Privacy

What we do with the personal data of our (website) visitors, customers and other relations

In order to properly conduct our business activities, it is necessary to process personal data of our (website) visitors (www.momomedical.com, hereafter: "Website"), users of the mobile application (apps.apple.com/en/app/momo-bedsense/id1627980620 and play.google.com/store/apps/details?id=com.momomedical.momoapp, hereafter: "App") customers and other relations. Our App and website are collectively referred to as the Services.

Through this privacy statement, Momo Medical informs you about how we, as data controller, handle your personal data. It explains why we process your personal data, how we process it and which rights you have (such as your right to inspect and your right to object to the processing of your personal data). At the bottom of this document you will find our contact details, should you have any questions or wish to exercise your rights.

Momo Medical is firmly committed to the protection of your personal data and respect for your privacy. Personal data are treated with the greatest possible care. We consider it important that the processing of personal data is done in a way that is consistent with the existing safeguards for the protection of privacy. In this regard, we follow the legal rules for the protection of personal data, namely the General Data Protection Regulation (GDPR) and related applicable laws and regulations, as well as this privacy statement.

What personal data does Momo Medical process?

Personal data is information that can be used to identify you, such as your name, address, e-mail address, IP address, telephone number and age. In particular, we process the following categories of personal data:

(WEBSITE) VISITORS

• Contact information when completing the *Demo request form* or sending an email, such as (name, email address and phone number), and any personal information you leave in the message;
• We also obtain personal data through cookies, including your IP address (for more information on cookies, see further below).

APP USERS

• Contact details when filling out the *Demo request form *or sending an email, such as (name, email address and phone number), and any personal information you include in the message;
• Contact details when filling out the App settings , such as your name and phone number
• We obtain personal data through cookies as well, including your IP address (for more information on cookies, see further below).
• (Geo)location data of the mobile device on which the application is installed (for more information on (geo)location data, see further below)
• Device ID of the mobile device

CUSTOMERS AND (OTHER) RELATIONS

• Contact details of (the contact person at) the customer respectively relation (name, position, e-mail address, telephone number).

How does Momo Medical obtain your personal data?

Momo Medical may obtain your personal data in a number of ways. First, you or your employer may have provided this personal data through our Services or by sending an email. In addition, Momo Medical may obtain your personal data through the use of cookies or similar technologies (for more information on cookies, see further below).

Without these personal data, we cannot (among other things) sign and/or fulfill agreements with you nor contact you. Without cookies or similar technologies, some parts of our Services may not be available. The purposes of our processing operations are described in more detail below.

On which grounds and for which purposes does Momo Medical process your personal data?

We process personal data for the primary purpose of executing our agreement with customers or on the basis of our legitimate interest to be able to approach you as a relation and to conduct a relationship management. In particular, we do so for the following purposes and only to the extent necessary for those purposes:

• To enter into and perform agreements with customers;
• To follow up on your responses via the online Demo request form (available through any of the Services) or your email;
• To allow the Services to function properly.

Exchange of personal data with third parties

Momo Medical may make personal data available to third parties who are involved in the processing of personal data in relation to the stated purposes. Momo Medical has made arrangements with these third parties so that there are sufficient safeguards for the careful processing of your personal data, in accordance with the law and Momo Medical's internal privacy policy and this Momo Medical Privacy Statement.

Third parties to whom we may provide your personal data are for example our software vendor, who maintains our systems. We have made agreements with our software supplier regarding the processing of your personal data. For more information about (the agreements with) this software supplier, please contact us using the contact details below.

In some cases, we may also have to provide personal data to (other) entities, such as the judicial authorities, on the basis of a legal obligation. In doing so, we always assess how we can respect your right to privacy as much as possible.

In principle, we do not share your personal data outside the European Economic Area (EEA). If we wish to transfer your personal data outside Europe, for example because a data center of our software supplier is located there, we will only do so under the conditions set by law, for example by means of a contract to which the EU Model Clauses apply.

Distinction between the role of controller versus processor

To the extent that our client (for example, a healthcare institution) or other relationship itself determines the purposes and means of data processing of its patients' or clients' personal data, the healthcare institution is the controller of the personal data it handles. You can read more about what these healthcare institutions do with your own If applicable, Momo Medical will then process this personal data on behalf of its client as a 'processor' within the meaning of the GDPR. This is the case, for example, if the healthcare institution also purchases software from Momo Medical that tracks the use of the BedSense. As a processor, Momo Medical will ensure to the best of its ability that appropriate technical and organizational measures are in place to secure the personal data against loss or any form of illegitimate processing. In the event that Momo Medical is a processor, Momo Medical will enter into processor agreements with the relevant customers regarding the processing of personal data.

However, in cases where Momo Medical processes your contact details or other personal data of you as a website visitor, App user or customer, Momo Medical is the data controller.

Security of personal data

Momo Medical handles personal data with the utmost care and, together with any processors, takes appropriate organizational and technical security measures to protect our (website) visitors, App users, customers and other relations against unauthorized access or modification, disclosure or destruction of personal data. In addition, the use of the Services and the information exchanged, collected and analyzed is encrypted with an SSL certificate. For the website, you can recognize this by the padlock in the URL bar.

In the event that, despite the security measures, a security incident occurs that is likely to have an adverse effect on your privacy, we will inform you of the incident as soon as possible. We will also inform you about the measures we have taken to limit the consequences and to prevent repetition in the future.

Retention periods

Momo Medical will not retain personal data for longer than is necessary for the purpose for which they have been processed, unless we are required to retain your personal data for a longer period under a legal regulation or if longer retention is necessary for the performance of our activities or the settlement of the agreement or, for example, a dispute. In principle, we apply the following retention periods:

• If you fill out our Demo request form through one of our Services, we will keep the form and any personal data contained until we have completed the request in the form. The data will be retained for a maximum of one year for the purposes of any subsequent contract discussions.
• If you send us an email with a question, we will in principle only keep this email until your message or the matter in hand has been dealt with.
• Data of our contact persons with our clients and other relations (incl. data suppliers) we keep for a maximum of two years after the end of the cooperation or other type of relationship (as far as necessary and subject to legal obligations).
• Data relating to (geo)location is kept as long as necessary for the aforementioned purposes.
• Data relating to payment, we are obligated under tax legislation to retain the data for 7 years after payment.

For more information about the placed cookies, we refer to the information about cookies below.

Use of our Services and Cookies

When you use our Services, it is necessary to collect certain information in order for the connection to work properly. When you request a web page, it is necessary for the web server to know where the page is going. For this purpose, your IP address is used. This is a number sequence that is automatically assigned to your computer by your Internet provider each time you log on to the Internet, so that you can be identified.

Our Services use cookies. Cookies are simple text files stored by your browser on your computer, tablet or smartphone that contain information about general visit data, such as most requested pages, browser type, date and time of your visit etc. The Website or App instructs the browser you use to view websites to store these cookies on your computer or mobile device. A cookie is used, among other things, to make it easier for you to use the Services. The purpose of this is to optimize the design of the Services for you. The data can also be used to offer more targeted information.

If you visit our Website for the first time, we will ask you to allow cookies. You can then turn certain cookies on or off or block or delete them via your web browser. Most parts of our Website will still be readable.

Momo Medical uses the following cookies:

1. FUNCTIONAL COOKIES

Functional cookies are necessary for our Services to function properly. These cookies are used to make the Services more user-friendly by tracking visitor behavior and storing certain preferences.

2. ANALYTICAL COOKIES

Analytical cookies are used to keep (anonymous) statistics about the use of our Services. Momo Medical uses Google Analytics for this purpose. For more information, please read the privacy policy of Google Analytics.

• We use Google Analytics to be able to measure how many visitors use our Services, where they come from and what pages are visited. To minimize the impact of this on your privacy and to ensure that your personal data is only processed by Google to measure the visits and use of our Services, we have taken the following measures:
• we have signed a processing agreement with Google, in which agreements are made about the use of your personal data;
  • we have taken measures which ensure that only a very limited part of your IP address is provided to Google;
  • we have taken measures which ensure that your personal data will not be shared with Google and may not be processed by Google for its own purposes or used to show you targeted ads;
  • we have taken measures which ensure that Google does not have the possibility to combine your surfing behaviour from different devices and multiple sessions;
• we do not use other Google services in combination with Google's analytical cookies ( apart from what is mentioned herein).
• Do you not want your visit behavior to be tracked by Google Analytics? Then you can download a plugin from Google that prevents this. This plugin is available for Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera. This setting will apply to all websites you visit, not just this one. The plugin can be installed via the following link: https://tools.google.com/dlpage/gaoptout?hl=nl.

3. SOCIAL MEDIA COOKIES

Through these cookies, Momo Medical allows you to share information from the Services through LinkedIn social media buttons. These buttons are pieces of code from the social media themselves and use a cookie. This cookie remembers that a visitor is logged in, so that one does not have to log in every time when they want to share something. These cookies are placed by third parties. For more information, see the privacy statements of Twitter and LinkedIn. This information changes regularly, Momo Medical does not influence on this, but tries to keep the links to the statements up to date.

Use of our App and (geo)location data

When you use our App, it is optional to share (geo)location data with Momo Medical. The App may collect your location data based on GPS, the distance to a bluetooth beacon and the wifi name with the corresponding signal strength to which your mobile device is connected. The purpose of this is to optimize the design of the App for you. The data can also be used to offer more targeted information.

If you visit our App for the first time, we will ask you to allow the collection of location data. You will also be asked if location data may be collected when the App is not active. You can refuse these permissions. Most parts of our App will then remain readable and functional. You can withdraw your consent at any time from within your device settings.

External Links

We are not responsible for the practices of third-party applications, websites or services that are linked to or from our Services. Our privacy statement does not apply when you use a link to go from our Services to another application, website or service. Your conduct on a third-party application, website or service, including those linked on our Services, is subject to their own rules and policies. Our Services may contain links to other websites. We are not responsible for the privacy policies or content of these other websites. We encourage you to familiarize yourself with the privacy statements on these websites.

Your rights with regard to the processing of personal data

You have the following rights with regard to the processing of your personal data:

• You may request access to or information about the personal data we process about you. This means that you can request which personal data of you are registered and for which purposes that personal data is used.
• You can object to the processing of your personal data, for example if you believe that the use of your personal data is not necessary for the performance of our activities or to comply with a legal obligation.
• You can request us to have your personal data amended/corrected and/or to restrict the processing of your personal data;
• You can also ask us to remove your personal data from our systems.
• You can also ask us to arrange for your personal data to be transferred to another party.

Requests and other communications regarding the exercise of the aforementioned rights can be submitted in writing using the contact details below. We ask you to motivate your request, provide a signature, attach your address details, file number and a copy of a valid identification document and request that you cross out all unnecessary information, including in any case your Citizen Service Number (BSN) (for example by uploading via the KopieID app). You will receive a response within four weeks after receipt of your request.

We will comply with your request, unless we have a compelling legitimate interest not to remove the personal data, which outweighs your privacy interest or if complying with your request is not legally required and we would then no longer be able to fulfill our legitimate interest. If we have deleted the personal data, we may not be able for technical reasons to immediately remove all copies of the personal data from our systems and backup systems.

We may further refuse to comply with the above requests if they are made unreasonably frequently, require unreasonably heavy technical effort, or have unreasonably heavy technical consequences for our systems or jeopardize the privacy of others. If Momo Medical has complied with a request to correct, supplement or delete personal data, we will also notify third parties to whom these personal data have been disclosed of the changes made.

Contact details

If you wish to exercise your rights or have questions that have not been answered in this privacy statement, if you have suggestions or comments on its content, or if you have complaints about the way Momo Medical has handled your personal data, please contact in writing:

Momo Medical (registered with the Dutch Chamber of Commerce under number 68346832)

Marijn Mostert | Data Protection Officer
marked 'privacy personal data'
Molengraaffsingel 10
2629 JD Delft
functionarisgegevensbescherming@momomedical.com

If you are not satisfied with the way in which we have handled your request or objection, or otherwise with the processing of your personal data by Momo Medical, you can also submit a complaint about the use of your personal data to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens (AP)). You can find more about this at: link.

Possible misuse

In the unlikely event that you find a security breach or suspect that the security of your personal data has not been properly ensured, please contact Momo Medical immediately. Momo Medical has procedures in place to handle these reports appropriately and carefully in accordance with applicable law.

Privacy Statement Amendment

Momo Medical may modify or update this privacy statement from time to time. Amendments to this privacy statement will take effect from the moment they are published on this website. We therefore recommend that you consult this privacy statement regularly, so that you are aware of any changes to it. We will always inform you if these changes are of significant importance to you.