Last Updated: January 11, 2021.
PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE SERVICES.
You must be 18 years of age or older to use the Services. It is expressly prohibited for minors under the age of 18 to create or use an Anura account.
If you are a resident of the European Economic Area (including residents of Switzerland and United Kingdom), please see our “GDPR Compliance” section below which details how we process your personal data in accordance with the General Data Protection Regulation (“GDPR”).
Nuralogix Corporation (hereinafter: “Nuralogix”, “we”, “us” or “our” and terms of similar meaning) is the data controller responsible for the use and processing of your Personal Data as described in this Policy.
We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing our privacy practices and questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights (as detailed below), please contact the DPO using the following email address: firstname.lastname@example.org
Whenever you access or use our Services, we may process (e.g. collect, use, store, transfer, etc.) different kinds of personal data about you, which we will process in accordance with this Policy and which have been categorized as follows:
Data Category Data Type/Description Identification and Contact Data ● Email address ● Name ● Nickname/Username ● Phone number ● User ID ● IP address Personal Characteristics To achieve more accurate Measurement results, the processing and analysis may also require or
involve additional Personal Data including, but not limited to, the following: ● Age ● Weight ● Height ● Sex Biometric Data When you use Anura, we capture, but do not store, images and video through supported mobile
device cameras for the purpose of extracting and analyzing the following: ● Facial blood flow ● Facial landmarks and features Wellness Data and Measurements Biometric Data is used to provide you with Measurements such as heart rate, breathing rate,
pressure, heart rate variability, cardiac workload, stress index, body mass index,
cardiovascular disease risk, heart attack risk, stroke risk, general wellness score, or
similar derived data. This data is the output data generated from providing the Services as
opposed to what we collect. Personal Habits and Medical History To achieve more accurate Measurement results, the processing and analysis may also require or
involve additional Personal Data including, but not limited to, asking if you are any or all
the following: ● A smoker ● Diabetic ● Hypertensive ● Taking blood pressure medication Location Information The Services may include features that use precise location data that is derived from your
WiFi, compass, accelerometer, IP address, or public posts that contain location information.
collect this type of data if you grant us access to your location. Log Data When you use our Services, our servers automatically record certain information about how a
scripts, including without limitation your IP address, device carrier-related information,
configuration information, information about your interaction with our Services and your
patterns, device information, application settings, and the date, time and/or location that
Measurement was taken.
Identification and Contact Data
● Email address
● Phone number
● User ID
● IP address
To achieve more accurate Measurement results, the processing and analysis may also require or involve additional Personal Data including, but not limited to, the following:
When you use Anura, we capture, but do not store, images and video through supported mobile device cameras for the purpose of extracting and analyzing the following:
● Facial blood flow
● Facial landmarks and features
Wellness Data and Measurements
Biometric Data is used to provide you with Measurements such as heart rate, breathing rate, blood pressure, heart rate variability, cardiac workload, stress index, body mass index, cardiovascular disease risk, heart attack risk, stroke risk, general wellness score, or other similar derived data. This data is the output data generated from providing the Services as opposed to what we collect.
Personal Habits and Medical History
To achieve more accurate Measurement results, the processing and analysis may also require or involve additional Personal Data including, but not limited to, asking if you are any or all of the following:
● A smoker
● Taking blood pressure medication
The Services may include features that use precise location data that is derived from your GPS, WiFi, compass, accelerometer, IP address, or public posts that contain location information. We collect this type of data if you grant us access to your location.
We use different methods to collect data from and about you including through:
Direct interactions: You may give us your personal data (sensitive data included) by filling in forms or by corresponding with us by post, email or otherwise. This includes personal data you provide when you:
use our products or Services (Use Information)
When you use our Services, we may receive or collect information or data about you or relating to you such as product reviews, comments, your public profile, photos and videos.
create an account on our App (Log-in Information)
Depending on the jurisdiction in which you are based, you may be required to provide log-in information to use our Services and create an account to access the full features of our Services which may include your email address, name, nickname/username, phone number (Identification Data) and information related to your wellness and lifestyle (Personal Habits and Medical History).
give us feedback or contact us (Customer Support Information)
Any information that you provide to our customer support team from the correspondence that you send to us, any conversations you have with us and any feedback that you give us.
Third parties: We may receive personal data about you from third parties.
In our Anura mobile app we only use so-called "technical cookies", which allow us to recognize you as a user with each access. Such data is not passed on to third parties.
On the website, we also use Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
We use the Personal Data you provide or which we collect mainly for the following purposes. We have included below a list of all the ways in which we use your personal data and the lawful bases (where applicable) we rely on to do so.
Types of Data: Identification Data, Personal Characteristics, Biometric Data (Sensitive Data), Personal Habits and Medical History (Sensitive Data), Location Data, Log Data, Wellness Data and Measurements
Retention Period: Your Personal Data is stored for this purpose for 30 days after your user account is deleted or the termination of the service provision (or for a further time period where legally required).
Purposes: We continuously strive to provide the best experience possible. We therefore may use your Personal Data to analyse, develop, and improve technical functionalities and ensure the security of our Services.
Types of Data: Personal Characteristics, Biometric Data (Sensitive Data), Location Information and Log Data.
Retention Period: Your Personal Data is stored for this purpose until your user account is deleted or such period as is necessary in order to anonymize the data, test features or functionality and deploy patches and other bug fixes.
Purposes: The processing of Personal Data collected on the website for “direct marketing, commercial communications'' is subject to your expressed and specific consent (provided on the website). We may process your Identification data, for marketing purposes, by sending newsletters, commercial communications and / or advertising material, on products or services offered by us. Personal data collected on the mobile App is not processed for this purpose.
Types of Data: Identification and Contact Data
Retention Period: Your Personal Data is stored for this purpose for 30 days after your user account is deleted, the consent is withdrawn or the termination of the service provision (or for a further time period where legally required).
If necessary, we may use your Personal Data to manage and defend legal claims (e.g. in connection with a dispute or a court proceeding). We will in such case process the Personal Data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your Personal Data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.
For this purpose, we may also share certain information with other parties, please see below.
Finally, we may use your Personal Data to fulfil legal obligations that we have (e.g. accounting requirements or obligations under data protection laws). We will in such case process the Personal Data collected which is necessary in order to fulfill the legal obligation in question. Your Personal Data is stored for such a period as is necessary in order to fulfill respective legal obligations.
For this purpose, we may share your Personal Data with other parties, see below
We will only use your Personal Data for the reasons we have set above. If we need to use your Personal Data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
In general, we do not disclose the Personal Data about you to third parties without your consent or otherwise as specified in this Policy. We may disclose or share your Personal Data in the following circumstances:
We may disclose or share your Personal Data with third parties only in the ways described in this Policy, including as follows:
In certain situations, NuraLogix may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. NuraLogix may disclose your Personal Data (i) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (ii) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (iii) as otherwise required or permitted under any applicable law, rule, or regulation, (iv) in good faith, to protect or defend the rights or property of NuraLogix and other users, and (e) if NuraLogix is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data;
We may use third party service providers to provide certain data processing services for us (acting as our authorized data processors) with whom we have a data protection agreement in place. When acting as our authorized data processors, they are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations. Examples of authorized data processors could include: Amazon Web Services.
We may share anonymous, aggregate or generic data with third parties (such as our partners, advertisers, industry bodies, the media and/or the general public) for example, in public reports about stress or to partners under agreement with us. However, in these situations we do not disclose any information that could be used to identify you personally.
Our Services allow you to share your Measurements in various forms with others. For example:
You are able to share a link and/or image which will allow the recipient to access your Measurement(s).
Your Personal Data could be also shared by you, if you and other users are using and logging onto the family or enterprise version of Anura (where available) whereby certain user(s) or the administrator user of such version of Anura (subject to specific settings made and/or availability of relevant functions) would have access to the Measurement results or information of the other users.
Any Personal Data shared by you in the above circumstances will be shared by you with your consent. Please consider carefully whether or not you desire to share your Personal Data as described above.
We keep your data safe adopting the best practices and highest standards in terms of security.
All required technical and organisational security measures have been adopted.
We take various steps to protect your Personal Data from unauthorized access, use or modification and unlawful destruction and disclosure, for example:
we adopt encryption technology (such as SSL) to transfer and store your Personal Data;
we limit the access to your Personal Data on a strict need-to-know basis;
we put in place physical, electronic, and procedural safeguards in line with industry standards.
Please be aware that, despite our efforts, we do not warrant or guarantee that unauthorized access will never occur as no method of transmitting or storing information is completely secure.
In principle, unless otherwise stated, your Personal Data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent. After this period, we may keep your personal data for a further time period to: (a) communicate with you about any questions or complaints you may have after you have stopped being a user of our Services; or (b) to comply with the rules on accounting, reporting or any other law.
Furthermore, data may be stored if this has been provided for by the competent legislator in regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination - for whatever reason - of the agreement between the user and us we shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
To protect your privacy, certain information that we collect which can identify you as an individual is not stored. In particular, we do not store your facial image or video recordings neither on the device on which Anura is installed nor on the cloud.
We will retain your Personal Data for as long as is reasonably necessary for the various purposes mentioned above or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of specific types of Personal Data.
We will retain your data for as long as your account is active or as needed to provide you Services. We will retain and use your data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; this retention period may extend past the point at which you close your account.
In certain circumstances, we may aggregate your Personal Data (so that it will no longer identify you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you would like further information on how long we keep your Personal Data, please contact us using the details set out at the end of this Policy.
All Personal Data processed and collected to provide our Services outside of the device in which Anura is installed is stored with cloud service providers managed by us.
You can ask us for more information about where we may transfer or store your Personal Data and how we will take steps to ensure your Personal Data is protected by using the contact details at the end of this Policy.
Your access to certain rights depends on the country in which you are based and you may have certain rights in relation to the use of your Personal Data. If you wish to exercise your rights, please contact us at: email@example.com
You have the right to:
You have the right to request access to your Personal Data and request a copy of your Personal Data that we store. If you have created a user account, you can view certain information directly from our Services on your user interface or by sending us a specific request.
You have the right to request that Personal Data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account or by sending us a specific request.
If we rely on your consent to the use of your Personal Data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your Personal Data shall be deleted.
Please note that if you request us to remove your Personal Data, you may not be able to use our Services.
We may, however, still need to keep your Personal Data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
You have, under certain circumstances, the right to request that the use of your Personal Data is restricted. If you have requested restriction of the use of your Personal Data, please note that you cannot use the platform during the time that the use of your Personal Data is restricted.
Certain use of your Personal Data is based on our or others’ legitimate interest. You may have the right to object to the use of your Personal Data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your Personal Data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your Personal Data is necessary in order to manage or defend legal claims.
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your Personal Data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
Subject to the applicable law, you are entitled to submit the above requests by contacting us at firstname.lastname@example.org.
We will respond to all requests that we receive from users in accordance with applicable data protection laws. Subject to applicable laws, we reserve the right to refuse the request if it is manifestly unfounded or manifestly excessive. In these scenarios, we will inform you of the reasons why and your corresponding rights.
We may ask you to provide proof of your identity before we can answer your requests.
In certain situations, depending on the jurisdiction in which you are based, we may not be able to respond to your request.
As we are based outside of the EU, we have appointed the following EU Representative to act on our behalf when we undertake data processing activities to which the GDPR applies:
Via Segantini 28, Rovereto (TN)
We will only use your personal data where we have a valid lawful basis to do so in accordance with the GDPR.W here we mention our “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your Personal Data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your Personal Data.
Providing the Service
The processing of Personal Data is based on Art. 6. (1) (a) GDPR your consent and Art. 6. (1) (b) GDPR the necessity of the processing for the performance of the contract. The legal basis for the processing of sensitive data (health data) is the Art. 9 (2) (a) GDPR, i.e. your explicit consent.
Analyse, develop and improve technical functionalities, and ensure the security of our services
The processing of Personal Data is based on our legitimate interest in developing/improving, ensuring the technical functionality and the security of our Services (art. 6 (1) (f) GDPR). Special categories of Personal Data (sensitive personal data) may be processed for statistical and research purposes focused on analysing, developing and improving technical functionalities, and ensuring the security of our services (art. 9 (2) (j) GDPR in accordance with the appropriate safeguards (such as: pseudonymisation or anonymisation - art. 89 GDPR).
Direct Marketing, Commercial Communications
The processing of Personal Data collected on the website for “direct marketing, commercial communications'' is based on your consent (Art. 6. (1) (a) GDPR). Personal data collected on the mobile App is not processed for this purpose.
Storing your Personal Data
All Personal Data of European data subjects is stored in cloud service providers located in Germany. If we do transfer or store your Personal Data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your Personal Data to an equivalent data protection standard as in the EEA.
If you are in the EEA, as a data subject, you have a right to lodge a complaint with the competent supervisory authority under the conditions provided in Article 77 GDPR or seek a remedy in the national courts if you think that your rights in relation to your personal data have been breached. However, we would be grateful if you could give us the opportunity to address your complaint in the first instance by using the contact details provided at the end of this Policy.
If you have questions, suggestions, or concerns about this Policy, or about our use of your Personal Data, please contact us at email@example.com