Privacy policy Diax Medical B.V.

DiaX Medical B.V., operating under the name GlucoSensor (“DiaX Medical,” “we,” “us,” or “our”), respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, transfer, and store personal data in connection with the use of our website, products, and services. By using our website and products, you agree to the terms of this Privacy Policy and the End-User License Agreement (EULA). “User” refers to any individual, group of individuals, or entity that interacts with our content, functionalities, products, or services as defined in the EULA.

  1. Introduction

This Privacy Policy is part of the broader Terms of Use governing your use of the GlucoSensor services. By using our services, you agree to be bound by this Privacy Policy and the End-User License Agreement (EULA), which outlines the full terms applicable to your relationship with DiaX Medical. DiaX Medical develops and delivers medical devices and services, including the GlucoSensor, an innovative glucose monitoring system. In collaboration with MicroTech Medical, we are committed to ensuring the confidentiality and privacy of the personal data we collect and strive to comply with applicable data protection laws and regulations.

Scope

This Privacy Policy applies to all personal data collected through the GlucoSensor App and the glucosensor.com website, as well as any related services provided by DiaX Medical B.V. While certain data collection and processing practices are common across both platforms, specific practices may vary depending on the platform you are using. For example, the app may collect device-specific information, such as operating system an

  1. Processing of Personal Data

2.1 Collection and Processing of Personal Data

DiaX Medical collects personal data that you voluntarily provide when using our website, app, contacting our customer support channels, or placing orders, as detailed in the General Delivery Conditions. This data may include your name, mailing address, email address, telephone number, payment details, date of birth, and other relevant information. We collect and process this personal data to:

  • Enable you to place orders and purchase our products and services;
  • Respond to your requests, questions, and comments;
  • Keep you informed about updates, special offers, product training, and other relevant information regarding GlucoSensor;
  • Enhance your user experience on our website;
  • Comply with our legal obligations.

Device and Log Information: We collect device information such as device model, operating system, unique device identifiers, IP address, and log information, including usage data and interaction records. This data helps us verify your identity, ensure the functionality of the app, and optimize our services.

Permissions: We may request access to certain device permissions, such as camera and location services, to provide specific features within the app. You have the option to enable or disable these permissions through your device settings.

We adhere to the principles of data minimization and purpose limitation, ensuring that we only collect data necessary for these purposes.

2.2 Use of Health Information

When you, as a user of our products and services, choose to share health information with us, such as your medical history or current health condition, DiaX Medical adheres to a strict policy for using this sensitive data. Your health information is primarily used to provide you with the specifically requested products and services. Additionally, we commit to fully complying with relevant laws and regulations applicable to medical devices and healthcare services.

In accordance with the General Data Protection Regulation (GDPR), we emphasize that, in addition to providing requested services, your health information may also be used to send you relevant information or updates directly related to your health situation and/or the products you use. This may include:

  • Product updates and improvements: Information about updates or enhancements to the products you use, which may be relevant to your specific health situation.
  • Personalized offers: Based on your health profile, we may provide personalized offers for new or additional products and services that might be of particular interest to you.

We guarantee that the use of your health information for these purposes is strictly done with your explicit consent, and you have the right to withdraw this consent at any time. We will provide clear and easy-to-understand mechanisms for giving, managing, and withdrawing your consent.

Furthermore, we assure that all processing of health information is conducted with the highest degree of privacy and security, in line with GDPR requirements and other applicable data protection laws. DiaX Medical is committed to protecting your privacy and ensuring the confidentiality, integrity, and availability of your personal and health data.

2.3 Legal Grounds for Processing Personal Data

DiaX Medical B.V. is committed to complying with the General Data Protection Regulation (GDPR) when processing your personal data. We base our processing on the following legally founded grounds, which enable us to deliver our services and optimize our interactions with you as detailed in the EULA:

  • Performance of a Contract: Processing your personal data is essential for the performance of the contract to which you are a party. This includes facilitating orders, delivering our products and services, and providing customer support. This legal ground is applied when you engage in direct interaction with us, such as placing an order or requesting specific services.
  • Explicit Consent for Health Data: When processing special categories of personal data, such as health data, DiaX Medical relies on your explicit consent as the lawful basis under Article 9(2)(a) of the GDPR. This means that we will only process your health data after obtaining your clear and unambiguous consent for specific purposes. You retain the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Consent: For certain processing activities, we seek your explicit consent. This is particularly relevant for sending marketing communications and sharing relevant offers. Your consent is based on a clear affirmative action by which you agree to the processing of your personal data for specific purposes. You always retain the right to withdraw your consent at any time, a process that you can initiate by contacting us.
  • Legal Obligations: There are situations in which we are legally required to process your personal data. This includes complying with tax laws, accounting rules, and other relevant legal requirements. This legal ground ensures that our processing is in line with our legal obligations.
  • Legitimate Interest: DiaX Medical also processes personal data based on legitimate interests, provided these interests do not outweigh your privacy rights and freedoms. Examples include improving our products and services, protecting against fraud, and sending direct marketing materials. We ensure a careful balance is made between our legitimate interests and your rights before processing on this basis.
  • Legal Exceptions to Consent: In certain situations, we may process your personal data without your consent when required by law, to protect public safety, or in response to legal proceedings. This includes processing related to national security, public health, and the protection of vital interests.

2.4 Disclosure of Personal Data

We may share your personal data with the following parties:

  • Subsidiaries and Affiliates: To ensure the continuity of our services, we may share your personal data with our subsidiaries and affiliates.
  • Service Providers: We may engage third-party service providers to perform services on our behalf, such as payment processing, order shipping, and customer support. These service providers have limited access to your personal data and may only use it to perform the requested services.
  • Circumstances of Disclosure: We may disclose your personal data to comply with legal obligations, protect public or individual safety, or in response to lawful requests by public authorities. Such disclosures are made only when necessary and in compliance with applicable laws.

2.5 Retention Period

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected unless a longer retention period is required or permitted by law. After the retention

period has expired, we will securely delete or anonymize your personal data. Additionally, if a user deletes their account through the GlucoSensor App, their personal data associated with the account will be permanently deleted, except for data that must be retained to comply with legal obligations. This deletion process is irreversible and ensures that no residual data remains on our servers.

Criteria for Retention: The retention period for your personal data is determined based on the necessity to fulfill the purposes for which it was collected, as well as compliance with legal obligations. Once the retention period has expired or the data is no longer required, we will securely delete or anonymize your personal data.

2.6 Data Storage Locations

Data Storage in the European Union (EU): All personal data collected by DiaX Medical B.V. through the GlucoSensor App and the glucosensor.com website is stored on servers located within the European Union. We ensure that your data is processed and stored in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Data handled by MicroTech Medical (MM) is stored on servers located within the European Union, and it adheres to the same security standards and GDPR compliance as data stored by DiaX Medical. This ensures that any data breaches or unauthorized access involving these servers will be managed under the same strict protocols as detailed in Section 4: Protocol for Handling Data Breaches. By storing data within the EU, we provide a high level of security and privacy protection, consistent with European standards.

2.7 Data Storage Locations

2.7.1 Role of MicroTech Medical
To ensure the ongoing functionality and improvement of the GlucoSensor App, we collaborate with MicroTech Medical (MM), the manufacturer of the GlucoSensor system. MM may access and store certain limited data collected through the App. MM does not process or store any data collected from the glucosensor.com website.

2.7.2 Limited Data Access
MicroTech Medical (MM), as the manufacturer, only accesses and stores data that is essential for the technical operation, maintenance, and enhancement of the GlucoSensor App. This includes data related to system performance, functionality, and user interactions with the App but does not include any personal data collected via the glucosensor.com website.

2.7.3 Data Storage Location
All data accessed and stored by MicroTech Medical (MM) is securely held on servers located within the European Union, ensuring compliance with the General Data Protection Regulation (GDPR).

2.7.4 Purpose of Data Processing
The data handled by MicroTech Medical (MM) is used exclusively for the purposes of maintaining, improving, and ensuring the reliability of the GlucoSensor App. This data is not used for marketing purposes or to contact users directly.

2.7.5 Legal Basis for Data Processing
The involvement of MicroTech Medical (MM) in data processing is based on the legitimate interest of ensuring the continuous and effective operation of the GlucoSensor system. This data processing is necessary for fulfilling the technical requirements of the App, as outlined in the End-User License Agreement (EULA).

2.7.6 User Rights
Users retain all their rights under GDPR with respect to the data processed by MicroTech Medical (MM), including the right to access, correct, and delete their data. These rights can be exercised through DiaX Medical, which will coordinate with MicroTech Medical (MM) as necessary.

  1. Specific Sections for Data Collection

3.1 Cookies and Tracking Technologies:

DiaX Medical B.V. uses cookies and other similar tracking technologies on our website and within the GlucoSensor App to enhance your user experience, optimize our services, and provide personalized content and advertisements.

 

Types of Cookies used:

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website and app. Without these cookies, certain functionalities cannot be provided. As these cookies are necessary for the operation of the website/app, they do not require your consent.
  • Analytical/Performance Cookies: These cookies collect anonymous data on how visitors use our website and app, such as the pages visitors go to most often. These cookies help us improve how our website and app work. Your consent is required for these cookies.
  • Functionality Cookies: These cookies allow the website/app to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personalized features. Your consent is required for these cookies.
  • Targeting/Advertising Cookies: These cookies are used to deliver ads more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of an advertising campaign. Your consent is required for these cookies.

Third-Party Cookies:

We use third-party cookies to collect information about your browsing activity on our website and app, and to deliver personalized content and advertisements. This includes:

  • Google Analytics: To understand how our website is used and improve user experience. For more details on Google Analytics’ privacy practices and to opt-out, visit Google Analytics Privacy Policy and Google Opt-Out.
  • Facebook Pixel: To measure the effectiveness of our advertising and to deliver more relevant ads on Facebook and its affiliate sites. For more information, visit Facebook Privacy Policy.

Managing Your Cookie Preferences:

You can manage your cookie preferences through our website’s cookie consent tool or by adjusting your browser settings. Additionally, you can withdraw your consent at any time by accessing the cookie settings on our website/app. Note that disabling certain types of cookies may impact your experience on our website/app.

Review and Updates:

We regularly review our use of cookies and tracking technologies to ensure compliance with EU regulations. Any updates to our cookie practices will be reflected in this Privacy Policy and our cookie consent tool.

3.2 Data Collection via the GlucoSensor App:

The GlucoSensor app collects various types of data to improve functionality and provide a personalized user experience.

  • Types of Collected Data
    • Device Data: Information about the device used, such as the operating system, model, hardware version, and unique device identifiers.
    • Usage Data and Interactions: Information about how you use the app, including which features you access, frequency of use, and your interactions within the app.
    • Location Data: With your consent, the app may collect location data to offer location-specific services or advice. This data is only collected when the app is active and with express consent.
  • Use of Collected Data
    • Monitor and improve the app’s performance and stability.
    • Develop new features and enhancements based on user feedback.
    • Provide personalized content and recommendations tailored to your preferences and location.
    • Support you with any technical issues or questions.
  • Third-Party Service Providers: We may engage third-party service providers to assist in delivering our services, such as payment processing, analytics, and customer support. These providers are carefully selected and required to comply with our data protection standards. We ensure that these providers only process your personal data as necessary to perform the services we request.
  • Use of SDKs and APIs: Our app may integrate software development kits (SDKs) and application programming interfaces (APIs) from third-party partners to enhance functionality. We conduct security assessments on these tools to ensure compliance with our data protection policies.
  1. Protocol for Handling Data Breaches

DiaX Medical B.V. places great value on protecting personal information and has established a strict protocol for handling any data breaches. This protocol is designed to comply with the requirements of the General Data Protection Regulation (GDPR) and includes immediate actions for detecting, reporting, and communicating breaches in the security of personal data.

Upon discovering a data breach, our team takes immediate action to assess and limit the damage. In accordance with the GDPR, we will notify relevant supervisory authorities within 72 hours if the breach poses a risk to the rights and freedoms of individuals. Affected individuals will be informed without undue delay, especially if the breach entails a high risk to their personal rights and freedoms.

  • User Notification: In the event of a data breach that poses a high risk to your rights and freedoms, DiaX Medical will notify you without undue delay. This notification will include the nature of the breach, potential consequences, and the measures we have taken or plan to take to address it. We will also provide you with advice on steps you can take to mitigate potential harm.

We will provide the affected individuals with all relevant information about the breach, including recommendations to minimize the potential negative consequences. Additionally, we will thoroughly investigate the cause of the breach and take appropriate measures to prevent recurrence in the future.

  1. Your Rights

You have certain rights regarding your personal data, including the right to access, rectification, deletion, restriction of processing, data portability, and the right to object to processing based on legitimate interests or direct marketing. To exercise these rights, please contact us using the contact details provided in this Privacy Policy. We will respond to your request within one month, as required by GDPR. If you choose to delete your account via the GlucoSensor App, all personal data associated with your account, including health data processed by MicroTech Medical (MM), will be permanently deleted from our databases and those of our partners. Please note that this deletion is irreversible, and legally required data may still be retained under the conditions mentioned in Clause 2.5: Retention Period.

• Exercising Your Rights: To exercise your rights regarding your personal data, you may contact us using the contact details provided in this Privacy Policy. For security reasons, we may verify your identity before processing your request. We aim to respond to all legitimate requests within one month, but this period may be extended depending on the complexity and number of requests.

• Right to Object: You have the right to object to the processing of your personal data when it is based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we have compelling

  1. Changes to the Privacy Policy

DiaX Medical B.V. recognizes that transparency is essential in our relationship with users and strives to communicate openly and honestly about the ways we collect, use, and protect your personal data at all times. In light of this commitment, and in accordance with the General Data Protection Regulation (GDPR), this clause describes our approach to informing users about changes or updates to our Privacy Policy.

6.1 Notification of Changes:

Significant changes to our Privacy Policy will be clearly and timely communicated before they become effective. This communication may take place through various channels, including, but not limited to:

  • A notification on our website;
  • A direct email notification to users who have subscribed to such updates;
  • Other communication means deemed appropriate to effectively reach you.

6.2 Communication Methods:

Significant changes to our privacy policy will be clearly and timely communicated before they become effective. This communication may take place through various channels, including, but not limited to:

  • A notification on our website;
  • A direct email notification to users who have subscribed to such updates;
  • Other communication means deemed appropriate to effectively reach you.

We advise users to regularly review our privacy policy to stay informed about any changes. The date of the last update will always be listed at the bottom of the policy, so you can see when it was last revised.

6.3 Impact of Changes on Data Processing

If changes to our Privacy Policy significantly affect the way we process your personal data, we will inform you about the specific impacts these changes may have on your data and provide you with options to manage your consent where applicable.

We advise users to regularly review our Privacy Policy to stay informed about any changes. The date of the last update will always be listed at the bottom of the policy, so you can see when it was last revised.

6.4 Your Acceptance of Changes:

By continuing to use our website and services after changes to our Privacy Policy are posted, you acknowledge and consent to these changes and agree to the updated terms of the policy as effective at that time.

6d. Questions and Contact:

Should you have questions about changes to our Privacy Policy or how your personal data is processed, please feel free to contact us using the contact details provided in this Privacy Policy.

  1. Supervisor Information:

DiaX Medical B.V. recognizes the importance of your privacy and the protection of your personal data. We strive to handle all personal data we collect and process in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. Should you have questions or concerns about the way we handle your personal data, despite our efforts, we encourage you to contact us directly so we have the opportunity to address any issues.

If you believe that your concerns have not been satisfactorily resolved by us, you have the right to file a complaint with the data protection authority in your country or region within the European Economic Area (EEA).

For complaints in EEA countries, you can contact the local data protection authority in your country. A list of these authorities and their contact details is available on the website of the European Data Protection Board: European Data Protection Board.

We emphasize that filing a complaint with the supervisory authority is your last resort. DiaX Medical B.V. commits to cooperating at all stages of any disputes or complaints and seeks a solution that ensures the protection of your personal data.

  1. Contact Details for Privacy-related Questions:

DiaX Medical B.V. Vincent van Goghweg 5 1861 CD Bergen Netherlands info@diaxmedical.com

  • Data Protection Department Contact: If you have any questions regarding your rights under the GDPR or how we process your personal data, you may contact our Data Protection Department directly at: infra@glucosensor.com.
  • Exercising Your Rights: For requests related to accessing, rectifying, or deleting your data, or for any other data protection-related inquiries, please contact us at the details provided above. We will respond to your request in accordance with GDPR requirements, typically within one month.
  1. Total Agreement

This Privacy Policy constitutes one part of the Total Agreement between you and GlucoSensor. Together with our End-User License Agreement (EULA), Delivery Terms, and Return Policy, this Privacy Policy outlines how we collect, use, disclose, transfer, and store your personal data. By accessing or using our product or service, you acknowledge and agree to be bound by the terms of this Privacy Policy and the entirety of the Total Agreement.

DiaX Medical B.V. is committed to ensuring the privacy and protection of your personal data. We take appropriate measures to ensure the security of your data and comply with applicable privacy legislation, including the GDPR.

Version: October 1, 2024