Senstream is the data controller of the personal data collected from the User through the Ring and the App. The Ring and the App may be used by adults and by children. Where the Ring is to be worn by a minor, we require that a parent registers with the App on behalf of the minor. Where such minor is under 16 years old, the parent must provide verifiable parental consent to the collection and use of the personal data by Senstream.
3. WHAT KIND OF PERSONAL DATA DOES SENSTREAM COLLECT ABOUT THE USER?
Senstream collects the following categories of personal data:
App Service Registration. Senstream collects the name, date of birth, and contact details of the User (and its parents if the User is under 16) and any designated caregivers. With regard to the designated caregiver, the User declares and warrants to have provided him with Senstream's privacy information notice and have obtained his prior consent to the processing of his personal data by Senstream for the provision of the Services prior to providing his personal details to Senstream;
Other Information. Senstream automatically collects the following information via the Ring and the App, whenever the User's device is connected to the Internet:
Physiological Information. The Ring tracks, in real-time skin conductance, temperature, movement, and acceleration as well as heart rate and other physiological information from the Ring sensor information (the "Special Categories of Personal Data"). This information is transmitted, automatically, from the Ring to the App, using Bluetooth®, and then from the App to Senstream via the User's mobile device’s WiFi connection or other cellular network.
Technical Information. Senstream also collects other technical information such as IP address, Senstream identifier, geolocation information (which is collected exclusively when the Service detects a distress), the dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).
4. HOW DOES SENSTREAM USE THE USER'S PERSONAL DATA?
Senstream processes the above mentioned personal data of the user for the following purposes:
a) the provision of the services available through the Ring and the App, including the billing of the relevant fees, gathering activity information;
b) the provision to the User of customer support and technical assistance, including the delivery of communications relating to the provision of the services through the Ring;
c) the measurement of the service quality and relevant metrics provided through the Ring and the App;
d) the management of complaints and disputes;
e) the performance of the activities necessary to ensure compliance with the applicable national/EU laws and/or respond to request from public and government authorities (the purposes from letters a) to e) are jointly referred to as "Contractual Purposes");
f) the performance of credit recovery procedures and credit assignment to authorized companies, also by means of third parties;
g) the performance of tests, updates, and developments of the Ring, the App and more in general the services provided by Senstream, in order to optimize the services provided to the User also by way of machine learning systems and artificial intelligence provided that the process of personal data, albeit limited to the necessary, is essential in order to carry out such tests activities;
h) the performance of technical assessment and due diligence activities by third parties such as acquirers and/or their advisors for a potential merger, sale of assets or transfer of all or a material part of its business, by disclosing and transferring the Client's personal data to the third party or parties involved in the transaction as part of the transaction; (the purposes of letters from f) to h) above are jointly referred to as "Legitimate Interest Purposes");
i) the delivery of direct marketing communications concerning products and services of Senstream (e.g., sending of advertising materials, market researches). The communications, may be sent by both automated (e.g., SMS, MMS, fax, calling systems, email and web applications) and traditional (e.g., calls by human operators) means of contact;
j) the delivery of marketing communications customized on the User's interests and needs by means of the channels of communication set out under letter i) above;
(the purposes of letters i) and j) above are jointly referred to as "Marketing Purposes").
5. ON WHAT LEGAL BASIS DOES SENSTREAM PROCESS THE USER'S PERSONAL DATA?
The processing of the User’s personal data is necessary with regard to the Contractual Purposes as it is essential:
* for the performance of the contract regarding the provision of the requested Services with regard to the cases as per Section 4 letters from a) to d); and
* in order to comply with provisions as provided by the applicable laws as per Section 4 letter e).
Should the User not provide its personal data with regard to the Contractual Purposes, Senstream will not be able to provide the Services to the User.
In addition to the above, with reference to the collection of Special Categories of Data processed for Contractual Purposes, Senstream will collect the User's consent. However if the User does not provide its consent to the processing of Special Categories of Data, Senstream will not be able to provide the Services.
6. HOW DOES SENSTREAM PROCESS THE USER'S PERSONAL DATA?
The User's personal data will be processed both electronically and/or manually, in any case in such a way as to guarantee the security, protection, and confidentiality of the data, thanks to appropriate administrative, technical, personnel, and physical measures against loss, theft, and unauthorized use, disclosure, or modification.
7. WHO CAN HAVE ACCESS TO THE USER'S PERSONAL DATA?
For the Contractual Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) the caregiver within specific limits [third parties service providers entrusted with processing activities that provide services or assistance and advice to Senstream, with special but not exclusive reference to technology, accounting, administrative, legal, insurance, IT matters; (c) companies of the Senstream group, (d) persons and authorities whose right to access personal data is recognized by law, regulations, or provisions issued by legally empowered authorities. The aforementioned recipients will process personal data as data controllers, data processors, or persons in charge of processing, depending on the circumstances. For the Legitimate Interest Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) third parties service providers entrusted with processing activities that provide services or assistance with reference to credit recovery procedures and credit assignments, as well as tests, updates, and developments of the Ring and the App, (b) companies of the Senstream group, (c) potential purchaser of Senstream and the entities resulting from mergers or any other transformation involving Senstream, (d) competent authorities.
For the Marketing Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) third parties service providers entrusted with processing activities that provide services or assistance with regard to the delivery of marketing communications, (b) companies of the Senstream group.
A complete list of the data processor is available upon request through the modalities as per Section 9 below.
8. IS THE USER'S PERSONAL DATA TRANSFERRED ABROAD?
The Client's personal data may be transferred to countries within and outside the European Economic Area, in particular in the United States. For transfers from EU to countries not considered adequate by the European Commission, Senstream has put in place appropriate and suitable safeguards to protect the User's personal data. Accordingly the User's personal data are transferred in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the Privacy Regulation.
9. DATA RETENTION PERIODS APPLYING TO THE USER'S PERSONAL DATA
Personal data of the User will be stored for the period necessary to fulfill the purposes for which the data was collected as outlined in this Privacy Notice. In any case the following retention periods will apply to the processing of the User’s personal data for the purposes indicated below:
data collected for Contractual Purposes and for Legitimate Interest Purposes is retained during the provision of the Services plus a period of 10 years after the termination or withdrawal from the contract with Senstream, except when the detention of the data is necessary to respond or to file legal actions, upon request of the competent authorities or in compliance with the applicable laws;
10. WHAT ARE THE USER'S RIGHTS WITH REGARD TO PERSONAL DATA?
The User, at any given time, can exercise the following rights, by sending an email to the following address email@example.com
(a) to obtain from Senstream confirmation of the existence of personal data and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
(b) request the erasure, anonymization or restriction of the processing of personal data processed in breach of the applicable laws;
(c) object in whole or in part, on legitimate grounds, to the processing of the data;
(d) to withdraw the consent to the processing of the data (if and to the extent such a consent is necessary).
In addition to the above the User will also have the right, in any given moment, to:
request Senstream to limit the processing of the User’s personal data where:
* the User contests the accuracy of the personal data until Senstream has taken sufficient steps to correct or verify its accuracy;
* the processing is unlawful but you do not want us to erase the User’s personal data;
* Senstream no longer needs the User’s personal data for the purposes of the processing, but the User requires them for the establishment, exercise, or defense of legal claims; or
* The User has objected to processing justified on legitimate interests, pending verification as to whether Senstream has compelling legitimate grounds to continue processing.
object to the processing of the User’s personal data;
request the erasure of the User's personal data without undue delay;
receive an electronic copy of the User's personal data, if the User would like to export its personal data to itself or a different provider, when Senstream is relying upon the User's consent or the fact that the processing is necessary for the provision of the Services and the personal data is processed by automatic means; andlodge a complaint with the relevant data protection supervisory authority.
11. DATA PROTECTION OFFICER
The Data Protection Officer appointed by Senstream pursuant to Section 37 of the Privacy Regulation can be contacted at the following email address: firstname.lastname@example.org
This privacy information notice might be subsequently updated or integrated. Changes will be notified in advance and in any case User will be able to review the updated version of the privacy information notice on the website senstream.com.