1.1 This privacy policy (the “Policy”) has been compiled to better serve those who are concerned with how their personal data is being used, hereunder to inform you of your rights as well as our policies and procedures regarding the processing of your personal data. Where the words (“you” or “your”) are used in this policy

1.2 Where the words “we”, “us” or “our” are used in this policy, this refers to FlexMed AS, company no. 930 843 865.

1.3 By using Our solutions and services, you acknowledge that you have read and understood this policy. Please read our policy carefully to get a clear understanding of how we process your personal data.

2. PURPOSE

2.1 The term “personal data” refers to any information that relates to an identified or identifiable individual. An individual is considered identifiable if they can be identified, directly or indirectly, through information such as their name, identification number, location data, or online identifiers. Personal data also includes information linked to physical, physiological, genetic, mental, economic, cultural, or social characteristics of a person. In essence, it covers any data that can be used to recognise or distinguish an individual, either on its own or in combination with other information.

2.2 We process personal data for the following purposes:

a) Bookkeeping: We need to register and store some information for bookkeeping purposes when your personal data is part of the basis for accounting transactions.

b) Camera Management: We will process your personal data as part of setting up and managing a care camera, door sensor, and call button in your home, as well as when we access live-streamed video with audio (24/7) and receive notifications when the door opens, closes, or the call button is pressed.

c) Complaints, requests and disputes: We need to process complaints and handle inquiries from you.

d) Confirm your identity: We need to confirm your identity and that of any next of kin that you allow to access the app.

e) Customer efforts: We may process your personal data as part of our efforts pertaining to the marketing, sale and maintenance of customer relationships.

f) Internal processing: Conduct internal investigations and risk assessments.

g) Securing our systems and premises: We need to secure our systems and the offices and premises as well as the safety in the workplace. To that end, we may process data such as access credentials and log information from our systems.

h) Threat detection: We may process your personal data to register and prevent fraud, spam, abuse, technical issues, security incidents and other harmful activities.

2.3 We may also process personal data for purposes other than those mentioned in this policy, provided that these purposes are consistent with the original purposes for which the personal data was collected.

3. PERSONAL DATA

3.1 Personal data is information relating to a natural individual who can be identified, directly or indirectly by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

3.2 This policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that we find appropriate.

3.3 In order to achieve the purposes listed in Clause 2, we may process personal data about you, including but not limited to:

a) App Usage Data: Video recordings, door sensor activity, and call button activity, depending on the subscription package.

b) Delivery Information: Shipping address for hardware purchases.

c) Payment Information: Credit card details for users subscribing to the Standard or Premium packages or purchasing hardware through our website.

d) User Information: First name, last name, e-mail address, phone number, and personal identification number (or secure BankID login.

3.4 The personal data will mainly be collected from you directly. In some cases, we will collect personal data from our third parties such as the user or the next of kin.

4. LEGAL BASIS

4.1 Unless otherwise provided, the legal basis for our processing is that the processing is necessary for us to enter into and perform a contract with you for the provision of our solutions and services and/or fulfil our legal obligations, cf. Articles 6 no. 1 (b) and c) of the GDPR. Internal processing Securing our systems and premises threat detection

4.2 With respect to processing as detailed in Clause 2 (e) and (f–h), the legal basis for our processing is our legitimate interests in safeguarding our confidential information, intellectual property rights and the rights of other employees., cf. Articles 6 no. 1 (f) of the GDPR.

4.3 For certain processing operations, you may be asked to confirm that you have read and consented to the contents of this policy and to our processing of your personal data in accordance with Article 6 no. 1 (a) of the GDPR.

5. DATA CONTROLLER

5.1 Unless otherwise specified, we are the data controller of the processing of your personal data. A data controller is the legal or physical person who determines the purpose of the processing of personal data and the means to be used during such processing. It is the data controller who has the overall responsibility for the processing of your personal data.

6. YOUR RIGHTS

6.1 As a data subject, you have the following rights:

a) Access: You may request a copy of your personal data that we process.

b) Data portability: You may request to obtain the personal data that you have provided to us or to have said data transferred to a third party in a structured, commonly used and machine-readable format.

c) Erasure: You may demand that we erase all of your personal data, unless we are required by law to keep the data for a certain period of time.

d) Information: You are entitled to receive information concerning which categories of your personal data that we process and how they are processed.

e) Objection: You may object to our use of your personal data for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to decision based solely on automated processing, including profiling, which produces legal effects that significantly affects you.

f) Rectification: You may require your personal data to be rectified or supplemented.

g) Restriction: You may request that we restrict the processing of your personal data.

7. RETENTION

7.1 We keep your personal data only for as long as it is required for the reasons it was collected from you or until you delete such data yourself.

7.2 The retention period in which we store personal data varies, depending on the category and the nature of the personal data. Below is an overview of how long we store certain data:

a) Account Information: Retained for the duration of the user’s account. If the account is deleted, data will be removed unless retention is required by law.

b) Payment and Delivery Information: Retained as required by applicable financial and tax regulations.

c) User-uploaded Clips: Retained until the user deletes them.

d) Video Recordings: Stored for three (3) days (Standard Package) or seven (7) days (Premium Package) and automatically deleted thereafter.

8. THIRD PARTIES

8.1 We may disclose your personal data to governmental authorities, entities within our group of companies and to our service providers and business partners that provide business support, payment processing, shipping, identity verification, translation services, legal and financial advice, database management, maintaining, reviewing and developing our business systems, procedures and infrastructure, among others:

8.2 Any third party that we disclose your personal data though will be obligated to adhere to our standards for the processing of personal data otherwise act in accordance with the at all times applicable privacy legislation.

9. SECURITY

9.1 Safeguarding your personal data is our highest concern. As such, we endeavour to adhere to the generally accepted industry standards and internal procedures to protect data submitted to us and otherwise employ and maintain and reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with your personal data, so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of your personal data. This also applies to our disposal or destruction of your personal data.

10. INTERNATIONAL TRANSFER

10.1 As a main rule, your personal data will only be processed in countries within the European Economic Area. If your personal data is transferred outside this region, we ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful mechanisms.

11. CHANGES

11.1 The policy may be updated from time to time to reflect changes in our practices or legal requirements, and we will notify you of any material changes.

12. CONTRACT & COMPLAINT

12.1 If you wish to utilise your rights of access, information, rectification, erasure, restriction, data portability or the right to object to the processing of personal data or if you have questions or requests regarding this policy, our processing or wish to file a complaint, please contact us at: [insert e-mail address].

12.2 We will investigate all complaints and if a complaint is found justified, we will take all reasonable steps to resolve the issue.

12.3 You are also entitled to file a complaint to the Data Protection Authority regarding our processing of your personal data. For information on how to contact the Data Protection Authority, visit their website.

12.4 To guard against fraudulent requests, we may require you to provide sufficient information to allow us to confirm that the individual making the request is authorised to do so.