This policy describes the terms of use for the processing of personal data when you, in your capacity as data subject, use the software applications owned by MIR, which are designed to monitor vital respiratory parameters through a spirometry test.

A spirometry is a diagnostic test that is easy to carry out and very useful for assessing respiratory function. Essentially, when a person exhales as forcefully as possible, using a turbine sensor, the spirometer measures the quantity and speed of air coming from the lungs to determine a series of spirometric parameters.

However, this measurement is not sufficient in itself for assessing an individual's respiratory function. In order to do this, it is also necessary to calculate so-called normal values (predicted values) and compare these with the spirometric parameters that have been measured.

Predicted values are calculated using equations that have been studied and published by international lung associations and depend on a series of data.

In this regard, one would naturally assume that a person's height will influence the predicted values. Similarly, it is also logical that age will influence these values, as a child will have smaller lungs than an adult. Even a person's sex - male or female - and race (ethnic origin) will influence the predicted values of the spirometry test.

This is the reason why a complete spirometry test requires both the measured values (that are calculated using the turbine) as well as the predicted values calculated using the above mentioned equations that are memorised in the app. This enables a comparison to be made so that the spirometry test can be interpreted from a diagnostic perspective.

The processing of personal data described in this policy will be based on your consent that you will be asked to provide through the application when you first use it. Consent is obtained with suitable mechanisms such as ticking a box to confirm your authorisation for the data to be processed. By expressing your consent you also authorise the sharing of your data through the available functions (e.g. the telemedicine consultation function and the creation and sending of the test results by email). If you do not provide your consent, you will not be able to use the application.

When you use the application by connecting it to our instrument you will be asked for your personal data in order to conduct the spirometry test. The data requested from you belong to the following categories and will be stored locally on your smartphone and/or tablet:

• Identity data: full name and ID (optional)
• Data relating to age, height, sex;
• Diagnostic data, like the data generated by the meter during the spirometry and/or oximetry test.
• Special categories of personal data like information relating to symptoms in order to make the best use of the available functions (optional);
• Audio/video streaming data for the telemedicine consultation when these are exchanged with the healthcare worker.

We would like to assure you that data on ethnic origin are optional and used exclusively for the calculation of predicted values and for the diagnostic interpretation of spirometry tests. Data that is not obligatory, for example identification data, may only be shared if you have voluntarily included these in the profile created locally on the app.

The application processes your personal data to allow you to monitor your respiratory parameters. This occurs only to correctly interpret the results of the tests you have conducted and offer you the functions that are available through MIR's devices. Certain functions you might want to use may require specific data processing. This processing of personal data is necessary to run all the available functions.

We would like to assure you that data on ethnic origin are optional and used exclusively for the calculation of predicted values and for the diagnostic interpretation of spirometry tests. Data that is not obligatory, for example identification data, may only be shared if you have voluntarily included these in the profile created locally on the app.

The application only runs locally on your smartphone and/or tablet and does not transfer any data to MIR. Therefore, your personal data are not used:

• for communication and marketing activities
• for profiling and personalisation activities

You can choose to share the data generated by MIR with third parties like doctors, healthcare providers, hospitals, health authorities, etc.

The application is integrated with Apple's Healthapp. Thanks to this integration, you can authorise the application to:

• read the following from the Healthapp: Your Date of Birth, Height, Sex;
• write on the Health app: Height, Heartbeat, Oxygen Saturation, PEF (Peak Expiratory Flow), FVC (Forced Vital Capacity), FEV1 (Forced Expiratory Volume in the 1st second)

If you choose to share your data with Apple’s Health app, the information you provide will be governed by the Terms and Conditions of Apple's Data Protection Policy.

We would like to reassure you on the following circumstances that may occur when you decide to use certain functions of our products:

• Live Switch by Frozen Mountain is used for telemedicine consultations on spirometry tests, which means that only the public IP address can be identified. The technology that is used ensures suitable standards of encryption that are explained by LiveSwitch on the website.
• If you choose to share information with third parties, these will be governed in accordance with their terms and conditions and by their data protection policies.

Sharing of data relating to your health will take place in cases such as remote assistance from healthcare workers during remote monitoring procedures or telemedicine consultations. Please note that the healthcare services provider using the app and the telemedicine consultation function will be the data controller according to the "treatment purposes” being pursued, over which MIR has no control.

By design of the MIR app, your personal data will be stored locally on the device where the app is installed, exclusively for the purposes described above and for the necessary period of time or as required by applicable regulations. You can always delete the data entered into the application at your discretion and at any time. When you decide to share data with third parties, data is stored for the period of time that is strictly necessary for the performance of the service in question, e.g. by the medical service provider.

The MIR app installed on your smartphone and/or tablet allows you to manage your profile and the information associated to this. We recommend you access your personal data periodically through your profile to ensure these are correct and updated, in order to guarantee the full functionality of the application and the test results.

In terms of the telemedicine consultation by streaming, the application is set on private mode between the patient and the party performing the health service. Telemedicine consultations are temporary since they only exist while they are actually taking place. The audio-video-data flow is created when the first participant joins the video-call and ends when the last participant leaves. Therefore, there is no recording or retention of the telemedicine consultation and the data and traffic that is generated cannot in any way be viewed by third parties.

During the course of the telemedicine consultation with the party performing the health service the following data are shared through the data channel: height, age and sex. Data that is not obligatory may only be shared if these are provided to the app directly by you or if you have decided to share test results by email.

Using the app, you also consent to storing test results and allow data to be saved locally and shared through the creation of a pdf file. You can also decide whether your personal data are included in the pdf file shared with third parties like the healthcare services provider. Other data that can be transferred are optional, i.e. it is you that decides which data to transfer when you set up the app.

The application developed by MIR features technical and organisational security measures for preventing and limiting risks connected to the provision and processing of personal data through the application, by adopting suitable steps to prevent any undesired data disclosure.

We use state-of-the-art security standards and best practices for the electronic protection of data. We use the sector's standard encryption to protect your data in transit (this is commonly known as transport layer security or "TLS").
In terms of the telemedicine consultation, this takes place in a peer- to-peer mode (P2P) using WebRTC technology. It is very important to note that when packages have "end-to-end" encryption, this second level of encryption is never removed. The only information that is available is the public IP address of the network operator

Therefore, the data in the audio-video-data streaming process are anonymised and cannot be read by third parties as they may only be viewed between the data subject and the healthcare service provider and even in this case are not stored or recorded.

The WebRTC technology requires access to the camera and microphone. The app will therefore ask the patient/data subject and the healthcare services provider to expressly authorise use of the camera and/or the microphone (both can be configured individually). The user can grant access on each single occasion or on a permanent basis.

In your capacity as a data subject, we provide you with the settings and instruments for accessing and controlling personal data provided by you, irrespectively of where you reside. If you reside in certain countries, the respective jurisdiction may provide for a certain number of legal rights over your information, which you may exercise through the settings and instruments, as described below.

Access to and exporting of data. By accessing the application, you will have access to a large proportion of your personal information, including the archive with the results of tests you have carried out.  You can also download information relating to spirometry tests in a commonly used file format (pdf).

Amending and deleting data. By accessing the application and using the available instruments, you can amend and delete your personal information. For example, you can amend or delete profile data you have provided and remove your identification data should you wish to do so.

Objecting to the use of data. In the application we provide you with the instruments to exercise control over the use of data. For example, you may revoke access to third party applications which you had previously connected to the app or with which you decided to share data. You can also use the application to remove the Bluetooth connection between your device and the MIR product.

If you believe MIR has processed your personal data in a manner that is not compliant with the applicable regulation on personal data or that MIR has not guaranteed the exercising of your rights in a sufficient manner, you may present a complaint to the local data protection supervisory authority.

MIR may on occasion update and amend this data protection policy. If these variations include new processing purposes, MIR will inform you in advance and, if necessary, will ask once again for your consent.