1. Data of the Data Controller

Company Name: Psifiacos, S.L.

Tax ID: B72396039

Address: Parque Tecnológico de Álava. C/ Albert Einstein, 15. Edificio BIC Araba, Oficina 216, 01510 Vitoria-Gasteiz, Álava, España

Email: info@psifiacos.com

Website: www.psifiacos.com

Data Protection Officer: dpd@data-consulting.es

2. Applicable Regulations

Our Privacy Policy has been designed in accordance with the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), along with Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights, and its implementing regulations. The company may modify this privacy policy to adapt it to legislative, jurisprudential, or interpretative developments by the Spanish Data Protection Agency. These privacy conditions may be supplemented by the Legal Notice, Cookie Policy, and General Conditions that, where appropriate, are provided for the sale of certain products or services, if such access involves any special features in terms of the protection of personal data.

3. Purpose of Processing Personal Data

The processing we carry out of your personal data is for the following purposes:

1. Manage your registration in our application.

2. Execute the purchase contract concluded through the application's license purchase form.

3. Register, track, and analyze health data for the purpose of issuing alerts indicating risky eating behaviors.

4. Send you commercial information based on our previous contractual relationship.

4. Legitimacy for Processing Collected Data

1. Application registration form: The legitimacy for processing your data is your explicit consent at the time of providing us with the information, as expressed by checking the corresponding acceptance box.

2. Purchase form: The legitimacy for processing your data is the execution of the purchase and sale contract.

3. Health data: Processing is necessary for the execution of a contract in which the data subject is a party, in relation to Article 9.2.h from General Data Protection Agreement: processing is necessary for purposes of preventive or occupational medicine, assessment of the employee's working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services, based on Union law or Member State law or a contract with a health professional, subject to the conditions and safeguards referred to in Article 9.3 from General Data Protection Agreement.

4. Sending commercial communications: The legal basis is the existing legitimate interest, based on our previous contractual relationship.

5. How Long Will We Retain Your Data?

1. Application Registration: We will retain your personal data for this processing until you delete your account, which you can do at any time.

2. Purchase Form: We will retain your personal data for the time necessary to fulfill the legal obligations arising from that purchase process.

3. Health Data: We will retain your personal data for the time necessary to fulfill legal obligations arising from this process (Basic Law 41/2002 regulating patient autonomy). Once it is completed, if you have given your consent, they will be kept for scientific purposes in a completely anonymized form, making it impossible to associate the user with their health data.

4. Sending Commercial Communications: We will retain your personal data for this processing until you object to it.

6. Data Necessary for the Operation of the Application

Name and surname, ID number, Email, Phone number, Height, Weight, Gender, Date of birth, Blood type (Optional), use of a wheelchair, and health data.

7. Permissions that the Application May Request

1. Client App ANNi: Receive notifications, Bluetooth, Access to health SDK, SIM card information, Write to storage.

2. Supervisor App ANNiP: Receive notifications.

3. Watch App ANNiWear: Receive notifications, Access to body measurement sensor, Write to storage.

8. Managing Permissions

Android:

1. On your device, open the Settings app.

2. Tap Apps.

3. Tap the app you want to modify: If it doesn't appear, tap see all apps; then, select your app.

4. Tap Permissions.

▪ If you have granted or denied permissions to that app, they will appear in this section.

5. To change a permission setting, tap it and select Allow or Deny.

iOS:

1. Go to Settings > Privacy & Security.

2. Tap a category of information.

The list displays apps that have requested access. You can enable or disable access for any app on the list.

9. Data Disclosures

Your data will not be disclosed, except to fulfill legal obligations.

10. International Transfers

No international transfers will be carried out.

11. Security Measures

As part of our commitment to ensuring the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to guarantee the security of personal data and prevent its alteration, loss, unauthorized access, or processing, considering the state of technology, the nature of the data stored, and the risks to which they are exposed. However, the user should be aware that security measures on the Internet are not impervious. You can obtain more information about the security measures we apply by contacting us through the channels indicated at the beginning of this Privacy Policy in the section identifying the Data Controller.

12. Rights of the Data Subject

The data subject has the following rights regarding the processing of their personal data, and they may exercise these rights by contacting the Data Controller:

▪ If the legal basis for processing is consent, the right to withdraw it at any time, without affecting the legality of the processing prior to withdrawal.

▪ The right to request access to their personal data.

▪ The right to request rectification if the data is inaccurate, or to request its deletion (for example, if it is no longer needed for the purposes for which it was collected).

▪ The right to request the limitation of processing, provided that one of the conditions provided for in the regulations is met, in which case we will only keep the data for the exercise or defense of claims.

▪ The right to object to processing, for example, regarding the sending of commercial information by us, in which case we will cease processing your data for that purpose, except for compelling legitimate reasons or the exercise or defense of possible claims.

▪ The right to data portability.

▪ The right to lodge a complaint with the Spanish Data Protection Agency (the competent data protection authority), especially when satisfaction has not been obtained in the exercise of your rights: www.aepd.es

13. Data Processing

The application also runs in the background.

The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.