Breathe Remote Monitor (RM) – App Privacy Policy
12th October 2023

Magic Bullet Ltd (“us”, “we”, or “our”) (registered at 350 Wokingham Road, Earley, Reading, Berkshire RG6 7DE with company number 04886771) operates the Breathe Remote Monitor (RM) mobile application (the “App”).

This Privacy Policy informs the user of our App (“you”) of our procedures regarding the collection, use, and disclosure of personal data when you use our App. We are the controller of any personal data collected and processed in relation to the App and we are committed to protecting and respecting your privacy at all times. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By using the App, you agree to the collection and use of your information in accordance with this Privacy Policy.

What personal data do we collect:

While using our App, we will ask you to provide certain personal data including but not limited to: Spirometry, Oximetry, Heart Rate, Activity, Sleep, Weight, Temperature, and selfreported measures of Wellness and Coughing (“Health Details”). If you are taking part in a clinical evaluation, you will only need to provide us with an anonymized email address created specifically for the purpose of the evaluation. If you are not taking part in a clinical evaluation, you may need to provide certain personal data to enable your clinical team to identify you, including your full name, email address, hospital number, NHS number, and date of birth. When you access the App by or through a mobile device, we may also collect certain information automatically, including the make and model of your mobile device and analytics on how you use the app.

How we use your personal data:

We use the personal data collected from you for various purposes, as follows: o To provide and maintain the App. o To analyse your use of the App so that we can make improvements. o To share your personal data with your clinical team where you have provided your explicit consent for us to do so.

Your rights:

You have the following rights in relation to our processing of your personal data through the App:

The right to access personal data we hold about you:

You can contact us to request a copy of the personal data we hold about you, as well as why we process that personal data, who has access to it, and where we obtained it.

The right to correct and update the personal data we hold about you:

If the personal data we hold about you is out of date, incomplete, or incorrect, please let us know, and we will ensure that it is updated.

The right to have your personal data erased:

In some circumstances, if you no longer wish us to process your personal data, you can request that we erase it. When we receive your request, we will confirm whether the personal data has been deleted or provide you with the reason why it cannot be deleted. Please note that if you choose to have certain account data erased, you will no longer be able to view this in the App. Please also note that if you choose to delete your account, it may take up to 30 days to delete all of your information.

The right to object to the processing of your personal data:

You have the right to request that we stop processing your personal data. Upon receiving the request, we will contact you to inform you if we are able to comply or if we have lawful grounds to continue, for example, if the personal data is required to allow us to provide you access to the App. If personal data is no longer processed, we may continue to hold your personal data to comply with your other rights.

The right to data portability:

You have the right to request that we transfer your personal data to another controller. Once we have received your request, we will comply where it is feasible to do so.

The right to lodge a complaint:

You can make a complaint to us by contacting us using the contact details set out below. Alternatively, you can also make a complaint to the data protection supervisory authority. In the UK, this is the Information Commissioner’s Office, and contact details can be found at https://ico.org.uk/.

Consent:

If you have given us your consent to use your personal data, you can withdraw your consent at any time. This will not affect the lawfulness of our use of your personal data before you withdrew your consent. If you would like to exercise any of your rights as set out above, please contact us using the contact details provided below.

Security of your personal data:

We recommend all app users familiarise themselves with the National Cyber Security Centre guidance on keeping your smartphones safe. If you choose to share your Health Details with us you will be required to log into the Breathe account section of the App. Once you have signed into your Breathe account, the App will automatically sync all of your personal data with us, including your Health Details. We use a combination of technical, administrative, and physical controls to maintain the security of your personal data once it has synced with the Breathe account. In particular, Microsoft Azure implements the transmission integrity and confidentiality control by ensuring that cryptography is implemented through a hybrid model. Our cloud infrastructure (which includes all hardware, software, networks, and the physical data centres that house it all) is located within the UK.

Duration of processing:

We shall retain your personal data for as long as is necessary to provide the App to you unless we are required by law to retain your personal data for a longer period.

Links to other sites:

Our App contains links to other websites that are not operated by us. If you click on a thirdparty link, for example, Fitbit, you will be directed to that third party’s website. We strongly advise you to review the privacy policy of every third-party website you visit before submitting any personal data. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services.

Children’s privacy:

If you are under the age of 18, your parent or guardian should supervise and manage your use of the App. If we become aware that we have collected personal data from children under the age of 18 without parental or guardian supervision, we will take steps to remove that information from our servers.

Changes to this Privacy Policy:

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy in the App. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted in the App. The last update to this Privacy Policy was made on 12th October 2023

Contact us:

If you have any questions or comments about this Privacy Policy, please contact us by emailing contact@magicbullet.co.uk or by following the link to https://magicbullet.co.uk/contact