INTRODUCTION

This privacy policy (the “Privacy Policy”) explains the types of personal data we, as Wearable Health Zrt. (registered seat: 1054 Budapest, Aulich utca 7.; company registry number: 01-10-049130) ("Heartbit") collect and process as data controller, the legal grounds for its collection, how we use and share that personal data and how to manage your privacy settings and your rights in connection with the services we offer. In order to fully understand how our services work, we invite you to read our Terms and Conditions.

We at Heartbit take your privacy very seriously. Please review the below to see how Heartbit processes your personal data and special categories of your personal data in connection with its activity on Heartbit’s website (the "Website"), the Heartbit Application (the "Application") and your individual account created when you choose to register with the Application ("Member Zone") (the Application and Member Zone collectively, the “Heartbit Services”). Heartbit Services are accessible through registration with the Application.

COOKIES

Our Website (www.theheartbit.com) uses cookies to enable the use of the Website and its functionalities as well as to provide you with the best possible user experience when checking out our latest news, events or information on our Application and merchandise. Cookies store information regarding your use of the Website, thereby enabling the site's operation, enhancing your browsing experience and making the site easier to use and also to provide you with personalized advertisement and marketing material. You will always have the option to customize and decide which cookies you will allow our Website to use during your browsing session. The Website uses the following cookies, which are (i) cookies required to enable core functionality and use of the Website (these cookies cannot be disabled as without them the Website cannot function properly), cookies (ii) that store information of your use of the Website and enhance your browsing experience (you may disable these cookies) and cookies (iii) that collect information of your browsing activity in order to provide your with personalized advertisements and marketing material (these cookies will not impair any functions of the Website and can be disabled also).

Fore more information about our Cookie Policy and the types of cookies present on the Website, please click here.

REGISTRATION

Once you decided that you wish to be a part of the Heartbit experience, you may download and register with our Application to create your own account with Heartbit and begin using the Heartbit Services (the "Account"). As long as your Account remains active and the Application is downloaded (i.e., until you decide to delete it) you will be able to change any of your personal data stored by Heartbit through various settings in the Application.

BASIC PRINCIPLES OF DATA PROCESSING

Before we move on to the details of this Privacy Policy, please take a look at our fundamental privacy principles:

a. When using the Heartbit Services, you can share and publish details of your activities to other social media platforms. In case you decide to share or publish posts to these platforms, any personal data or other information will be processed pursuant to the privacy policy of these service providers and as such, Heartbit will no longer remain in control and liable for data made public on those platforms. Please always be extra cautious when you share any personal data via third parties and you should carefully review the privacy practices of such third parties;

b. Heartbit makes sure, that any personal data processed relating to you is done only on existing legal grounds and that your rights as a data subject are always respected to the highest extent possible, including effective exercising of your rights as a data subject;

c. Heartbit is a constantly evolving project, that strives to provide you with the most advanced monitoring service of your health data in practically any situation. In order to secure that we only use personal data for the purposes defined in this Privacy Policy, we only use anonymized data while pursuing our goal of further developing our services and carrying out business development and other scientific research. Accordingly, we apply the latest technological methods to remove any links between data and the person whom it belongs to. As a result, we only aggregate and publish data only after it was anonymized;

d. Heartbit ensures that you have options to control what personal data is collected and controlled about you. We are continuously working to enhance privacy options available to you, which we will explain in more detail.

Heartbit is headquartered in Budapest, Hungary and Heartbit Services are provided to you by Heartbit, using data processors located in the European Union (“EU”). As such, by virtue of the provisions of the General Data Protection Regulation ("GDPR"), personal data collected about you are controlled in accordance with EU data protection law. Heartbit notes, that any processing or further forwarding of your personal data will remain inside the territory of the EU. This Privacy Policy was written in English. In case this English version is translated into a separate language version, the English version will prevail. Unless indicated otherwise, this Privacy Policy only applies to Heartbit Services, and it shall not be applicable in case of third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Heartbit Services.

1. WHICH PERSONAL DATA IS USED AND COLLECT BY HEARTBIT?

When using its features, Heartbit Services collects data, including personal data that directly or indirectly identifies you (i.e. personal data). We receive personal data in a few different ways, including data you have provided during Registration in your Account or when you exercise, complete or upload activities using the Heartbit Services. Heartbit also collects personal data about the way you use the Heartbit Services.

Personal data collected by Heartbit Services includes:

a. Personal data, that is mandatory for the creation of your Account are your name, email address, date of birth, gender, height, weight, step length, username and password that helps secure and provide you with access and enables the analytic functions of the Heartbit Services. These personal data are collected or can be provided in the course of registration with the Heartbit Services through third party service providers (i.e. Facebook and Google) or directly in the Application during registration (the “Registration”). These mandatory data are necessary to create your Account as well as to enable the functionality of the Device and the Application and to calculate and carry out measurements regarding your health;

b. We also collect personal data when you use the Application, including when you perform activities or choose to upload a picture displaying details of your activity (e.g., date, distance, detailed time and geo-location personal data as well as your speed and pace) or share a post within the Heartbit Services. Once you have created your Account and managed to pair your Device with your Account, Heartbit will also collect the model number of your Device;

c. Heartbit Services also collects location data from your phone and your watch when you use the Heartbit Services;

d. In order to measure your activities, Heartbit Service uses as a special Heartbit device (the "Device") mounted on the garments created for this purpose by Heartbit to monitor and collect raw ECG and heart rate data. Using such data, Heartbit Services will provide you with specific analytical data regarding your physical condition in a clear and easily understandable format (raw ECG and heart rate data together is referred to as "Health Data"). We note, that without the collection of Health Data, Heartbit Services will not be able to provide you with further data and analytics produced based on the raw data collected, leaving the functions of Heartbit Services severely limited and will only display real time data and running details during exercise;

e. Heartbit also collects and controls your personal data required for providing you with notification regarding the pre-order of the Device. This includes your name, country of residence and email address. In addition, based on your separate consent, Heartbit will collect and control additional data for marketing research purposes in connection to the Heartbit Services during and after the pre-order period. This data includes your year of birth, gender, phone number, activity level, what type of sports do you generally do, your activity level and information on where did you hear from Heartbit;

f. Upon accessing the Website we also collect various data from your browser, computer, regarding what device or platform you use during your visit. This technical personal data includes device and network data, cookies, log files and other various personal data. The Website and Heartbit Services also record various technical log files. Likely personal data stored in such log files include IP addresses, MAC addresses the type of browsers you use, details regarding your internet service provider, platform data (Android, iOS), date and time stamps, and number of clicks;

g. Heartbit aims to provide athletes and enthusiasts with regular updates, news and notifications on the latest trends and news regarding the world Heartbit and fitness tracking. Based on your consent, Heartbit will send you the regular letters featuring sports news, Heartbit Services and Heartbit merchandise.

2. WHY AND ON WHICH BASIS DOES HEARTBIT USE YOUR PERSONAL DATA?

Heartbit collects and processes personal data on various legal grounds.

In the following points we list the legal grounds Heartbit relies on to collect, use, share, and otherwise process the personal data we receive about you for the purposes described in this Privacy Policy:

1. To fully experience Heartbit Services: Heartbit Services is designed to analyse and process Health Data and provide you with the most advanced health statistics possible. In order for us to fulfil our duties towards you in this respect, we require to collect both personal data as well as Health Data;

a. Personal Data: Legal grounds to process your personal data (that is not Health Data but is required to provide you with Heartbit Services) is provided by your consent pursuant to Article 6 (1) lit. a.) and our obligation to perform Heartbit Services under Article 6 (1) lit. b.) of the GDPR;

b. Health Data: Health Data will always be collected and processed based on your prior explicit consent pursuant to Article 9 (2) lit. a.) GDPR. This consent, like any other, can be withdrawn at any time. We stress that without the processing of Health Data you will not be able to experience the full capabilities of the Heartbit Services.

People under the age of 16: Due to applicable data protection regulations, Heartbit Services will not be available for persons under the age of 16. Accordingly, potential users under the required age limit will not be able to register with the Heartbit Services and create an Account. When calculating the age of each potential user, Heartbit only relies on the information received for the purposes of creating your Account or as part of the essential data listed in Clause 1. a.) above. Heartbit undertakes no responsibility for the validity of the received personal data an the provided age of the user.

2. To enable the proper functioning of the Website: Heartbit will require to process certain technical data and user preferences to enable the functionalities of the Website, as well as to provide you with the best possible user experience. Legal grounds for the processing of such data is provided by Heartbit's obligation to perform services as well as its legitimate interest under Article (1) lit. b.) and f.) of the GDPR;

3. To facilitate pre-orders and perform orders of the Device: Currently, you have the chance to register yourself for a pre-order list for the Device, which may only be purchased later through the Website;

a. Notification to inform you of Device availability: In order to provide you with notifications on the availability of the Device, We will process your pre-order data as long as the pre-order period lasts. Once the pre-order period ends, we will notify you of this event and you will be offered the chance to be the first to place your order for the Device. legal grounds for the pre-order pursuant to Article 6 (1) lit. b.) of the GDPR;

b. Marketing research based on the pre-order information: In case you provide your separate consent upon pre-ordering the Device, we will process your data mentioned in Clause 1. e.) for the special purposes of conducting market research and to provide information through newsletters on Heartbit Services. Legal grounds for the pre-order marketing content is provided by your consent pursuant to Article 6 (1) lit. a.) of the GDPR;

c. To facilitate orders and manage payment data: Once you place your order for a Device at any time, we will need to process your payment, delivery and any other required personal data to fulfilment of our contractual and other obligations e.g. throughout payment, following payment to comply with statutory accounting and tax obligations. Legal grounds to process these data are the requirement to perform orders and to comply with legal obligations pursuant to Article 6 (1) lit. b.) and c.) of the GDPR;

4. To provide you with the latest news and updates on Heartbit Services: In case you provide your separate consent for us to send you updates and notifications on the latest news on Heartbit Services, we will process your email address for the purpose of sending newsletters. Legal grounds for processing your email address is provided by your consent pursuant to Article 6 (1) lit. a.) of the GDPR;

5. To comply with our statutory legal and regulatory obligations: where necessary to comply with a legal obligation, a court order, or to exercise and defend legal claims; In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In these cases, where processing of your personal data is necessary for compliance with a legal obligation to which Heartbit is subject, our legal grounds to process your personal is derived from Article 6 (1) lit. c.). Here we note, that we will only share personal data with companies, outside organizations or individuals if we have well established grounds to access, use, preserve or disclose personal data to the extent it is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request, detect, prevent, or otherwise address fraud, security or technical issues or protect against harm to the rights, property or safety of our users or the public as required or permitted by law.

6. To protect your vital interests, or those of others, such as in the case of emergencies: We will also process your data in case it is required to prevent, to detect and to investigate crime and serious violations and obligations. In these cases, the legal grounds In these cases our legal grounds to process your personal data in addition to your consent is further derived from Article 6 (1) lit. d.) of the GDPR;

7. Defence of legal claims and litigation: In these cases our legal grounds to process your personal data is derived from Article 6 (1) lit. f.) of the GDPR whereby processing is necessary for the purposes of the legitimate interests pursued by Heartbit or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

8. To fulfil our legitimate interest: We will process your data where necessary for the purposes of Heartbit’s legitimate interests, such as our interests in protecting our members, our partners’ interests and our commercial interests in ensuring the sustainability of the Heartbit Services. Legal grounds to process your personal data in such cases is derived from Article 6 (1) lit. f.) of the GDPR.

3. HOW PERSONAL DATA IS SHARED AND WHO DO WE SHARE IT WITH?

When you choose to share personal data with others

Heartbit makes it possible to share personal data you wish to make public with other Heartbit members and the public on other social platforms as mentioned in the beginning of this Privacy policy. Personal data shared on these platforms will be visible by other users based on the settings you have chosen in your privacy settings on the respective social platform. Please always make sure to chose the privacy options you prefer when sharing content on other social platforms.

With service providers of Heartbit

Heartbit may share your personal data with service providers and other recipients, to support and improve its features and services and also to perform pre-orders or process payments. Service providers in these cases will only receive access to personal data which is absolutely necessary to perform these tasks and provide features on the behalf of Heartbit. These recipients must adhere to the requirements set out in this Privacy Policy are always strictly required to protect and secure your personal data provided to them.

When it is required from us by law or court order

We may retain and forward personal data with particular types of third parties, which include in particular law enforcement agencies (police, state secret service, international crime fighting organisations), public or governmental agencies, or private litigants, also from outside your country of residence, if we are obliged to disclose personal data based on the word of the law or reasonably necessary to comply with the law or when is required to respond to court orders, warrants, or other legal or regulatory processes. Personal data may also be processed if Hearbit determines that disclosure is reasonably necessary to prevent the death or serious bodily injury of any person, to address issues of national security or other issues of public importance.

When we need to protect our business interest

Heartbit is determined to detect and combat any breaches of our Terms and Conditions or to prevent any fraud or any means of abuse committed against Heartbit Services, any of its members or any third-party. Heartbit will protect its operations, property and other legal rights provided under law which may lead to us disclosing data to the legal counsel, consultant or other third parties we may choose to engage regarding these matters. However, we are determined that when seeking advice of these third parties, we will always make sure, that arrangements for the co-operation with these third parties provide adequate protection to personal data shared in the process.

What does Hearbit do to protect personal data

We take several measures to protect and safeguard the personal data we process. These solutions and features are located and active on the Website and in the Heartbit Services to ensure that data processed and controlled by Heartbit is constantly protected against outside attacks and are only accessible to members and authorized parties. Heartbit understands that technology is rapidly evolving, that is why Heartbit deploys state of the art technology, that conforms with current standards to safeguard personal data processed by us.

To help ensure that the measures we take are more effective in preventing unauthorized access to your private personal data, you should be aware of the security features available to you through your browser. Our Website applies HTTPS protocol for its operation in order to protect the privacy of our users. Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid services identification personal data for the Services you are communicating with, or send personal data over an unsecured connection. Heartbit recommends that you enable these browser functions to help ensure that your communications are secure when visiting the Website or using Heartbit Services.

Disclaimer

Although Heartbit endlessly strives to protect your personal data by deploying state of the art technology, absolute security can not be guaranteed. Despite our best efforts Heartbit cannot fully ensure or warrant the security of personal data processed by Heartbit. Transmitting personal data is done at your own risk.

4. MANAGING YOUR PRIVACY SETTINGS

Privacy Setting

Heartbit offers several features and settings to help you manage your privacy and how you share your activities. Privacy controls are located in various parts and features of the Application and control different aspects of data processing done by Heartbit. The following privacy setting are available in the Application:

Updating mandatory Account data

You may correct, amend or update mandatory personal data in your Account at any time by adjusting them in your Account settings, under the "Mandatory Data" section. If you need further assistance correcting inaccurate personal data, please contact Heartbit. Heartbit will generally respond to your request within 30 business days. Deleting personal data and your account

Once you have decided to delete your account, all your personal data, including your Account, activities and corresponding Health Data cannot be reinstated and will be lost permanently.

Content you have shared with others, such as photos, or that others have copied may remain visible after you have deleted your Account or deleted specific personal data from your own Account. Heartbit also provides you the option to remove individual running details or Health Data available for each individual exercise session in the Member Zone without deleting your Account or other running details or personal data.

Management of Health Data

During your workout sessions, the Device and the Application will collect and generate various types of Health Data. Until you choose to synchronize, running details and ECG data will remain on your device. Running details and ECG data will only transfer to Heartbit if you synchronize. You will be able to how to synchronize and manage transfer of your Health Data in the Application.

5. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

In accordance with applicable regulations, you have the following rights as a data subject:

• You have the right to access your personal data: you can obtain information relating to the processing of your personal data, and request a copy of such personal data;

• You have the right to rectify your personal data: where you consider that your personal data are inaccurate or incomplete, you can request that such personal data to be modified according to your request;

• You have the right to erase your personal data: you can request the deletion of your personal data to the extent permitted by applicable law;

• You have the right to restrict the use of your personal data: you can request the restriction of the processing of your personal data;

• You have the right to withdraw your consent to the processing of your personal data: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time;

• You have the right to data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party;

• Furthermore, you have the right to object to the processing of your personal data at any time to the extent we process your personal data for the purposes of our legitimate interests and/or of direct marketing.

If you wish to exercise the rights listed above, please contact us on the address shown in Clause 7 below or if you are a member, please use the features available in the Application.

Right to Access and Porting

You can access much of your personal data by logging into your Account and request data in a readable format by clicking on the "DOWNLOAD DATA" button under privacy settings any time. If you require additional access or if you do not have an Account or the Application, please contact us on the address shown in Clause 7 below.

Right to Rectify, Restrict, Limit, Delete

You can also rectify, restrict, limit or delete much of your personal data by logging into your Account, such as to edit your Account details, delete photos you have posted, remove individual activities from the Member Zone without deleting your Account, or completely delete your Account. If you are unable to do this, please contact us at Heartbit. Heartbit will generally respond to your request within 30 business days.

Right to Object

Where we process your personal data based on our legitimate interests explained above, you can object to this processing in certain circumstances. In such cases, we will cease processing your personal data unless we have compelling legitimate legal grounds to continue processing or where it is needed for legal reasons.

Right to Revoke Consent

Where you have previously provided your consent, such as to permit us to process Health Data or other health-related data about you, you have the right to withdraw your consent to the processing of your personal data at any time. For example, you can withdraw your consent by updating your settings or delete your Account. In certain cases, we may continue to process your personal data after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

Retention of Personal data

We retain personal data as long as it is necessary to provide the Heartbit Services. Personal data associated with your Account will generally be kept until it is no longer necessary to provide the Heartbit Services or until your Account is deleted. However, in certain cases we may retain personal data for a longer period to comply with our statutory obligation prescribed by law. This personal data is also processed in accordance with this Privacy Policy.

Notwithstanding the above, personal data processed based on your consent or Health Data processed based on your prior explicit consent will be deleted upon your request. We will not continue processing such data once you have exercised your right for deletion of such personal data.

You can delete only some items of personal data (e.g., profile personal data) and you can remove individual activities from view on the Heartbit Services without deleting your account. Following your deletion of your account, it may take up to 30 business days to fully delete your personal data and system logs from our systems.

Use of anonymized data

As mentioned, Heartbit only uses and analyses anonymized Health Data, namely Health Data which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. Heartbit does not process any Health Data relating to an Account after it was deleted or the consent to the processing for that Health Data was revoked. Anonymized data means, that such data no longer carries any connection to the data subject from whom it originated. Accordingly, Heartbit only use anonymized data while pursuing its goal of further developing its services and carrying out business development and other scientific research.

Changes to this Privacy Policy

Heartbit reserves the right to modify this Privacy Policy at any time, therefore we invite you to review its contents from time to time. Updates to this Privacy Policy will be posted on the Heartbit Services in a timely manner and, if we make material changes, we will provide a prominent notice. If you object to this Privacy Policy or any of the changes to this Privacy Policy, you should stop using the Heartbit Services and delete your Account.

6. HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?

In a world of constant regulatory and technological changes, we may need to regularly update this Privacy Policy.

We invite you to review the latest version of this Privacy Policy online and we will inform you of any material changes through the Application or the Website.

7. HOW TO CONTACT US?

If you have any questions relating to our use of your personal data under this Privacy Policy or have any complaint regarding the way we process your data, please contact us on the following email address: info@theheartbit.com

Lodging a complaint

If you are not satisfied with the way your request was handled, you can lodge a complaint with the competent Hungarian supervisory authority, which is the Hungarian National Authority for Data Protection and Freedom of Information (in Hungarian Nemzeti Adatvédelmi és Információszabadság Hatóság) or pursue your claims in front of the competent Hungarian courts.