subject to an obligation of secrecy under applicable law or rules established by national competent bodies.
• Analytics and research medical institutions that assist us in the improvement and optimization of our App and that conduct medical research.

We may disclose your Personal Data to third parties:

• If HeartScan or substantially all of its assets are transferred to a third-party organization, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of HeartScan, our customers, or others.

If we use or share your data differently than we have listed above, we will ask your permission when we collect the Personal Data.

HeartScan are for users located within the European Economic Area (EEA). If you choose to use the App from outside the EEA, you may also be transferring your Personal Data outside the EEA. This means that the laws around data collection may be different from EEA laws. We may also transfer your Personal Data from the EEA to other countries or regions. By giving any information on our App, including your Personal Data, you consent to these actions.

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. This section describes our use of these technologies and how you can manage your preferences.

The technologies we use for automatic information collection may include:

• Cookies (or mobile cookies). A cookie is a small file placed on your smartphone. It may be possible to refuse to accept mobile cookies by activating the appropriate setting on your smartphone. However, if you select this setting you may be unable to access certain parts of our App.
• Web Beacons. Pages of the App and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Mindset, for example, to count users who have visited those pages or opened an email and for other related app statistics (for example, recording the popularity of certain app content and verifying system and server integrity).

Categories of cookies used on our services

1. Store and/or access information on a device. Cookies, device identifiers, or other information can be stored or accessed on your device for the purposes presented to you.
2. Create a personalized content profile. A profile can be built about you and your interests to show you personalized content that is relevant to you.
3. Select personalized content. Personalized content can be shown to you based on your profile about you.
4. Measure content performance. The performance and effectiveness of content that you see or interact with can be measured. be measured.
5. Apply market research to generate audience insights. Market research can be used to learn more about the audiences who visit sites/apps and view ads.
6. Develop and improve products. Your data can be used to improve existing systems and software, and to develop new products.
7. Ensure security, prevent fraud, and debug. Your data can be used to monitor for and prevent fraudulent activity, and ensure systems and processes work properly and securely.
8. Technically deliver ads or content. Your device can receive and send information that allows you to see and interact with ads and content.
9. Match and combine offline data sources. Data from offline data sources can be combined with your online activity in support of one or more purposes.
10. Link different devices. Different devices can be determined as belonging to you or your household in support of one or more purposes.
11. Receive and use automatically-sent device characteristics for identification. Your device might be distinguished from other devices based on the information it automatically sends, such as IP address or browser type.

However, if you prefer, you can change your cookie settings. Some browsers and devices have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. You may elect to reject cookies by adjusting your settings, but doing so will limit the range of features available to you on our services and other major websites that use cookies. Blocking cookies may prevent our services from operating as expected and may also prevent your consent choices from being stored. That may mean that if you opt-out, then block cookies, we may not know about, or be able to honor your opt-out. You should also be aware that blocking cookies on your computer will not affect your consent choices on a different device, such as a mobile device.

5. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

We will only keep your Personal Data for as long as it is necessary for the purposes set out in this Privacy Policy unless a longer retention period is required or permitted by law. No purpose in this Privacy Policy will require us to keep your Personal Data for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize such information or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

6. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your Personal Data through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any Personal Data we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your Personal Data, the transmission of Personal Data to and from our App is at your own risk. You should only access the App within a secure environment (mobile device).

Where we store your personal data

All information you provide to us is stored on secure servers held in both the European Economic Area (EEA) and GDPR-compliant international data processors only. Where international data processors are used, all appropriate technical and legal safeguards will be put in place to ensure that you are afforded the same level of protection as within the EEA.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of the App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

7. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your Personal Data at any time.

If you are located in the EEA or UK and you believe we are unlawfully processing your Personal Data, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Applicable data protection laws may provide you with certain rights with regard to our processing of your Personal Data.

Access and Update. You can review and change your Personal Data by logging into the App and visiting the edit profile page (if applicable). You may also request access and notify us through the contact information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. Please note that we may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing, but we have retained it as permitted by law.

Portability. To the extent the Personal Data you provide HeartScan is processed based on your consent, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used, and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible.

Withdrawal of Consent. To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time by closing your account and deleting the App. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data. Please note, that the De-identified Information used to train and build the machine learning model will indirectly use the De-identified Information you gave us. We can exclude them only to the extent technically possible.

Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when we no longer have a lawful basis for processing your Personal Data or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups and machine learning models.

Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods below and through the live chat feature of our Websites. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements.

However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor when applicable law allows, will it affect the processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS PRIVACY POLICY?” below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can delete your account via the App or contact us using the contact information provided.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at support@heartscan.app.

Access to information

The data protection legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the applicable laws.

8. MINORS

In Short: We do not knowingly use children’s Personal Data in any manner.

The App is not intended for persons under 18 years of age, and we do not knowingly collect information from persons under 18 without verification of parental consent. If we learn we have collected or received information from a person under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a person under 18, please contact us at support@heartscan.app.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

In Short: We currently do not honor do-not-track signals sent by some browsers.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

10. DO WE MAKE UPDATES TO THIS PRIVACY POLICY?

In Short: Yes, we will update this Privacy Policy as necessary to stay compliant with relevant laws.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

11. HOW CAN YOU CONTACT US ABOUT THIS PRIVACY POLICY?

If you have questions or comments about this Privacy Policy, you may email us at support@heartscan.app

12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the Personal Data we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your Personal Data, please email us at support@heartscan.app or use app features (if available).