DataKonect App Privacy Policy

Please read this privacy policy (the Privacy Policy) carefully. It sets out important information in relation to how we process your personal data when you use the DataKonect App.

In broad terms, the term “personal data” means any information that relates to you and that can be used to identify you, directly or indirectly. This information includes your name, email address, phone number, location data and information about your health.

If you have any requests concerning your personal data or any queries with regard to our processing of your personal data, please contact us at DPO@qumata.com.

Contents:

1. 1. About us
2. 2. Purpose of this Privacy Policy
3. 3. Lawful basis for processing your personal data
4. 4. How we use your personal data
5. 5. What data we may collect from you
6. 6. How we collect information from you
7. 7. Security and international transfers
8. 8. Transfers of your data
9. 9. Retention of your data
10. 10. Rights in relation to your personal information
11. 11. Cookies
12. 12. Marketing
13. 13. Third party links
14. 14. Children’s Privacy
15. 15. Amendments to this Privacy Policy
16. 16. Closing your DataKonect profile
17. 17. Questions in relation to this Privacy Policy

1.About us

We are Qumata Group Ltd, a company incorporated and registered in England and Wales with company number 10964467 and our registered office is at 5 New Street Square, EC4A 3TW London, United Kingdom (Qumata, we, us or our). We provide Internet and mobile app-based services.

2.Purpose of this Privacy Policy

2.1. This Privacy Policy contains important information about what personal data we may collect from you; how we will use, store and protect your personal data; with whom we may share your personal data; and your rights under relevant data protection laws.

2.2. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This Privacy Policy supplements the other notices and is not intended to override them.

3.Lawful basis for processing your personal data

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are set out below.

• We will process your personal data where you have given us your consent to do so for one or more specified reasons. This is particularly important in relation to processing information about your health where we require your explicit consent.

• We may also process your personal data where it is necessary for the purposes of our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these do not interfere with your rights).

• We may also process your personal data to satisfy any legal and/or regulatory obligations to which we are subject.

4.How we use your personal data:

4.1 The DataKonect App services cannot be provided without an individual providing us with their personal data. We therefore need your personal data to provide the services of the DataKonect App.

4.2 The aim of the DataKonect App is to provide a DataKonect Profile to the corresponding client of Qumata from which the user is requesting a service. The DataKonect Profile is a combination of collated, declared and calculated data from the user.

4.3 For each user (described below), Qumata collates and processes his/her personal data with the aim of providing the DataKonect App services to the user and the corresponding client (described below).

Example

You (referred to as a “user” in this Privacy Policy) request a service from a Qumata client (client), e.g. an insurer. In order to fulfill the service request, the client recommends that you provide a set of personal data directly to Qumata for the purposes of calculating a DataKonect profile which is to be shared with the client. The client could include companies such as insurers, employers or hospitals.

4.4. We also use aggregated, anonymized and non-personal data for research activities, primarily to improve our wellness model. We store this anonymized data indefinitely. You will not be identifiable from this data.

4.5. As a user of the DataKonect App, you will receive notifications either by email, SMS, phone notifications or any other means as part of the usage of the DataKonect App services. Notifications are used for non-commercial messages such as notifications to a user on the status of his/her data analysis and change(s) in the Privacy Policy. We will inform you about the means through which you will receive notifications. As part of the access to your personal data, you will be able to change your settings regarding the notification means.

4.6 We may process your personal data to provide customer services to you, including to respond to your inquiries or to fulfill any of your requests for information.

4.7 We may process your personal data to personalize your experience on the DataKonect App, such as by providing tailored content and recommendations.

4.8 We may process your personal data to understand and analyze how you use the DataKonect App and develop new products, services, features, and functionality.

4.9 We may process your personal data to find and prevent fraud, and respond to trust and safety issues that may arise.

4.10 We may process your personal data for compliance purposes, including enforcing our Terms of Use or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

4.11 We may process your personal data for other purposes for which we provide specific notice at the time the information is collected.

4.12 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

5.What data we may collect from or about you

Details of the personal data that we may collect from or about you are set out below.

• Information about your health, ethnicity origin. We require this information to provide the services of the DataKonect App.

• The consent that you grant to us to enable us to collect your data from different sources.

• Information extracted from your smart devices including (but not limited to) gender, age, weight, pre-existing conditions, walking and running distance, cycling distance, heart rate (and related information), weight and BMI.

• Activity information and bio-markers made available from your smart devices.

• Information that you provide to us through your user profile which you create.

• Email address and telephone numbers.

• Your feedback and survey responses.

• Information about how you use the DataKonect App and our other products and services.

6.How we collect information on you

We collect your personal data in a number of ways.

• Directly. This includes information such as your contact details, health details and all data which you directly provide to us when you fill in online forms or correspond with us in any way, for example when you:

  • create your account on the DataKonect App and/or Website;

  • submit a query;

  • request or consent to marketing materials being sent to you; or

  • provide us with feedback.

• Automatically. As you use the DataKonect App, we may collect certain information relating to your browsing patterns and technical data about the equipment you are using to access the DataKonect App.

• Indirectly from our Client, sending us over a list of information.

7.Security and international transfers

7.1. In order to protect your personal data, we have appropriate organizational and technical security measures. We make reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.

7.4. In case of a detected security flaw, a patch will be provided by the partners to secure a state of the art encryption and security infrastructure.

7.5. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

8.Transfer of your data

Transfers to members of our group

We may share your data with other members of our Group.

Transfers to third parties

In addition to our data scientists and a Qumata client (as referred to in section 4 above), there may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.

We may transfer your data to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets. The use of your information following any of these events will be governed by the provisions of this Privacy Policy in effect at the time the applicable information was collected.

We may access, preserve, and disclose your data if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.

Other third parties to which we may transfer your personal data include:

• calling agents used by us for the purpose of providing customer support to you in relation to the services that we provide; and

• third party vendors and service providers (e.g. e-mail providers) which we use to provide our services.

The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

• you have expressly consented to your data being shared with specific third parties;

• the third party needs to access the personal data for the purposes of us providing our services to you;

• the third party has agreed to comply with our instructions, required data security standards, policies, and procedures and put adequate security measures in place;

• the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and

• a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.

As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

• only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;

• where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or

• where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.

For more information on the safeguards used when we transfer personal data to third parties, please contact us at DPO@qumata.com

9.Retention of your data

9.1. We retain personal data for as long as you have an account with us in order to meet our contractual obligations to you and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

9.2. For more details about our retention periods, please contact us at DPO@qumata.com.

9.3. We retain anonymized data. This may remain stored and used by us with no time limits. This data is no longer associable to any user and is therefore not personal data.

10.Rights in relation to your personal information

10.1. You have certain rights in relation to the personal data we process and hold about you. These include:

• Right of access: you have the right to request access to personal data that we may process about you.

• Right to rectification: you have the right to require us to correct any inaccuracies in your data.

• Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.

• Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data.

• Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.

• Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.

• Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data (to the extent processing is based on consent and consent is the only permissible basis for processing).

  10.2. If you are not able to complete the above via the Qumata App, please write to us DPO@qumata.com specifying the right you wish to exercise.

  10.3. Unless we are permitted to do so by applicable law, we will not charge a fee for you to exercise any of the rights listed above.

  10.4. In case you have given your consent to let the DataKonect App access your personal data from a given third party source such as Garmin or Apple Health, you can always revoke your consent from those sources directly or ask us to revoke this consent manually by sending a request to DPO@qumata.com

11.Cookies

Our use of cookies and other similar technologies to process personal data is explained in our cookie policy, which you should please read.

12.Marketing

It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us.

Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at DPO@qumata.com or using the link provided in an email. We will process your request to be opted-out of marketing within 10 days of receipt.

We will ensure that we obtain your consent before we share your personal data with any company outside of our Group for marketing purposes.

Where you opt out of receiving marketing communications from us, we may still process your personal data for other required purposes, as specified in section 4 above.

13.Third party links

The DataKonect App may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

14.Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of the DataKonect App or Website is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at DPO@qumata.com.

15.Amendments to this Privacy Policy

15.1. We reserve the right to revise this Privacy Policy from time to time. So you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new modified or amended Privacy Policy will apply from that revision date. Therefore, we encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.

15.2. We will notify you in case we make material changes to this Privacy Policy. If you do not agree with the amended Privacy Policy then you have the right to stop using the DataKonect App, and should do so immediately.

16.Closing your DataKonect profile

Details about the services, related disclaimers and how to close your DataKonect profile are available on the DataKonect App Terms of Use. And your data will be deleted after a maximum of 90 days since the last processing.

17.Questions in relation to this Privacy Policy

17.1. You should also be aware that you have the right to raise any concerns in relation to how we process your personal data with the Information Commissioner's Office in the UK (the ICO).

17.2 We have appointed a data protection officer (the DPO) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation to the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPO using the details set out below.

Email address: DPO@qumata.com

Post: Data Protection Officer, Qumata Group Ltd, 5 New Street Square, EC4A 3TW London, United Kingdom.

17.3 We will respond to requests and questions addressed to DPO@qumata.com within 15 to 30 calendar days.