Privacy Policy

QUICK SUMMARY:

This Privacy Policy applies to your use of the GlucoSensor website, webshop, mobile app, and all related services provided by DiaX Medical B.V.

  • Your data controller:
    DiaX Medical B.V., operating as GlucoSensor, based in the Netherlands.
  • Data we collect:
    We collect information you provide, such as your name, contact details, and payment information necessary for order processing, product delivery, and customer support. Additionally, we collect data from your GlucoSensor device and app to accurately display your glucose levels and ensure proper functioning. We also collect data from your interactions with our website to optimize your user experience. For detailed information about data collection via the app and website, please see Sections 2.1, 3.1, and 3.2.
  • Do I have to provide my personal data?
    Yes, certain information is necessary for us to provide the GlucoSensor service. If you choose not to provide required information, such as your account details, payment information, or glucose data from your device, we may not be able to offer you some or all functionalities of the app. For example, we cannot process an order without your address or accurately display your glucose readings without your sensor data. In general, when collecting data, we aim to indicate which information is optional and which is required.
  • Why we collect it:
    We collect your data to provide, maintain, and improve the GlucoSensor continuous glucose monitoring service, process your purchases, offer customer support, conduct marketing activities, and fulfil legal requirements. Health data is collected exclusively to assist you in monitoring glucose levels, unless you explicitly consent to additional uses such as participation in research, marketing communications, or receiving product updates.
  • Who we share your data with:
    We share limited data securely with trusted partners such as the manufacturer of the GlucoSensor system to ensure proper app functionality, and essential service providers including cloud storage providers, payment processors, and website analytics tools. All partners are contractually required to protect your data and are prohibited from using it for unrelated purposes.
  • Your rights:
    You have the right to access, correct, delete, or download your data at any time. You can also object to certain uses of your data or withdraw any previously provided consent. To exercise your rights, please contact us directly at info@diaxmedical.com—we’re here to assist you.
  • Security:
    We protect your data using strong security measures including encryption and strict access controls. If any data breach occurs that could significantly affect you, we will promptly notify you and take immediate steps to address it.
  • Contact & more information:
    For further details, please read the complete Privacy Policy below. If you have questions or concerns, do not hesitate to reach out to us at info@diaxmedical.com.

1. INTRODUCTION

DiaX Medical B.V., operating under the name GlucoSensor (“DiaX Medical,” “we,” “us,” or “our”), respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, transfer, and store personal data in connection with the use of our website, products, and services.

This Privacy Policy applies to both the GlucoSensor App and the GlucoSensor.com website. By using our website and App, you agree to be bound by this Privacy Policy and the applicable End-User License Agreement (EULA). There are separate EULAs for the App and the Website. The App EULA governs your use of the GlucoSensor mobile application, and the Website EULA governs your use of the GlucoSensor.com website. Please ensure you have read and understood the applicable EULA before using either platform.

By accessing or using our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy, the applicable EULA, the Legal Disclaimer for the App and the Legal Disclaimer for the website and any other related legal documents such as the General Delivery Terms, Returns and Refund Policy, and Sensor Replacement Policy. Please note, there are separate Legal Disclaimers for the GlucoSensor App and the GlucoSensor.com website. Each disclaimer details specific limitations, intended uses, and liabilities that are unique to each platform. Ensure you read and understand the relevant disclaimer applicable to the platform you are using.

You also consent to the collection, use, and disclosure of your personal data as outlined in this Privacy Policy. If you do not agree with any part of these documents, you must not use our website, products, and services.

We adhere to applicable data protection laws, including the General Data Protection Regulation (GDPR), to ensure your privacy is protected and that your data is handled responsibly.

SCOPE
This Privacy Policy governs the collection, use, and management of all personal data collected through the GlucoSensor App, the GlucoSensor.com website, and any related services provided by DiaX Medical B.V. The types of personal data collected and methods of processing may vary depending on the platform. Specifically, the GlucoSensor App collects device-specific information, operating system details, unique device identifiers, and health-related data required for glucose monitoring, as detailed in Sections 2.1 and 3.2. The GlucoSensor.com website primarily collects information related to your browsing activities, transactions, account details, and cookie data for website optimization, as detailed in Sections 2.1 and 3.1. Detailed information on data processing practices applicable to each platform is provided in these indicated sections.

2. PROCESSING OF PERSONAL DATA

2.1 COLLECTION AND PROCESSING OF PERSONAL DATA
DiaX Medical collects personal data that you voluntarily provide when using our website, app, contacting our customer support channels, or placing orders, as detailed in the General Delivery Conditions. This data may include your name, mailing address, email address, telephone number, payment details, date of birth, and other relevant information.
In addition to the above, we may collect information about your activity levels, dietary habits, and diabetes medication, provided that you choose to input such data or connect third-party services that share these insights. We collect and process this personal data to:
       

  • Enable you to place orders and purchase our products and services;
  • Respond to your requests, questions, and comments;
  • Keep you informed about updates, special offers, product training, and other relevant information regarding GlucoSensor;
  • Enhance your user experience on our website and in our App;
  • Comply with our legal obligations.

Additionally, we may process your personal data to provide insights into general lifestyle factors related to glucose trends, such as activity levels and nutrition. These insights are intended to help users make informed choices about their daily routines.

Device and log information: For details about data collected automatically via your use of the GlucoSensor App, please see Section 3.2 (Data Collection via the GlucoSensor App).
For information on data collected automatically via your use of the GlucoSensor website (such as cookies and browsing activity), please see Section 3.1 (Cookies and tracking technologies).

Permissions: We may request access to certain device permissions, such as Bluetooth and location services, to provide specific features within the app. You have the option to enable or disable these permissions through your device settings.

We adhere to the principles of data minimization and purpose limitation, ensuring that we only collect data necessary for these purposes.

2.2 USE OF HEALTH INFORMATION
When using the GlucoSensor App and related services, you may provide us with health-related data, such as blood glucose levels, diet information, exercise patterns, and other relevant medical history. DiaX Medical B.V. understands the sensitivity of this data and adheres to the highest standards of data protection, confidentiality, and privacy as required by the General Data Protection Regulation (GDPR).

  • Primary purpose of processing: The health data you provide is processed to generate indicative glucose trends and alerts, which may assist you in better understanding your glucose patterns over time. This information is intended solely for informational purposes and should not be used as the sole basis for making any treatment decisions. Users must consult with healthcare professionals for any changes to treatment plans or in response to unusual glucose readings.
  • Personalized notifications: Based on your health profile and glucose trends, we may send you automated notifications or alerts regarding significant changes or trends in your glucose levels. These notifications are generated using automated data analysis tools and are meant to complement—not replace—traditional glucose monitoring and healthcare advice. Users are advised to independently confirm any critical readings through fingerstick testing or consultation with healthcare providers.
  • Research and development: With your explicit consent, anonymized health data may be used for internal research and development to enhance the safety and effectiveness of our products. All research activities are conducted in line with GDPR and medical device regulations, ensuring that any findings or insights derived from your health data are not used to provide medical advice or diagnostic guidance.
  • Marketing and promotional activities: We may use your health data to send you targeted offers or information about our products or services, provided you have given explicit consent for such use. These activities are strictly limited to product awareness and should not be construed as health management advice. You can withdraw your consent for marketing communications at any time.
  • Data minimization and purpose limitation: We strictly adhere to the principles of data minimization and purpose limitation, ensuring that your health data is collected only when necessary and is used exclusively for the purposes outlined in this Privacy Policy. We do not use your health data for unrelated purposes, and we do not sell your health data to third parties.
  • Safeguarding health data: We employ state-of-the-art technical and organizational measures to ensure the security and confidentiality of your health data. These measures include encryption, access controls, and monitoring of our systems to prevent unauthorized access or breaches. Only authorized personnel with a legitimate need to access your health data are permitted to do so.
  • User control and withdrawal of consent: You have control over the health data you share with us. You can view, edit, or delete your health data within the app at any time. If you choose to withdraw your consent, we will cease processing your health data for the purposes for which consent was given, and you have the right to request the deletion of your health data from our systems. Any residual data required for legal or compliance purposes will be retained in accordance with applicable laws and regulations.

By ensuring that your health data is handled with the utmost care, DiaX Medical B.V. aims to provide a secure, transparent, and user-centric experience that respects your privacy and upholds your rights under the GDPR.

2.3 LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
DiaX Medical B.V. processes your personal data based on the legal grounds stipulated under the General Data Protection Regulation (GDPR). We ensure that each processing activity is underpinned by a specific legal basis, as outlined below:

  • Performance of a contract: Processing your personal data is necessary for the performance of a contract to which you are a party. This includes processing activities related to your purchase of our products and services, as well as fulfilling our obligations under the applicable End-User License Agreements (EULA). For instance, we require your personal and payment information to process orders, deliver purchased items, and provide customer support.
  • Compliance with legal obligations: We process your data to comply with legal obligations that apply to us, including but not limited to tax regulations, product safety monitoring, and accounting requirements. This legal ground ensures that our processing activities remain aligned with statutory and regulatory obligations, such as maintaining accurate financial records and reporting adverse events.
  • Explicit consent for special categories of data: When processing special categories of data, such as health-related information, we rely on your explicit consent under Article 9(2)(a) of the GDPR.

    In addition to explicit consent under Article 9(2)(a) GDPR, we may process health-related data under other legal grounds, such as:
    Article 9(2)(h) GDPR: Processing is necessary for preventive or occupational medicine, medical diagnosis, or healthcare services.
    Article 9(2)(i) GDPR: Processing is necessary for reasons of public interest in the area of public health, such as ensuring medical device safety.
    All processing of health data is conducted with appropriate safeguards to protect your rights and freedoms. This consent is sought separately and transparently, specifying the exact purposes for which your sensitive data will be processed, such as enhancing the accuracy of glucose monitoring data. You can withdraw your consent at any time, and we will immediately cease processing your data for that purpose, except where continued processing is required by law or necessary for compliance with other legal grounds as outlined above.
  • Legitimate interests: We may process your personal data based on legitimate interests pursued by DiaX Medical B.V. or third parties, provided these interests do not override your fundamental rights and freedoms. For example, we use your contact details to send you information about our products or relevant services based on your past interactions, unless you have opted out of such communications. Other legitimate interests include ensuring the security of our IT systems, fraud prevention, and conducting market research.
  • Vital interests: The GlucoSensor App is intended solely for informational purposes and is not designed for emergency medical use. Users are advised to consult healthcare professionals for any treatment decisions and to independently confirm critical readings through traditional glucose testing methods. However, in exceptional circumstances where necessary to protect the vital interests of the user or another person, DiaX Medical B.V. may process personal data without explicit consent. This includes, but is not limited to, responding to potential medical emergencies linked to the use of our products. Any such data processing is conducted in strict compliance with applicable data protection laws, including the GDPR.
  • Public interest and health data: Certain processing activities related to health data may also be conducted in the interest of public health or for purposes of scientific or historical research. These activities are conducted in accordance with the applicable laws and ethical standards, and additional safeguards are applied to protect the confidentiality and security of your health data.
  • Legal exceptions to consent: In certain situations, DiaX Medical B.V. may process your personal data without explicit consent when legally required or necessary to protect public safety or vital interests. Examples include:
  • Compliance with legal requests: Sharing data with government agencies, regulatory authorities, or courts in response to legal inquiries, investigations, or to enforce our legal rights.
  • Protection of vital interests: Processing personal data to protect the life or safety of an individual during an emergency situation involving the use of our product, such as providing critical information to medical personnel.
  • Public health and safety: Sharing data with public health authorities for purposes such as preventing or controlling disease outbreaks, reporting adverse events, or ensuring product safety.

All such processing activities are conducted strictly in accordance with the General Data Protection Regulation (GDPR) and other applicable laws. These actions are limited to specific legal obligations and are designed to safeguard public interest, user safety, and compliance with regulatory requirements.

For additional information on legal exceptions to consent, please refer to the relevant sections in the End-User License Agreement (EULA), Legal Disclaimer for the App and the Legal Disclaimer for the website.

2.4 DISCLOSURE OF PERSONAL DATA

2.4.1 Third-party service providers
DiaX Medical B.V. works with third-party service providers to ensure the functionality, efficiency, and optimization of the GlucoSensor Website and App. These service providers include, but are not limited to:

  • E-fulfillment companies for order processing and delivery;
  • Customer relationship management (CRM) systems for managing customer data and interactions;
  • Accounting services to handle financial transactions and invoices;
  • Plugins for website functionality, such as WordPress plugins used to manage website performance;
  • Online marketing and analytics platforms, such as Google Analytics and Facebook Pixel, to monitor user activity and provide targeted advertisements.
  • MiniOrange Authentication Services
    DiaX Medical utilizes MiniOrange, a trusted third-party authentication service provider, to securely manage user registration, login, and Multi-Factor Authentication (MFA) processes on both the GlucoSensor website and the GlucoSensor App. To provide this service, MiniOrange processes limited personal data necessary for authentication purposes, such as your email address, encrypted password credentials, and MFA tokens. MiniOrange is contractually required to adhere strictly to GDPR-compliant data protection measures, ensuring your data is securely processed, stored, and managed. MiniOrange does not have permission to use your personal data for purposes unrelated to providing authentication services.

These third-party service providers only access the personal data necessary to perform their specific roles and are contractually obligated to protect your data and comply with GDPR.

If you choose to integrate lifestyle-related features, we may share certain non-medical data (such as activity tracking data) with trusted third-party service providers that support these functionalities. Any such sharing will be based on your explicit consent and processed under strict data protection agreements.

2.4.2 Consent for third-party data sharing
We share personal data with the above third-party service providers only as needed to run our services (for instance, to deliver your order or host our application). These providers act on our instructions and are not allowed to use your data for their own purposes. Where your consent is required by law for certain sharing, we will obtain it separately. You can withdraw consent at any time. However, please be aware that withdrawing your consent may result in certain features or services no longer functioning properly, potentially limiting or preventing your continued use of the GlucoSensor App and related services.

2.4.3 Potential future third-party integrations
DiaX Medical B.V. may integrate additional third-party services in the future to enhance functionality and user experience. Users will be notified in advance if any new data-sharing arrangements are introduced and will have the option to opt in or out of these new integrations.

2.4.4 Data protection and security
DiaX Medical B.V. collaborates with third-party service providers who are required to implement strict security measures in compliance with the General Data Protection Regulation (GDPR). We conduct thorough due diligence, including Data Processing Agreements (DPAs), to ensure these providers meet our stringent data protection and security standards. We also regularly review and monitor these providers’ compliance measures to maintain the highest level of data protection. Users retain their GDPR rights, including access, rectification, and erasure of their data, as outlined in this Privacy Policy.

2.5 RETENTION PERIOD
DiaX Medical B.V. will retain your personal data only for the duration necessary to fulfill the specific purposes outlined in this Privacy Policy or as required by applicable laws and regulations. Retention periods differ according to the nature of the data collected and the purposes for which the data was initially gathered. The main categories and retention periods are as follows:

Account Information and Order Data: Your personal details related to purchases, transactions, and orders (e.g., name, address, contact information, payment details) will be retained for up to seven years from the completion of a transaction or last interaction, to comply with accounting, taxation, and regulatory obligations.

Health-Related Data (Glucose Data): Your health-related information collected via the GlucoSensor App, such as glucose monitoring data, will be retained as long as your account remains active and for a maximum of six months after account deletion, to comply with regulatory reporting obligations and safety monitoring requirements under applicable medical device regulations.

Lifestyle-Related Data (Activity, Nutrition, etc.): Data related to lifestyle features, such as physical activity, nutrition, or non-medical tracking, will be retained for a period of 12 months from collection, unless you manually delete this data earlier or revoke your consent to its processing.

Customer Support and Communications: Records of customer interactions, support inquiries, and communication logs will be retained for a maximum of three years following the resolution of your inquiry or interaction to ensure quality customer service, continuous improvement, and follow-up on ongoing or recurring issues.

Analytical and Technical Data: Data generated through website and app usage analytics, including cookies and tracking technologies, will be retained for a maximum of 24 months from the date of collection, unless you withdraw consent or manually delete cookies and related tracking data earlier.

User-Generated Content (Reviews, Feedback, Testimonials): Publicly submitted reviews, testimonials, or user feedback may be retained and publicly displayed indefinitely unless you specifically request removal by contacting us directly at info@diaxmedical.com.

Legal Obligations and Regulatory Compliance: In circumstances where retention of your personal data is mandated by law, regulation, or judicial order, DiaX Medical will retain such data for the duration specified by the relevant statutory or regulatory requirement.

Account Deletion: If you delete your GlucoSensor account, we will permanently delete or anonymize your personal data associated with your account within 30 days, except for information required to comply with legal, regulatory, or reporting obligations, or to resolve disputes. This deletion process is irreversible and ensures that no unnecessary residual data remains on our servers.

DiaX Medical ensures that once the retention period expires or the data is no longer required, all personal data is securely deleted or anonymized to prevent re-identification or unauthorized use.

2.6 DATA STORAGE LOCATIONS

Data storage in the European Union (EU)
All personal data collected by DiaX Medical B.V. through the GlucoSensor App and the GlucoSensor.com website is stored on servers located within the European Union. We ensure that your data is processed and stored in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data handled by MicroTech Medical (MM) is stored on servers located within the European Union and adheres to the same security standards and GDPR compliance as data stored by DiaX Medical. This ensures that any data breaches or unauthorized access involving these servers will be managed under the same strict protocols as detailed in Section 4: Protocol for Handling Data Breaches.

By storing data within the EU, we provide a high level of security and privacy protection consistent with European standards.

2.7 THIRD-PARTY DATA PROCESSING

2.7.1 Role of MicroTech Medical (MM)
DiaX Medical B.V. collaborates with MicroTech Medical (MM), the manufacturer of the GlucoSensor system, to ensure the continuous functionality, maintenance, and improvement of the GlucoSensor App. MM receives only de-personalized data limited to your email address and blood glucose (BG) data. MM does not process or store any other personal data collected from the GlucoSensor App or the GlucoSensor.com website. All data accessed and stored by MM is securely held on servers located within the European Union, ensuring compliance with the General Data Protection Regulation (GDPR).

2.7.2 Data minimization and de-personalization
The data shared with MM is minimized to include only what is necessary for the technical operation, maintenance, and enhancement of the GlucoSensor App. Your BG data is associated with your email address solely for the purpose of providing and improving the services. This data is de-personalized to ensure it cannot be used to identify you without additional information, which is not provided to MM.

2.7.3 Data protection measures
MM is contractually obligated to protect your data in compliance with the GDPR and other applicable data protection laws. They implement appropriate technical and organizational measures to safeguard the data against unauthorized access, alteration, disclosure, or destruction. MM cannot use your data for any purpose other than those specified by DiaX Medical B.V.

2.7.4 Legal basis for data processing
The involvement of MM in data processing is based on the legitimate interest of ensuring the continuous and effective operation of the GlucoSensor system. This data processing is necessary for fulfilling the technical requirements of the App, as outlined in the End-User License Agreement (EULA) for the App.

2.7.5 User rights and control
You retain all your rights under the GDPR with respect to the data processed by MM, including the right to access, correct, and delete your data. If you choose to delete your account or withdraw your consent, we will instruct MM to delete any de-personalized data associated with your email address. For any inquiries or to exercise your rights, please contact us at info@diaxmedical.com.

2.7.6 Third-party data processing beyond MicroTech Medical
DiaX Medical B.V. collaborates with additional third-party service providers, as outlined in Section 2.4, to support the operation of the GlucoSensor system and provide high-quality services. Each third-party provider is required to meet stringent data protection and security standards. However, for widely-used services such as Google Analytics and Meta (Facebook) tools, the terms of data processing are governed by the providers’ own standardized Data Processing Agreements (DPAs), which are compliant with the GDPR.

2.7.6.1 Standardized data processing agreements
Certain major providers, including Google, Meta (Facebook), HubSpot, Exact Online, and Microsoft, operate under their own standardized Data Processing Agreements, which apply automatically when using their services. DiaX Medical B.V. relies on these providers’ published terms to ensure GDPR compliance. The data processing activities conducted by these providers are subject to their own privacy terms, which users can review directly:

2.7.6.2 Limited control over standardized agreements
Due to reliance on standardized terms with providers such as Google, Meta (Facebook), Microsoft, HubSpot, and Exact Online, DiaX Medical advises users to familiarize themselves directly with these providers’ GDPR compliance documentation. While DiaX Medical proactively evaluates these providers’ privacy practices, ultimate accountability for compliance resides with these third-party providers. DiaX Medical commits to informing users promptly if significant compliance concerns arise regarding these third-party services. For your convenience, we recommend reviewing the privacy and data processing policies provided by these companies directly through the links available in section 2.7.6.1 of this Privacy Policy.

2.7.6.3 Transparency and user information
DiaX Medical B.V. provides transparency by disclosing the use of third-party providers like Google and Meta within this Privacy Policy. Users are encouraged to review the respective privacy terms of these providers. Any changes or updates to the use of these third-party services will be communicated through our Privacy Policy updates and notifications to ensure ongoing compliance and user awareness.

2.7.6.4 User rights and consent
You retain the right to withdraw your consent for data processing activities involving third-party providers at any time. However, please be aware that withdrawal of consent may affect the availability of certain features or services that rely on third-party integrations. For more information or to exercise your rights, please contact us at info@diaxmedical.com.

2.8 DATA COLLECTION IN RETURNS AND REPLACEMENTS
In the event of a product return, refund, or replacement request, DiaX Medical may collect personal data such as order details, contact information, and the reason for return. This data is processed solely to fulfil the request, ensure product safety, and comply with applicable legal requirements. DiaX Medical retains this data only as long as necessary to complete the request, address any disputes, or meet regulatory obligations. For more information, please refer to the General Delivery Terms, Returns and Refund Policy and Sensor Replacement Policy.



2.9 CONSENT MECHANISMS AND WITHDRAWAL

2.9.1 Obtaining consent
For processing activities that require your consent, such as processing health-related data or sending marketing communications, we will obtain your explicit consent through clear, affirmative action. This may include checking an opt-in box, clicking “I Agree,” or another similar method indicating your consent. We will provide you with information about the specific processing activities and the types of personal data involved at the time we request your consent.

2.9.2 Withdrawing consent
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent by:

  • Adjusting your settings within the GlucoSensor App or website account settings.
  • Contacting us at info@diaxmedical.com with your request.

Upon receipt of your withdrawal, we will cease processing your personal data for the purposes for which you originally consented, unless we have another legitimate basis for such processing under applicable law.

2.9.3 Impact of withdrawal of consent
If you withdraw your consent for the processing of health-related data, certain features and services of the GlucoSensor App may no longer be available. This includes, but is not limited to, trend analysis, automated notifications, personalized alerts, and other functionalities that rely on the processing of your health data. Consequently, continued use of the GlucoSensor product and related services may not be possible without the necessary data processing. In such cases, we may need to terminate your access to the affected services and deactivate your account. We will inform you about the specific impact of your consent withdrawal at the time of your request.

2.10 AUTOMATED DECISION-MAKING AND PROFILING
We use automated processing, including profiling, to analyse your health-related data (such as blood glucose levels) to provide indicative glucose trends and personalized notifications, such as notifications for high or low glucose readings, rapid glucose level changes, or reminders for sensor replacement. This processing helps us enhance your user experience and provide you with relevant information and alerts regarding your glucose patterns.

2.10.1 Your rights regarding automated decision-making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is:

  • Necessary for entering into, or performance of, a contract between you and us.
  • Authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests.
  • Based on your explicit consent.

In cases where we use automated decision-making, we implement suitable measures to safeguard your rights, freedoms, and legitimate interests, including the right to obtain human intervention, express your point of view, and contest the decision. If you have any questions about our use of automated decision-making or wish to object to it, please contact us at info@diaxmedical.com.

2.11 LAWFUL BASIS FOR PROCESSING HEALTH DATA
In addition to obtaining your explicit consent under Article 9(2)(a) of the GDPR, we may also process your health-related data based on other lawful grounds, including:

  • Article 9(2)(h): Processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, pursuant to contract with a health professional and subject to professional secrecy obligations.
  • Article 9(2)(i): Processing is necessary for reasons of public interest in the area of public health, such as ensuring high standards of quality and safety of healthcare and of medical devices, based on Union or Member State law.

All processing of health data is carried out with appropriate safeguards to protect your rights and freedoms, and in accordance with applicable laws and regulations.

2.12 USER-GENERATED CONTENT
When users submit or upload content (such as reviews, testimonials, feedback, or suggestions) via the GlucoSensor website or App, DiaX Medical processes this data based on its legitimate interest in improving products and services. Such data may be publicly displayed, used for marketing or promotional purposes, and retained as long as necessary for these purposes. Users can request removal of publicly displayed content by contacting info@diaxmedical.com.

3. SPECIFIC SECTIONS FOR DATA COLLECTION

3.1 COOKIES AND TRACKING TECHNOLOGIES
DiaX Medical B.V. uses cookies and similar tracking technologies on our website (GlucoSensor.com) to enhance your user experience, optimize our services, and provide personalized content and advertisements. The GlucoSensor App itself does not use cookies but may use other tracking technologies (such as SDKs or APIs, as detailed in Section 3.2). The following types of cookies are used:

  • Strictly necessary cookies: These cookies are essential for the operation of our website and app. Without these cookies, certain functionalities cannot be provided. As these cookies are necessary for the operation of the website/app, they do not require your consent.
  • Analytical/performance cookies: These cookies collect anonymous data on how visitors use our website and app, such as the pages visitors go to most often. These cookies help us improve how our website and app work. Your consent is required for these cookies.
  • Functionality cookies: These cookies allow the website/app to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personalized features. Your consent is required for these cookies.
  • Targeting/advertising cookies: These cookies are used to deliver ads more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of an advertising campaign. Your consent is required for these cookies.

Third-party cookies
We use third-party cookies to collect information about your browsing activity on our website to deliver personalized content and advertisements. This includes:

  • Google Analytics: To understand how our website is used and improve user experience. For more details on Google Analytics’ privacy practices and to opt-out, visit Google Analytics Privacy Policy and Google Opt-Out.
  • Facebook Pixel: To measure the effectiveness of our advertising and to deliver more relevant ads on Facebook and its affiliate sites. For more information, visit Facebook Privacy Policy.

Consent for non-essential cookies can be managed at any time via our website’s cookie management tool (Cookiebot), prominently accessible from each webpage footer. Users can change preferences, withdraw consent previously given, or obtain detailed information about specific cookies directly within this tool. Withdrawal of consent may limit or disable certain website functionalities.

Managing your cookie preferences
You can manage your cookie preferences through our website’s cookie consent tool or by adjusting your browser settings. You may withdraw your consent easily at any time by revisiting the cookie consent tool on our website or through your browser settings. Note that disabling certain types of cookies may impact your experience.

Review and updates
We regularly review our use of cookies and tracking technologies to ensure compliance with EU regulations. Any updates to our cookie practices will be reflected in this Privacy Policy and our cookie consent tool.

3.2 DATA COLLECTION VIA THE GLUCOSENSOR APP
In addition to the personal data outlined in Section 2.1, the GlucoSensor App specifically collects certain technical and usage data automatically when you actively use the app, including:

  • Device data: Device model, operating system, and unique device identifiers.
  • Location data: Collected only if explicitly permitted via your device settings.
  • Usage and interaction data: Features accessed and frequency of app use.

Purpose of App-specific data collection:

  • Monitoring and improving app performance and stability.
  • Developing new app features and enhancements based on user feedback.
  • Providing personalized content tailored to your preferences and location.
  • Assisting with technical support inquiries and troubleshooting.

Third-party service providers:
We may engage third-party service providers to assist in delivering app functionalities such as payment processing, analytics, or customer support. These providers are carefully selected and contractually obligated to comply with our data protection standards. They process your personal data only as necessary to perform requested services.

Use of SDKs and APIs:
The app may integrate Software Development Kits (SDKs) and Application Programming Interfaces (APIs) from third-party partners to enhance functionality. We perform security assessments of these integrations to ensure compliance with our data protection policies.

For additional general information about how we process personal data, please refer to Section 2.1.

3.3 CHILDREN’S PRIVACY

The GlucoSensor CGM system is CE-marked and approved for use by individuals aged 14 years and older. It is not CE-tested or approved for use by children under the age of 14. Therefore, our products and services must not be used by, and are not intended for, individuals younger than 14 years old. We do not knowingly collect or process personal data from children under 14. If we become aware of unintended data collection from a child under 14, we will promptly delete such data. If you believe we have inadvertently collected data from a child under 14, please contact us immediately at info@diaxmedical.com.

For individuals between the ages of 14 and 15 (under 16), explicit parental or guardian consent must be verifiably obtained before personal data collection or processing commences. This consent process involves direct verification via email or documented parental acknowledgment through secure means provided by DiaX Medical. Records of parental consent are retained for audit purposes and compliance with GDPR Article 8.

4. PROTOCOL FOR HANDLING DATA BREACHES

In compliance with GDPR Article 33, DiaX Medical will report personal data breaches to the competent supervisory authority within 72 hours of discovery unless, after immediate assessment by DiaX Medical’s Data Protection Department, the breach is unlikely to result in risks to individuals’ rights and freedoms. Notifications to affected individuals will clearly state the breach’s nature, potential consequences, remedial actions taken by DiaX Medical, and recommended steps users should take to mitigate risks. DiaX Medical maintains detailed breach incident records as per GDPR requirements, documenting the cause, scope, impact, resolution, and future preventative measures for each incident. If you suspect or become aware of a potential data breach involving your personal data, please contact us immediately at info@diaxmedical.com, clearly stating the nature of your concern and providing any relevant details to facilitate swift investigation.

5. YOUR RIGHTS

You have certain rights regarding your personal data, including:

  • The right to access your data.
  • The right to correct your data if it’s incorrect or incomplete.
  • The right to request the deletion of your data.
  • The right to restrict the processing of your data.
  • The right to object to data processing based on legitimate interests or direct marketing.
  • The right to withdraw consent you previously gave (such as consent for marketing or research).

You can exercise these rights at any time by contacting us directly at info@diaxmedical.com. For security purposes, we may need to verify your identity before processing your request. We aim to respond within one month, although this period may be extended if your request is complex or we receive multiple requests from you.

You have the right to data portability, allowing you to request and receive your personal data in a structured, commonly used, machine-readable format. DiaX Medical will facilitate your request promptly, typically within one month. You can also request direct data transfer to another data controller, where technically feasible. Requests should be directed to info@diaxmedical.com.

If you choose to delete your account via the GlucoSensor App, all personal data associated with your account—including health data processed by MicroTech Medical (MM)—will be permanently deleted from our databases and those of our partners. Please note that this deletion is irreversible, though legally required data may still be retained as described in Section 2.5: Retention Period.

Additionally, you have the right to lodge a complaint with a data protection authority if you feel your privacy rights have been violated.

6. CHANGES TO THE PRIVACY POLICY

DiaX Medical B.V. recognizes that transparency is essential in our relationship with users and strives to communicate openly and honestly about the ways we collect, use, and protect your personal data at all times. In light of this commitment, and in accordance with the General Data Protection Regulation (GDPR), this clause describes our approach to informing users about changes or updates to our Privacy Policy.

6.1 NOTIFICATION OF CHANGES
We reserve the right to modify or update this Privacy Policy at any time.

As we continue to develop new features beyond traditional glucose monitoring, such as lifestyle insights, we will ensure that any related data processing aligns with this Privacy Policy. Users will be informed in advance of any significant changes affecting the way their data is handled. Such changes may arise due to new legal requirements, changes in our business practices, or updates in the technology used to protect your data. Significant changes to this Privacy Policy will also be reflected in other related legal documents, including but not limited to:

  • Website End-User License Agreement (Website EULA)
  • App End-User License Agreement (App EULA)
  • General Delivery Terms
  • Returns and Refund Policy
  • Sensor Replacement Policy
  • Legal Disclaimer for the App
  • Legal Disclaimer for the Website

6.2 COMMUNICATION METHODS
Significant changes to our Privacy Policy will be clearly and timely communicated before they become effective. This communication may take place through various channels, including, but not limited to:

  • A notification on our website;
  • A direct email notification to users who have subscribed to such updates;
  • Other communication means deemed appropriate to effectively reach you.

6.3 IMPACT OF CHANGES ON DATA PROCESSING
If changes to our Privacy Policy significantly affect the way we process your personal data, we will inform you about the specific impacts these changes may have on your data and provide you with options to manage your consent where applicable.

We advise users to regularly review our Privacy Policy to stay informed about any changes. The effective version date is clearly indicated at the end of the Privacy Policy (see “Version” section below), enabling you to identify the most recent update easily.

6.4 YOUR ACCEPTANCE OF CHANGES
By continuing to use our website and services after changes to our Privacy Policy are posted, you acknowledge and consent to these changes and agree to the updated terms of the policy as effective at that time.

6.5 QUESTIONS AND CONTACT
Should you have questions about changes to our Privacy Policy or how your personal data is processed, please feel free to contact us using the contact details provided in this Privacy Policy.

7. SUPERVISOR INFORMATION

DiaX Medical B.V. recognizes the importance of your privacy and the protection of your personal data. We strive to handle all personal data we collect and process in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Should you have questions or concerns about the way we handle your personal data, despite our efforts, we encourage you to contact us directly so we have the opportunity to address any issues.

If you believe that your concerns have not been satisfactorily resolved by us, you have the right to file a complaint with the data protection authority in your country or region within the European Economic Area (EEA).

For complaints in EEA countries, you can contact the local data protection authority in your country. A list of these authorities and their contact details is available on the website of the European Data Protection Board: European Data Protection Board.

We emphasize that filing a complaint with the supervisory authority is your last resort. DiaX Medical B.V. commits to cooperating at all stages of any disputes or complaints and seeks a solution that ensures the protection of your personal data.



7.1 SUPERVISORY AUTHORITY CONTACT
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection. As DiaX Medical B.V. is established in the Netherlands, our lead supervisory authority is:

Dutch data protection authority (Autoriteit Persoonsgegevens)

Website: https://autoriteitpersoonsgegevens.nl/en

Postal Address:

Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG
Netherlands

We encourage you to first contact our Data Protection Department (infra@glucosensor.com) before approaching the supervisory authority, as we may swiftly resolve any concerns you have.

8. CONTACT DETAILS FOR PRIVACY-RELATED QUESTIONS

DiaX Medical B.V.
Vincent van Goghweg 5
1861 CD Bergen
Netherlands
info@diaxmedical.com
(Postal address only, not a visiting address.)

Data protection department contact: If you have any questions regarding your rights under the GDPR or how we process your personal data, you may contact our Data Protection Department directly at: infra@glucosensor.com.

Exercising your rights: For requests related to accessing, rectifying, or deleting your data, or for any other data protection-related inquiries, please contact us at the details provided above. We will respond to your request in accordance with GDPR requirements, typically within one month.

9. TOTAL AGREEMENT

This Privacy Policy forms an integral part of the Total Agreement between you and DiaX Medical B.V., operating as GlucoSensor. Together with the following legal documents, this Privacy Policy outlines your rights and obligations, as well as our commitments, in relation to the collection, use, disclosure, and protection of your personal data:

  • Website End-User License Agreement (Website EULA): Governs your use of the GlucoSensor.com website and any transactions made through it.
  • App End-User License Agreement (App EULA): Governs your use of the GlucoSensor mobile application.
  • General delivery terms: Outlines the terms of delivery, warranty, and liability for GlucoSensor products.
  • Returns and refund policy: Details the conditions under which products may be returned and refunds requested.
  • Sensor replacement policy: Specifies the terms and conditions for replacing faulty sensors, including warranty coverage.
  • Legal Disclaimer for the App: Specifies important safety information, usage guidelines, accuracy limitations, liability exclusions, and user responsibilities specifically related to the use of the GlucoSensor mobile application.
  • Legal Disclaimer for the Website: Clarifies liability limitations, accuracy of provided information, and user responsibilities explicitly concerning the use and content of the GlucoSensor.com website, webshop, and related online services.

By accessing or using our products, services, website, or app, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy and the entirety of the Total Agreement. In the event of any discrepancies between this Privacy Policy and other legal documents, the specific provisions of the applicable legal document will prevail.

10. LANGUAGE DISCLAIMER

This document may be translated into multiple languages for the convenience of our users. In the event of any discrepancies, differences in interpretation, or conflicts between the English version and any translated versions, the English version shall be the legally binding version. DiaX Medical B.V. assumes no liability for any errors or misunderstandings arising from translation issues. For clarifications, please refer to the English version or contact us directly.

DiaX Medical B.V. is committed to ensuring the privacy and protection of your personal data. We take appropriate measures to ensure the security of your data and comply with applicable privacy legislation, including the GDPR.

Version: 140425