Neurovalens Privacy Policy | Last modified: March 2022

GENERAL

We want to protect the privacy of visitors to our website and our mobile application (the App) and the privacy of our customers, collaborators, contacts and other individuals whose personal data we handle. Please read the following policy; it will help you to understand how we use personal data.

Neurovalens collects certain data about you and uploads that information to our mobile application and website. When you sign up to use Modius you may provide us with information through a number of channels. As such, this privacy policy applies to the information you may provide to us or that we may collect from you when you use our Modius device and related software (Device), visit our website http://www.neurovalens.com or other Company websites that link to this policy (Website), or use the Modius mobile application.

(Application)—collectively referred to in this policy as the Service.

By using the Service, including visiting, accessing or using the Device, the Website or the Application, you are accepting the practices described in this Privacy Policy. If you do not agree to these practices, please do not use the Service, including visiting, accessing or using the Device, the Website or the Application.

What personal data do we collect?

When you use the Service and/or the Device, we collect several types of information, including information:

By which you may be personally identified, such as your name, postal address, e-mail address, telephone number, any other identifier by which you may be contacted online or offline (Personal Data); and/or That is about you, but does not identify you.

We collect this information in a variety of ways:

Directly from you when you provide it to us;

Automatically as you use the Service;

From third parties, such as our business partners, social media services that link you to our Website or Application, and through advertising partners. If you choose to connect your Service account with an account of another service, we may receive information from the other service. For instance, if you connect with us through Facebook or Google, we may receive information like your name, profile picture, age, language, email address and friends list. You may choose to grant us access to your account activity from another service, and you can stop the sharing of that data with us by removing our access to that service.

When placing an order on the Website, we may ask you for a telephone number so we can communicate a verification code to that telephone number and have you enter the code into our Website. This helps us to verify that you’re actually a human being. A team member or partner may also contact you at this number to help you with the ordering process unless you choose not to be contacted.

When you sync your Device through the Application downloaded on your mobile device or through your account on our Website, data collected from the Device about your activity is transferred from your Device to our servers. The Application is set up to automatically sync or update, and does not require you to directly initiate the syncing process. This data is stored and used to provide you with Service, and is linked to your account. Data is logged about these syncing transmissions for purposes of administering Service to you and to ensure we continue to improve our products and services.

Information you provide to us

The information we collect may include:

Information you provide to us when you register for the Service. We collect information such as your email address, Facebook email (if different), first and last name, date of birth, gender, height, weight, body mass index (BMI). We also may collect information about your health, lifestyle and objectives for using the Service.

Information that you provide by filling in forms on our Website or Application. In order to use the Service you must provide us with your height and weight upon registration. We may capture updated information about your weight and body measurements, if you choose to provide us with such information throughout your use of the Device and Application.

If you enter a contest or promotion sponsored by us, we may also collect information that you provide on a contest or promotional form—this form may be on our Website or on the website of one of our partners.

If you participate in a clinical trial with us certain data will be collected about you for the trial but you will be provided with more information in relation to this before the trial commences.

Records and copies of your correspondence (including email addresses), if you contact us.

Your responses to surveys that we might ask you to complete for research purposes.

Information you provide to us while ordering products or requesting further services. We do not collect or store the financial information (e.g., credit card number, type, expiration date) you provide when ordering goods or services on our Website. Financial information is collected and processed by our third party payment processor (Payment Processor). The use and storage of financial information is governed by the Payment Processor’s terms of service and privacy policy. We obtain transaction information from our Payment Processor in order to fulfil your orders and track your use of the Service, but we do not access any financial information you provide.

You also may provide information to be published or displayed (posted) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, User Contributions). Your User Contributions are posted on and transmitted to others at your own risk. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorised persons.

Information we collect through automatic data collection technologies

As you navigate through and interact with our Website or Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

Details of your visits to our Website or Application, including usage details such as traffic data, location data, logs, and other communication data and the resources that you access and use through the Service.

Information about your computer and Internet connection, including your operating system, browser type and Internet Protocol (IP) address: this is a string of numbers unique to your computer that is recorded by our web server when you request any page or component on our Website.

Information collected through cookies, web beacons, and other tracking technologies including tracking pixels.

Data that is collected automatically through our Device including device session information and device logs, which may include your location information.

Other third party services may be integrated into our Website and Application. A cookie may be set to properly integrate the third party service with the Service. Information we collect directly through a third party service will be governed by this privacy policy. Any information the third party directly collects through their own service offerings will be governed by their privacy policy.

The Service may use social media features that require login and sharing. In order for such features to function properly, a cookie may be set to collect certain information across sites. The Service may use social media features such as Facebook login and sharing. In order for such features to function properly, a cookie may be set to collect certain information across sites. These features may be hosted by Service, or by a third party. When you interact with such social media features, the privacy policy of the entity providing the feature will govern. We encourage you to check the privacy policies of other third parties through or in conjunction with the Service to learn about their practices with respect to the collection, use, disclosure, and protection of your Personal Data.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioural tracking). The information we collect automatically may include Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties.

It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

Estimate our audience size and usage patterns.

Store information about your preferences, allowing us to customize our Website according to your individual interests.

Speed up your searches.

Recognise you when you return to our Website.

The technologies we use for this automatic data collection may include

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.

Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). We or a third party service provider acting on our behalf may use web beacons to analyse usage and functionality of the Website.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website (including tracking pixels). The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content.

Information collected directly by third parties through these mechanisms is subject to the privacy policies of those third parties. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How do we use personal Data?

We use information that we collect about you or that you provide to us, including any Personal Data:

To provide you with the Service, and more specifically to present our Website or App and its contents to you.

To provide you with information, products, or services that you request from us.

To fulfil any other purpose for which you provide your Personal Data.

To provide you with notices about your account, including expiration and renewal notices.

To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

To notify you about changes to the Service, or any products or services we offer or provide through it.

To allow you to participate in interactive features on our Website or Application or that are part of the Service.

In any other way we may describe when you provide the information.

For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you.

If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data.

To whom might we disclose personal data?

We may disclose Personal Data that we collect or you provide as described in this privacy policy:

To our subsidiaries and affiliates.

To contractors, service providers, and other third parties we use to support our business. These third parties are obligated by contract to limit their use of any

Personal Data they receive from us for the specific purpose for which the information was shared, and to safeguard the Personal Data.

To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of the assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us is among the assets transferred.

To third parties to market their products or services to you if you have consented to these disclosures. For more information, see Choices About How We Use and Disclose Your Information.

To fulfil the purpose for which you provide your Personal Data to us.

For any other purpose disclosed by us when you provide the information.

We may also disclose your Personal Data:

If we believe the disclosure is necessary to comply with the law, including in response to a court order, valid legal process, or a government or regulatory request.

If we must disclose your information for this purpose, we will make an effort to notify you in advance by email, to the extent such notice is legally permissible.

To enforce or apply our Terms of Use or Terms and Conditions of Sale and other agreements, including for billing and collection purposes.

If we believe disclosure is necessary or appropriate to protect our rights, property or safety or the rights, property, or safety of our customers, our employees or others.

This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices about how we use & disclose your information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Tracking Technologies and Advertising. You can set your browser to refuse certain browser cookies, or to alert you when cookies are being sent. Information on changing your browser settings to opt out of cookies can be found in your browser settings. Where we use Google Analytics, you can opt out of Google Analytics for display advertising or customize Google Display Network ads on their website. You can opt out of Google Analytics on their website. You may opt out of targeted ads on Facebook on their website. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this site may be inaccessible or may not function properly. Note that some cookies are necessary for us to provide you with the Service.

Promotional Offers from the Company. If you do not wish to have your email address used by us to promote our own or third parties’ products or services, you can opt-out by checking the relevant box located on the form on which we collect your data or at any other time by sending us an email stating your request to privacy@modiushealth.com. If we have sent you a promotional email, you may opt-out of receiving future promotion emails by clicking on the unsubscribe link at the bottom of the email. Whether or not you have received a promotional email, you may send us an email at any time asking to be omitted from future email distributions. Opting out of promotional emails does not mean that you will not receive future emails from us related to a product purchase, warranty registration, product service experience, or other transactions.

The Company, our subsidiaries and affiliates, contractors, service providers, and other third parties we use to support our business will not use your phone number for marketing or promotional purposes.

Access to your personal data & correcting it

You have the right to request a copy of the personal data which we hold about you. If you would like a copy of some or all of your personal data, please contact: privacy@neurovalens.com. or alternatively you can write to us at Neurovalens Ltd, 4th Floor, 7 James St South, Belfast, Co Antrim, BT2 8DN.

We would like to keep your personal data accurate and up to date. If you become aware of any errors or inaccuracies, please let us know by contacting: privacy@neurovalens.com. or alternatively you can write to us at Neurovalens Ltd, 4th Floor, 7 James St South, Belfast, Co Antrim, BT2 8DN.

Links to other websites

Our website may contain links to other websites. This privacy policy only applies to this website. When you link to other websites you should read their privacy policies.

Security

When we process or use Personal Data, we take steps to ensure that it is treated securely and in accordance with our privacy policy. We have implemented appropriate technical and organisational security measures designed to secure your personal information from accidental loss and from unauthorised access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls, and is encrypted using SSL technology. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of your Personal Data, including Personal Data transmitted to or from our Website or Application.

Children under 16

Our Website and Application are not intended for children. No child may provide any information to or on the Website and Application. We do not knowingly collect Personal Data from children.

If you are a child, do not use or provide any information on our Website and Application or through any of their features, make any purchases through the Website and Application, use any of the interactive or public comment features of the Website and Application, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child, please contact us at privacy@neurovalens.com.

Our international operations & data transfers

We operate internationally and transfer information worldwide, including to the United Kingdom (UK), European Economic Area (EEA) and the United States (US) for the purposes described in this privacy policy.

We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clause by contacting us at the details set out in the How to Contact Us section below.

We also rely on certain processors to provide key functionality for our business. For example our part of our website is hosted by Shopify International Ltd. This data is transferred to Shopify Inc. in Canada, Shopify International Ltd’s parent company. This initial transfer is conducted pursuant to an adequacy decision (Canada’s data protection regime having been deemed adequate by the EU). Any further data transfers by Shopify Inc. to its sub-processors will be undertaken subject to strict contractual commitments.

- Please note that our App is hosted in the EU.

Retention of your personal data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

European privacy disclosures

If you live in the EEA, the UK or Switzerland, please review these additional privacy disclosures under the European Union’s General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 (DPA).

Your Data Controller

Neurovalens Ltd, company number NI617853, whose registered office is at 8 Carmagrim Road, Ballymena, Co Antrim, BT44 8BP, is your data controller and provides the Services and goods to you.

For our contact information, please see the How to Contact Us section.

Health and other special categories of personal data

To the extent that information we collect is health data or another special category of Personal Data subject to the GDPR or the DPA, we ask for your explicit consent to process the data. Please note that the ‘health’ data that we capture within the App is weight records and sleep scores. Both of these are optional features, users can stop using the feature and delete previous sleep scores and weight records within the App.

To facilitate the purchase of a prescription Modius device (US only), protected health information (PHI) may be collected in order to determine if you are a suitable candidate for treatment. This data may be transferred to our partner, Beluga Health, who will then provide a consultation with a medical doctor who may issue you a prescription for a Modius device if you are a suitable candidate. Beluga Health is obligated by contract to process your data responsibly and in accordance with applicable laws. All data captured for this purpose is processed and stored in compliance with the Health Insurance Portability and Accountability Act (HIPAA). The processors we use for this purpose are:

  • Jotform (Jotform Inc.)
  • Keragon (Keragon Inc.)
  • Google Workspace (Google LLC)
  • Zendesk (Zendesk Inc.)

Our legal bases for processing personal data, when we seek your permission

Often, we will be using your information in accordance with your specific consent or instructions: for example, because you have requested or consented to receiving certain information (i.e. by signing up to our mailing list) or entered into a contract with us for goods and services.

At other times we will use your information on one of the other lawful bases described below in this section.

Contract

When you enter into a contract for goods or Services with us, or where you wish to register an interest in doing so, we will use your personal data to enter and fulfil our contractual relationship with you.

Fulfilling our contract with you means being able to manage and administer our Services, and maintain our standards of tailored service levels, customer care and consumer compliance. This might include fulfilling orders or returns, processing payments or refunds, and providing aftercare, as well as improving your customer experience online and otherwise, including by monitoring service levels and responding to feedback.

Legitimate interests

Other uses of your information are made for ordinary and transparent purposes which we think are necessary for our legitimate interests as a provider of the Services and other goods, including medical devices. We use your information on this basis to do the following:

Recognise and remember you when you visit our Website and better understand how you use our Website and others by using cookies to follow your use. (See above section Information we collect through automatic data collection technologies for further details on cookies)

Keep you updated on any services you have subscribed to, or any products you have purchased, and/or about similar services unless you have told us otherwise (including where we are working alongside other service providers to provide these services)

Contact you to let you know about any of our products, services or promotions (which may in some cases be provided by third parties), including by email, mail, telephone, or SMS text message, always having regard to your preferences.

Collect and log numeric internet addresses to improve the website and to monitor website usage.

Some limited uses of your data are required to comply with legal obligations, for example fraud detection and taxation.

What are your legal rights

Under certain circumstances, by law you have the right to:

Withdraw any consent you have given to us, although this will only be relevant where we are relying on your consent as a basis to use your personal information, but it is an absolute right. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes for which you originally gave your consent, unless we have another legal basis for doing so.

Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at privacy@modiushealth.com.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

If you don’t feel we’re adhering to this Policy, what should you do?

If you believe that we have not adhered to this privacy policy or need further assistance regarding your rights, please notify us by email at privacy@modiushealth.com and we will try to solve the problem promptly in accordance with applicable laws. If you are not satisfied with our response, or have any other queries, you can also contact the Information Commissioner at www.ico.org.uk or 0303 123 1113.

California Privacy Disclosures

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@neurovalens.com.

Canadian Privacy Disclosures

This Privacy Policy complies with the principles of Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”).

Changes to this Privacy Policy

We keep this privacy policy under regular review and we may change it from time to time. Any updates will appear on this webpage. Please check it each time you visit this website or provide us with any personal data.

We last updated this privacy policy on 1 March 2022.

How to contact us?

If you have any questions about this privacy policy or any personal data which we hold about you, please contact: privacy@neurovalens.com.

You may also contact us at:

Neurovalens Ltd, 4th Floor, 7 James St South, Belfast, Co Antrim, BT2 8DN.

ASSESSING AND CORRECTING YOUR INFORMATION Assessing & Correcting your information

You can send us an email at privacy@modiushealth.com to request access to, correct or delete any Personal Data that you have provided to us.

We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if the request is unreasonable or we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from any of the Websites or App, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website or App users. Proper access and use of information provided on the Websites or App, including User Contributions, is governed by our terms of use.