Privacy Notice Magnes

1. Introduction

This privacy notice sets out how Magnes AG (“Magnes”) processes your personal data collected through the Magnes Nushu (“Wearable”), the Nushu App (“App”) and/or the Webportal (“Webportal”) in order to provide the product and services (the “Services”) offered by Magnes to you.

2. Who is responsible for the processing of your personal data?

The data controller of your personal data processed by Magnes is:

MAGNES AG

Hardturmstrasse 253

8005 Zürich

Switzerland

If you have a concern or complaint about the processing of your personal data please contact the controller via privacy@magnes.ch

3. What kind of personal data does Magnes process?

Magnes may process the following categories of personal data: For the purchase of the Wearable: Your name, contact details (i.e. address, phone number, email address), payment information (e.g. credit card details).

In the Wearable:

• Personal details: None
• Technical Information: Nushu identifier (i.e. MAC address, UID), Bluetooth® and WiFi settings (On/Off)
• Health data: Gait data

In the App:

• Personal details: Name (surname, middle name and forename), address, phone number, email address, date of birth
• Technical Information: IP address, Nushu identifier (i.e. MAC address, UID), dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off)
• Health data: Weight, shoe size, age, height, impaired side, gait data.

In the Webportal:

• Personal details: Name (surname, middle name and forename), address, phone number, email address, date of birth.
• Technical Information: Nushu identifier (i.e. MAC address, UID), dates and times of access to the wearable, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).
• Health data: Weight, shoe size, age, height, impaired side, gait data.

4. For what purposes does Magnes process your personal data?

Magnes processes your personal data for the following purposes:

• the sale of the Wearable and the provision of the Services, including the billing of the relevant fees;
• the provision of customer support and technical assistance, including the delivery of communications relating to the sale of the Wearable and the provision of the Services;
• the measurement of the service quality and relevant metrics of the Wearable and the App;
• the management of complaints and disputes;
• ensuring compliance with the applicable data protection laws and/or respond to request from public and government authorities;
• the performance of credit assessments by authorized companies;
• the performance of tests, updates, and developments in respect of the Wearable, the App and the Services provided by Magnes;
• the performance of due diligence activities by third parties such as acquirers, investors, and/or their advisors for a potential sale of the business or investment to the company;
• for the purpose of (direct) marketing communications concerning the Services;
• the delivery of newsletters;

5. On what legal basis does Magnes process your personal data?

Your personal data will be processed based one or several of the following legal grounds:

• Initiation, performance and termination of a contract regarding the Wearable and/or the Services
• Magnes‘ legitimate interests
• Compliance with applicable laws
• Your consent

6. Is there an obligation to provide your personal data?

You are free to provide your personal data or not.

Special Categories of Data (Health data) will only be processed by Magnes if you have provided your express consent to do so.

Please note that if you do not provide your personal data or your special category data, Magnes may not be able to sell the Wearable or provide the Services to you.

7. How does Magnes protect your personal data?

Your personal data will be processed both electronically and/or manually. To ensure the security, protection, and confidentiality of your personal data Magnes has implemented the appropriate technical and organizational measures against loss, theft, and unauthorized use, disclosure, or modification. All data transfers occur using HTTPS and the database needs to have a valid SSL certificate for the App to perform data transfers. The devices use a WPA2 encrypted network to transfer data.

8. Who can have access to your personal data?

Your personal data may be transferred to the following recipients located within Switzerland and the EEA and, in certain cases, outside Switzerland and the EEA:

• Third parties service providers required for the sale of the Wearable or for providing the Services, assistance or advice to Magnes, such as technology, accounting, administrative, legal, insurance, IT (including Cloud services) or marketing companies;
• Competent authorities
• Potential acquirers or partners of Magnes
• Credit agencies
• The doctor and/or the clinic where you are treated (subject to your consent)
• A third party you choose to share your data with (subject to your consent)

Where Magnes uses third party providers, Magnes will ensure that such providers adhere to the requirements of the relevant data protection laws. Where a third party recipient qualifies as a data processor, Magnes will enter into the appropriate agreements with such processor, in particular a data processing agreement where legally required.

9. Transfer of your personal data outside Switzerland and the EEA?

Generally, your personal data will be processed in Switzerland or the EEA.

For transfers outside Switzerland or the EEA, Magnes has put in place appropriate and suitable safeguards to protect your personal data in compliance with the requirements of applicable data protection laws, in particular Art. 44-50 of the GDPR. This may involve the transfer to countries with an adequacy decision or the use of standard contractual clauses adopted by the European Commission.

10. How long will Magnes keep your personal data?

Magnes stores your personal data for as long as this is necessary for the initiation, execution or termination of your contractual relationship Magnes and the provision of the Services. If the processing is based on your consent, your personal data will be retained until the consent is revoked.

When the contractual relationship has ended or you have revoked your consent, your personal data will be deleted by Magnes, except where Magnes is required to retain such data due to statutory retention obligations (e.g. for tax purposes) or Magnes has a legitimate interest to keep your personal data (e.g. in case of a dispute).

11. What are your rights with regard to your personal data?

You have the following rights in relation to personal data relating to you:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to object to processing
• Right to data portability

If you consider that the processing of your personal data is unlawful, you also have the right to lodge a complaint about our processing of your personal data with a data protection supervisory authority in your country of residence.

Insofar as you have given consent to Magnes for the processing of your personal data in respect of the purchase of the Wearable or the use of the App or Webportal, you may revoke this consent at any time with effect for the future. The processing of your personal data until your revocation remains unaffected.

To the extent that the processing of your personal data is carried out for Magnes‘ legitimate interests, you have the right to object to the processing of this data at any time for grounds relating to your particular situation. Magnes will then no longer process this personal data unless Magnes can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the assertion, exercise or defence of legal claims.

To assert your rights or for other data protection concerns, you can contact Magnes at any time via the contact channels listed in section 2 above and/or as set out in Magnes imprint.

12. Will there be automated decision making?

There will be no automated decision making about you by Magnes.

13. Can Magnes use anynomized data?

In order to assess, enhance and further develop the Wearable, the App or its Services and for scientific purposes, Magnes may use your personal data in an anonymized form. Your data will be anonymized completely by Magnes so that neither Magnes nor any third party can reverse the anonymization or identify you.

14. Minors

The Wearable and the App may be used by adults (i.e. people who are 16 years or older).

Where personal data of a child is processed, we require that a parent provides consent to the processing of personal data of the child.

15. Updates

This privacy notice may be subsequently updated. Material changes will be notified in advance and you will be able to review the latest version of the privacy notice on the website www.magnes.ch and on the App.