Intended use & Privacy

Intended Use

The BedSense can provide insights into a person's mobility and activity while in bed, assessing both current conditions and changes over time. Based on these insights, the BedSense assists caregivers in following protocols aimed to prevent injuries. The caregiver defines these protocols, which are then supported by visualizations and notifications delivered through the BedSense device, external systems (such as a computer, mobile device, or nurse call system), or both.

Use of Personal Data from Website Visitors, Customers, and Other Relations

To properly conduct our business activities, it is necessary to process personal data of our website visitors (www.momomedical.com, hereafter: "Website"), users of our mobile application (apps.apple.com/en/app/momo-bedsense/id1627980620 and play.google.com/store/apps/details?id=com.momomedical.momoapp, hereafter: "App"), customers, and other contacts. The Momo App and website are collectively referred to as the Services.

Through this privacy statement, Momo Medical informs you about how we, as the data controller, handle your personal data. It explains why we process your personal data, how we do so, and what rights you have (such as the right to access your data and the right to object to its processing). Our contact details are provided at the end of this document, should you have any questions or wish to exercise your rights.

Momo Medical is committed to the protection of your personal data and respecting your privacy. We handle personal data with the utmost care and attention. We believe it is important that personal data is processed in a way that respects established safeguards for privacy protection. To support this, we follow legal requirements for data protection, including the General Data Protection Regulation (GDPR), other relevant laws and regulations where applicable, and the guidelines in this privacy statement.

What Personal Data We Collect and Process

Personal data is information that can be used to identify you, such as your name, address, email address, IP address, telephone number, and age. In particular, we process the following categories of personal data:

Website Visitors

• Contact information provided when completing the *Demo request form* or sending an email, such as your name, email address and phone number, along with any personal information you include in the message.

• We also obtain personal data through cookies, including your IP address (for more information on cookies, see the section below).

Momo App Users

• Contact information provided when completing the *Demo request form* or sending an email, such as your name, email address and phone number, along with any personal information you include in the message.

• Contact details provided when filling out the app settings, such as your name and phone number.

• Personal data collected through cookies, including your IP address (for more information on cookies, see the section below).

• (Geo)location data from the mobile device on which the application is installed (for more information on (geo)location data, see the section below).

• Device ID of the mobile device.

Customers and Other Relations

• Contact details of the customer or their contact person, including name, position, email address, and telephone number.

How Momo Medical Collects Your Personal Data

Momo Medical may collect your personal data in several ways. First, you or your employer may provide this personal data through our Services or by sending an email. Additionally, Momo Medical may collect personal data through the use of cookies or similar technologies (for more information on cookies, see the section below).

Without this personal data, we may be unable to sign or fulfill agreements with you or to contact you. Without cookies or similar technologies, some parts of our Services may not be accessible. The purposes of our data processing are described in more detail below.

Legal Grounds and Purposes for Processing Your Personal Data

We process personal data primarily to execute our agreements with customers or based on our legitimate interest in contacting you as a relation and managing our relationship. Specifically, we process data only to the extent necessary for the following purposes:

• To enter into and perform agreements with customers.

• To follow up on your responses submitted via the online Demo request form (available through any of the Services) or your email.

• To ensure the proper functioning of the Services.

Sharing of Personal Data with Third Parties

Momo Medical may share personal data with third parties involved in processing data for the purposes described above. We have agreements in place with these third parties to ensure adequate safeguards for the careful processing of your personal data, in accordance with the law, Momo Medical's internal privacy policy, and this Privacy Statement.

For example, we may share personal data with our software vendor, who maintains our systems. We have established agreements with this software supplier regarding the processing of your personal data. For more information about these agreements, please contact us using the details below.

In some cases, we may also be required to provide personal data to other entities, such as judicial authorities, based on legal obligations. When doing so, we always strive to protect your right to privacy as much as possible.

We do not share your personal data outside the areas listed in the table below. If we need to transfer your data outside these areas, for example if a data center of our software supplier is located elsewhere, we will only do so under legal conditions, such as by using contracts that incorporate the EU Model Clauses.

| Momo Service | Data Processing and Storage Location<br>App | Data Processing and Storage Location <br>Customer support | |----------------------|-------------------------------------------------|-------------------------------------------------------------------| | European users | European Economic Area (EEA) | European Economic Area (EEA)<br>United States (US) | | North American users | United States (US) | United States (US)<br>Canada (CA)<br>European Economic Area (EEA) |

Our Role as Data Controller or Processor

When our client (for example, a healthcare institution) determines the purposes and means of processing its patients' or clients' personal data, the healthcare institution acts as the data controller for the personal data it handles. You can find more information about how these healthcare institutions use your data on their own platforms.

If applicable, Momo Medical processes this personal data on behalf of its client as a 'processor' within the meaning of the GDPR. This applies, for example, when the healthcare institution uses software purchased from Momo Medical that tracks the use of the BedSense. As a processor, Momo Medical will take appropriate technical and organizational measures to protect personal data from loss or unauthorized processing. In such cases, Momo Medical enters into processor agreements with the relevant customers regarding the processing of personal data.

However, when Momo Medical processes your contact details or other personal data as a website visitor, Momo App user, or customer, Momo Medical acts as the data controller.

How We Protect Your Personal Data

Momo Medical handles personal data with great care and, together with any processors, implements appropriate organizational and technical security measures to protect our website visitors, Momo App users, customers, and other contacts from unauthorized access, alteration, disclosure, or destruction of personal data. Additionally, the use of the Services and the information exchanged, collected, and analyzed are encrypted using an SSL certificate. For the website, this is indicated by the padlock icon in the URL bar.

If, despite these security measures, a security incident occurs that may negatively affect your privacy, we will notify you as soon as possible. We will also inform you about the steps we have taken to limit the impact and prevent similar incidents in the future.

How Long We Retain Your Personal Data

Momo Medical will not retain personal data longer than necessary for the purpose for which it was collected, unless we are legally required to keep it longer or if extended retention is necessary for our business activities, contract fulfillment, or dispute resolution. In general, we apply the following retention periods:

• If you complete our Demo request form through one of our Services, we will retain the form and any personal data it contains until your request has been processed. The data may be kept for up to one year to support any follow-up contract discussions.

• If you send us an email with a question, we generally keep the email only until your inquiry or the related matter has been resolved.

• Data of our contact persons with our clients and other relations (including data suppliers) is retained for up to two years after the end of the cooperation or relationship, as necessary and subject to legal obligations.

• (Geo)location data is kept only as long as needed for the purposes described above.

• Payment data is retained for seven years following payment, as required by tax legislation.

For more information about cookies placed on your device, please refer to the cookie information below.

Use of our Services and Cookies

When you use our Services, we need to collect certain information to ensure the connection works properly. For example, when you request a web page, the web server must know where to send it. To do this, your IP address is used. This is a number assigned automatically to your computer by your internet provider each time you connect to the internet, allowing you to be identified.

Our Services also use cookies. Cookies are simple text files stored by your browser on your computer, tablet, or smartphone. They contain information about general visit data, such as the most visited pages, browser type, date and time of your visit, and more. The Website or Momo App instructs your browser to store these cookies on your device. Cookies help make it easier for you to use the Services by optimizing the design for your needs. They can also be used to provide more targeted information.

When you visit our Website for the first time, we will ask for your consent to use cookies. You can then enable or disable certain cookies or block and delete them through your web browser. Most parts of our Website will still be accessible without cookies.

Momo Medical uses the following cookies:

1. FUNCTIONAL COOKIES

Functional cookies are essential for the proper functioning of our Services. They help make the Services more user-friendly by remembering certain preferences and tracking how visitors interact with the platform.

2. ANALYTICAL COOKIES

Analytical cookies are used to collect anonymous statistics about how our Services are used. Momo Medical uses Google Analytics for this purpose. For more information, please refer to the Google Analytics privacy policy: privacy policy of Google Analytics.

We use Google Analytics to measure how many visitors use our Services, where they come from, and which pages are visited. To minimize the impact on your privacy and ensure that your personal data is only used by Google for measuring visits and usage of our Services, we have taken the following measures:

• We have signed a data processing agreement with Google, setting clear terms for the use of personal data.

• We have configured Google Analytics to ensure that only a very limited part of your IP address is shared with Google.

• We have ensured that your personal data is not shared with Google and cannot be used by Google for its own purposes or for showing you targeted ads.

• We have configured the service so that Google cannot combine your browsing behavior across different devices or sessions.

• We do not use other Google services in combination with Google’s analytical cookies, aside from what is mentioned here.

If you prefer not to have your visit behavior tracked by Google Analytics, you can install a browser plugin from Google that blocks this tracking. The plugin is available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari, and Opera. This setting will apply to all websites you visit, not just ours. The plugin can be downloaded from the following link: https://tools.google.com/dlpage/gaoptout?hl=nl.

3. SOCIAL MEDIA COOKIES

Momo Medical uses cookies that enable you to share content from the Services via LinkedIn social media buttons. These buttons are built using code provided by the social media platforms themselves and place a cookie on your device. This cookie remembers that you are logged in, so you do not need to log in again each time you want to share something. These cookies are set by third parties. For more information, please refer to the privacy statements of Twitter and LinkedIn. As this information may change over time, Momo Medical does not control the content of these statements but makes every effort to keep the links up to date.

Processing of (Geo)Location Data in The Momo App

When you use our app, sharing your (geo)location data with Momo Medical is optional. The Momo App may collect location data using GPS, the distance to a Bluetooth beacon, and the name and signal strength of the Wi-Fi network your device is connected to. This data is used to optimize the app’s functionality for you and may also help provide more targeted information.

When you first open the Momo App, you will be asked for permission to collect location data. You will also be asked whether the app may collect location data while it is not actively in use. You can choose to decline these permissions. Most parts of the app will still be accessible and functional. You can withdraw your consent at any time through your device settings.

Links to Third-Party Websites

We are not responsible for the practices of third-party applications, websites, or services linked to or from our Services. Our privacy statement does not apply when you access another application, website, or service through a link on our Services. Your use of any third-party application, website, or service, including those linked from our Services, is governed by their own rules and policies. Our Services may contain links to other websites. We are not responsible for the privacy policies or content of these external sites. We encourage you to review the privacy statements of those websites before using them.

Your Rights Regarding Personal Data Processing

You have the following rights regarding the processing of your personal data:

• You may request access to the personal data we process about you. This means you can ask which personal data we have registered and the purposes for which it is used.

• You have the right to object to the processing of your personal data, for example if you believe the data is not necessary for our activities or legal obligations.

• You can request that we correct or amend your personal data, or restrict how it is processed.

• You can ask us to delete your personal data from our systems.

• You can also request that your personal data be transferred to another party.

Requests or other communications about exercising these rights can be submitted in writing using the contact details below. To process your request, we ask that you provide a reason for your request, including your signature, address details, file number, and a copy of a valid identification document. Please make sure to redact any unnecessary information, including your Citizen Service Number (BSN), for example by using the KopieID app. We will respond to your request within four weeks of receiving it. Your BSN will only be used for verification purposes and will be deleted afterward.

We will fulfill your request unless we have a compelling legitimate reason not to do so, such as when your privacy interest is outweighed by our interest, or if compliance would prevent us from fulfilling legal or legitimate obligations. Please note that, for technical reasons, it may not be possible to immediately delete all copies of your personal data from our systems and backups.

We may also refuse requests that are made excessively often, require disproportionate technical effort, have significant technical impact on our systems, or jeopardize the privacy of others. If we correct, supplement, or delete your personal data, we will also inform any third parties to whom your data has been disclosed about these changes.

Contact Details

If you wish to exercise your rights, have questions not addressed in this privacy statement, would like to provide suggestions or comments, or have complaints about how Momo Medical has handled your personal data, please contact us in writing at:

Momo Medical (registered with the Dutch Chamber of Commerce under number 68346832)

Marijn Mostert | Data Protection Officer
marked 'Data Protection Officer'
Molengraaffsingel 29
2629 JD Delft
fg@momomedical.com

If you are not satisfied with how we have handled your request, objection, or the processing of your personal data by Momo Medical, you have the right to submit a complaint to the relevant Data Protection Authority.

More information can be found using the link in the table below. | Momo Service | Data Protection Agency | Link with more information | |------------------|---------------------------------------|--------------------------------------------------------------------------------------------------------------------------| | Netherlannds | Autoriteit Persoonsgegevens (AP) | link | | Belgium | Gegevensbeschermingsauthoriteit (GBA) | link | | Germany | State level Data Protection Agency | | | North America | N/a | N/a |

Handling Possible Misuse of Personal Data

In the unlikely event that you discover a security breach or suspect that the security of your personal data has been compromised, please contact Momo Medical immediately. We have procedures in place to handle such reports promptly and carefully, in accordance with applicable law.

Amendments to The Privacy Statement

Momo Medical may update or modify this privacy statement from time to time. Any changes will take effect as soon as they are published on this website. We recommend that you review this privacy statement regularly to stay informed of any updates. We will notify you if any changes are significant.