Nedis SmartLife App Privacy Notice

This Privacy Notice for the Nedis SmartLife App (the “App”) explains how Nedis B.V. processes the personal data (“Data”) of the users of the App (the “Users”).

WHAT TYPES OF PERSONAL DATA DOES NEDIS PROCESS?

Data you submit when creating an Account

Nedis will process the following Data you submit to us when you create an account (“Account”) in the App:

- Your user name (i.e., family name/surname(s));

- Your password;

- Your email address;

- Your mobile phone number (optional);

- Your country of residence.

The provision of the above Data is necessary to setup and start using the App.

Data you submit when customizing your Account

Furthermore, when you decide to customize your Account, you can provide us with further Data about you, such as:

- Your profile picture;

- Your nickname;

- Preferences as to languages, units of measurement, additional services chosen on the App, etc;

- Country code and time zone information;

- Information as to persons living with you or your family members (i.e. to create a household and manage / use the products that are connected to that household);

- Telephone number;

- Location.

You do not have to submit the Data listed above, but it does help you to customize the App to better serve your needs or your preferences.

If you authorize login to the App using a third party (social media) account, if this is offered in the App, we will obtain from such third party your account information (such as portrait, nickname, region, gender, etc.) which may be connected with your Account for quick login.

Feedback

On top of this, when you either send us a feedback as to the App, its functionalities, the device(s) on which the App has been downloaded (the “Device(s)”) or as to those you have connected to it (the “Smart Device(s)”), or ask us for support, we will also process Data you voluntarily insert in the communications you send us through the App, including further email addresses, phone numbers, pictures, etc.

Your location

Provided that your prior specific consent is given (e.g. by enabling location based functions through the permission setting on your Device), we also collect information about your geographical position when the App is active. You can revoke your consent at any time by changing the permissions on your Device.

Based on your consent, when you enable the geo-fence feature on the Smart Devices, your location information will be generated and shared with Google Map services. Please note that Google has corresponding data protection measures, which you may refer to Google Data Protection Terms for more details: https://privacy.google.com/businesses/gdprservices/. You may reject such use of your location information by managing the permission settings in the Smart Device, upon which we will cease to collect and use your location information.

Data we automatically collect

Please also be informed that, either when you download the App or while you use it, some of the following information about you is collected automatically:

- Device information: information with regard to the Device(s), such as MAC address, mobile device ID, IP address, wireless connection information, mobile network information, push notification identifiers, application version number, log files;

- Usage Data: information relating to visits, clicks, downloads, messages sent/received, other usage of our sites and services etc.;

- Log information: the system and exception log may be uploaded.

- Smart Device(s) related information:

o When you connect your Smart Device to our products, basic information about your Smart Device is collected such as device name, device ID, online status, activation time, firmware version, and upgrade information;

o Information reported by Smart Device(s), depending on the Smart Device at issue.

 For example, smart cameras that report images or videos they captured. (Such Data falls under this Privacy Notice where Nedis is the controller of such Data, the User may also be controller of such Data in which case Nedis is the processor.) Video images will only be stored in the cloud if you have a cloud storage subscription, otherwise it will be stored on the Smart Device at issue.

 Data reported by Smart Devices may also include health Data from Smart Devices that register such Data, e.g. if it is a smart scale or smart watch that tracks your activity (see below ‘Smart Devices Related Personal Data’).

Smart Devices Related Personal Data:

Please be informed that if you connect Smart Devices to our App the following applies:

- Basic Information of Smart Devices: When you connect your Smart Devices with the App, we may collect basic information about your Smart Devices such as device name, device ID, online status, activation time, firmware version, and upgrade information.

- Information Reported by Smart Devices: Depending on the different Smart Devices you elect to connect with the App, we may collect different information reported by your Smart Devices.

Examples will be given for different types of health-related Smart Devices:

o Body Fat Scale and other measuring devices: height, weight, body fat mass (BFM), BMI and skeletal muscle mass (SMM), body fat rate, muscle mass, muscle rate, body fat index, obesity level, ideal weight, weight control, visceral fat index, lean body mass, body water, bone mass, protein rate, BMR, metabolic age, body score, body type, subcutaneous fat rate, subcutaneous fat mass, heart rate, body temperature, blood oxygen, systolic blood pressure, diastolic blood pressure, stress.

o Wrist Band and other devices that measure your activity: heart rate, steps, calories, mileages, workout duration, sleeping records, training records, stress.

o Food consumption: nutritional value (for example calories, fat, cholesterol, protein and vitamins).

Particularly, when you proactively consent to the App connecting with third party Health platform to enable the fundamental feature for you, such as Apple Health, Google Fit, Fitbit, we will share your health data with them for the sole purpose of measuring and analyzing heath related indicators about you.

If you select GoogleFit, please go to the Google Term of Use and Privacy Policy for further reference: http://www.google.com/policies/privacy

If you select Apple Health, please go to the Apple Term of Use and Privacy Policy for further reference: https://www.apple.com/legal/privacy/en-ww/

If you select Fitbit, please go to the Fitbit Term of Use and Policy Privacy for further reference: https://www.fitbit.com/global/us/legal/privacy-policy

We will not disclose such health data to any other third party or use health related data for other purposes that not defined in the Policy. You may disconnect the App with third party Health platform at any time by managing your health settings on your mobile device.

PURPOSES FOR THE PROCESSING AND RELEVANT LEGAL BASIS

To provide you with the services

Nedis will process your Data to permit you to download and setup the App and to enable you to use the App and connect it to your Devices and Smart Devices, as well as to provide you with other service(s) you may request and to follow up the requests you might have made while you are using the App.

In particular, some information might be processed in order to allow you to personalize the App as it better serves your needs, benefit from some of its features (e.g., weather, etc.), couple your Smart Device(s) with the App, and manage them through it.

The legal basis of the processing of said Data is therefore the satisfaction of your request(s)/the performance of the contractual relationship with you.

However, please note that where we process sensitive Data, such as health Data that is created when your use a Smart Device that registers such Data, such Data will be processed with your consent.

Communication with you

Nedis will process some of the Data, such as your name, email address and telephone number should you ask us for assistance you might need during the download, setting up, or use of the App or in case you communicate with us in a different matter.

The legal basis of the processing of said Data is the satisfaction of your request(s)/the performance of the contractual relationship with you and our, and your legitimate interest to be able to communicate with you.

Management, security and improvement of the App and the services we provide

We process Data that relates to your Device(s), the use of the App and your Smart Device(s) to manage, administer and optimize the App, to ensure its functionalities and security, as well as to develop and improve the App, its performances and the services we provide.

To that end, in particular, we may carry out statistical analyses aiming at assessing the performance of the App, its features and services, developing and improving the functionalities available on it, preventing fraud, and tracing fraudulent or inappropriate usage.

Your Data will therefore be processed on the basis of our legitimate interest to manage, secure and improve the App and our services.

Sending of service communications

We use your Data (contact details) to send you - by email - important information as to the service(s) provided, changes of terms, conditions and policies relevant to the usage of the App, and other administrative information.

The legal basis of the processing of said Data is our, and your legitimate interest to keep you informed about important information relating to our services.

Marketing

With your consent we may process your Data to: (i) send you marketing and/or promotional communications, relating to products and/or services; (ii) invite you to take part in promotional campaigns, and/or to events/initiatives we organize; (iii) invite you to try new features and/or new tools available on the App; (iv) ask you for feedbacks and invite you to take part to surveys (even though they are not strictly related to the use you made of the App).

This (i.e., sending of marketing communications listed under this paragraph) will be done with your prior consent (e.g. by activating the relevant functionality in de App), which is the legal basis for this processing.

You may revoke your consent at any time by contact us using the contact details indicated at the bottom of this document.

Monitoring and enforcing terms of the agreement with you

We process information as to logs and some other information relevant to your use of the App in order to prevent, monitor, remedy to fraudulent or unlawful activities carried out through the App (e.g., hacking, etc.). We may also process your personal data to enforce the terms of the agreement we have without you, e.g. to block your Account or to protect other users.

This processing is based on our legitimate interest and, as the case may be, that of third parties such as other App users, to prevent fraudulent or unlawful activities and to be able to enforce the terms of the agreement.

Compliance with a legal obligation

We may have to process your Data where it be necessary or appropriate to fulfill legal obligations and/or to respond to requests from public and government authorities. Where payments are made in relation to the App, this includes keeping a financial administration.

The provision and further processing of your Data for said purposes is based on a legal obligation.

DISCLOSURE OF YOUR DATA TO THIRD PARTIES

We may disclose your Data to our third party service providers who provide us with services necessary and/or functional to satisfy your request(s), and/or related to the management of the App and/or of the activities relevant to the purposes set forth above. This includes providers of IT and communication services.

Said third parties shall process your Data as data processors.

We may also disclose your Data to third parties if this is required to fulfil a legal obligation, to public authorities, and, as the case be may, in case of support questions with regard to a Smart Device, to the providers or manufacturers of your Smart Device(s) in which case we will only share limited data to handle the support request, such as a Device ID.

Nedis does not make your Data available to the public.

We may share anonymized and aggregated data with third parties.

TRANSFER OF DATA TO THIRD COUNTRIES

Your Data are stored on servers in the European Economic Area (‘EEA’). The IT-company that manages and supports the App is located in the EEA but staff of its group companies can occasionally get access to the Data from outside the EEA for the purpose of answering support questions, including responding to your requests with regard to your Data.

We conclude Standard Contractual Clauses that are approved by the European Commission with non-EEA companies that process your Data. You may request a copy of these Clauses by using the contact details at the bottom of this document.

RETENTION PERIODS

For the retention of your Data we use the following retention terms:

- To provide you with the services: for the purpose of offering you the services, your Data will be processed as long as you use the App, that being said until you decide to unsubscribe by deleting the Account or to remove the App from your Device(s). Should more than 12 months have passed since the date of last use/access of the App, the Account will be considered as inactive. Similarly, should a Smart Device not be used for more than 12 months, it will be considered as inactive. Thereafter (i.e., once the Account is deleted, the App un-installed or not used for 12 months, or, as to Data relevant to a Smart Device, once 12 months have passed from the last use of that Device), your Data will be stored for a period of further 24 months, either for the purpose of being compliant with legal obligations, or for the defense of the Data Controller’s rights only;

- Information reported by Smart Device(s): information reported by Smart Device(s), such as images and videos sent from smart cameras are stored during the period indicated by you. You can choose subscriptions that allow these Data to be stored for a longer period. After the relevant storage period ends, these Data will be deleted;

- Communication: the Data we process in the context of your communication with us are stored for a period of two years. If the communication is relevant in relation to a complaint or dispute, we will retain the relevant Data for as long as is necessary to handle the complaint or dispute and a period of five years after it has been closed;

- Management, security and improvement of the App and the services we provide: the Data we process for these purposes are stored for a period of two years;

- Sending of service communications: the Data we use to send you service communications is processed as long as you use the App (that being said until you decide to unsubscribe by deleting the account you had created or to remove the App from your Device(s));

- Marketing purposes: your Data will be processed as long as you use the App (that being said until you decide to unsubscribe by deleting the account you had created or to remove the App from your Device(s)) or until you have revoked your consent;

- Monitor and enforce terms of the agreement with you: we retain monitoring Data logs and information relevant to your use of the App in order to prevent, monitor, remedy to fraudulent or unlawful activities carried out through the App (e.g., hacking, etc.) for a period of six months. The Data we process to enforce the terms of the agreement with you are stored during the period that is required to enforce the terms and a period of two years thereafter.

- Compliance with a legal obligations, etc: your Data are stored during the period that is required to comply with the legal obligation;

YOUR RIGHTS AS DATA SUBJECTS

At any time, while we are in possession of or processing your Data, you, the data subject, have the following rights:

- Right of access – you have the right to obtain confirmation as to whether or not your Data is being processed, and, where that is the case, the right to access to the Data and to receive any information regarding said processing;

- Right of rectification – you have the right to obtain without undue delay the rectification of your Data, should it be inaccurate or incomplete;

- Right to erasure – you have the right to obtain the erasure of your Data from our records;

- Right to restriction on processing – you have the right of restriction of the processing of your Data;

- Right of portability – you have the right to have your Data submitted to you in a readable format and to have it transmitted to another data controller;

- Right to object – you have the right to object, on grounds relating to your particular situation, to the processing of your Data;

- Right to withdraw the consent – you have the right to withdraw the consent previously given as regard to the processing of your Data at any time, in which case the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

- Right to lodge a complaint with the data protection authority – you have the right to lodge a complaint with the data protection authority.

Should you intend to exercise your rights as provided for by the General Data Protection Regulation (“GDPR”), please contact us at the following dedicated e-mail address: gdpr@nedis.com.

Please note that if you submit your request, we may have to ask you to provide further information and/or to submit your request through the App in order to verify that the Data with respect to your request relates to you.

Please be informed that some requests are subject to conditions set out in the GDPR and that we may have the right to refuse your request or some parts thereof.

CONTACT

Please find our contact details below:

Nedis B.V.

De Tweeling 28

5215 MC ’s-Hertogenbosch

the Netherlands

Email: gdpr@nedis.com

CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice to reflect changes to our information practices. If we make any material changes we will notify you through the App prior to the change becoming effective.