Terms of use

This policy describes the terms of use for the processing of personal data when you, in your capacity as data subject, use the software applications owned by MIR, which are designed tocheck the heart rhythm by analyzing a single-lead 1-minute long EKG trace.

Legal basis of the processing

An electrocardiogram (EKG) test is a procedure that measures electrical signals from in your heart. Each time your heart beats, an electrical signal travels through the heart. An EKG can show if your heart is beating at a normal rhythm.

Terms of use

The processing of personal data described in this policy will be based on your consent that you will be asked to provide through the application when you first use it. Consent is obtained with suitable mechanisms such as ticking a box to confirm your authorisation for the data to be processed. By expressing your consent you also authorize the sharing of your data through the available functions (e.g. you, as the data subject,may create and share the test results in PDF format).
If you do not provide your consent, you will not be able to use the application.

Data collected

When you use the application by connecting it to our device you may also add your personal data to have it written on the final report of your tests. The data belong to the following categories and will be stored locally on your smartphone and/or tablet:

• Identity data (optional): full name, email address, phone number;
• Your healthcare professional identity data (optional): full name, email address, phone number;
• Diagnostic data, like the data generated by the device during the EKG test;
• Special categories of personal data like information relating to symptoms in order to make the best use of the available functions(optional).

Data that are not obligatory, for example identification data, may only be shared if you have voluntarily included these in the profile created locally on the app.

Purposes of the processing

The application processes your personal data to allow you to monitor your cardiac parameters. This occurs onlyto correctly interpret the results of the tests you have conducted and offer you the functions that are available through MIR's devices. Certain functions you might want to use may require specific data processing. This processing of personal data is necessary to run all the available functions.

The application only runs locally on your smartphone and/or tablet and doesn ot transfer any data to MIR. Therefore, your personal data are only used:

• for communication and marketing activities
• for profiling and personalisation activities.

Transfer of your personal data

You can choose to share the data generated by MIR with third parties like doctors, healthcare providers, hospitals, health authorities, etc.

If you choose to share information with third parties, these will be governed in accordance with their terms and conditions and by their data protection policies.

Quality of the data and retention

By design of the MIR app, your personal data will be stored locally on the smartphone and/or tablet where the app is installed, exclusively for the purposes described above and for the necessary period of time or as required by applicable regulations. You can always delete the data entered into the application at your discretion and at any time. When you decide to share data with third parties, data is stored for the period of time that is strictly necessary for the performance of the service in question, e.g. by the medical service provider.

The MIR app installed on your smartphone and/or tablet allows you to manage your profile and the information associated to this.

Using the app, you also consent to storing test results and allow data to be saved locally in your smartphone/tablet and shared through the creation of a pdf file. You can also decide whether your personal data are included in the pdf file shared with third parties like the healthcare services provider. Other data that can be transferred are optional, i.e. it is you that decides which data to transfer when you set up the app.

Safety of data

The application developed by MIR features technical and organisational security measures for preventing and limiting risks connected to the provision and processing of personal data through the application, by adopting suitable steps to prevent any undesired data disclosure.

We use state-of-the-art security standards and best practices for the electronic protection of data.

RIGHTS OF THE USER TO ACCESS AND CONTROL HIS/HER PERSONAL DATA.

In your capacity as a data subject, we provide you with the settings and instruments for accessing and controlling personal data provided by you, irrespectively of where you reside. If you reside in certain countries, the respective jurisdiction may provide for a certain number of legal rights over your information, which you may exercise through the settings and instruments, as described below.

We use state-of-the-art security standards and best practices for the electronic protection of data.

Access to and exporting of data. By accessing the application, you will have access to a large proportion of your personal information, including the archive with the results of tests you have carried out. You can also download information relating to EKG tests in a commonly used file format (pdf).

Amending and deleting data. By accessing the application and using the available instruments, you can amend and delete your personal information. For example, you can amend or delete profile data you have provided and remove your identification data should you wish to do so.

Objecting to the use of data. In the application we provide you with the instruments to exercise control over the use of data. For example, you may revoke access to third party applications which you had previously connected to the app or with which you decided to share data. You can also use the application to remove the Bluetooth connection between your smartphone and/or tablet and the MIR device

COMPLAINTS TO THE DATA PROTECTION SUPERVISORY AUTHORITY

If you believe MIR has processed your personal data in a manner that is not compliant with the applicable regulation on personal data or that MIR has not guaranteed the exercising of your rights in a sufficient manner, you may present a complaint to the local data protection supervisory authority.

CONTROLLER OF YOUR PERSONAL DATA AND CONTACTS

VARIATIONS TO THIS DATA PROTECTION POLICY

MIR may on occasion update and amend this data protection policy. If these variations include new processing purposes, MIR will inform you in advance and, if necessary, will ask once again for your consent.