Empatica

Privacy

1. Introduction

Empatica S.r.l. ( "Empatica"), with registered office in Via Stendhal 36, 20144 Milan, Italy, reachable at privacy@empatica.com, is committed to protecting and respecting your privacy. This privacy policy details how we collect, use, disclose, and process personal data collected through the Product Watch ( "EmbracePlus"), our applications, and web portal ( "App") connected to the EmbracePlus as utilized by you, the user (the "User"), in the course of providing our services (the "Services").
We acknowledge the importance of data privacy, especially in the digital age. Therefore, this policy is designed in compliance with the European Union's General Data Protection Regulation (EU 2016/679) ( "GDPR"). Our practices have been developed to ensure that your personal data is processed fairly, lawfully, and transparently, without affecting your rights and freedoms.
This privacy policy does not apply to the Empatica website, located at www.empatica.com, which is governed by its own privacy policy.

2. What and who this privacy policy covers?

Empatica is the data controller of personal data collected from the User through the EmbracePlus and the App. The EmbracePlus and the App may be used by adults and children. We recognize the importance of extra safeguards for children's privacy and data. Where the Product is to be worn by a minor, it is mandatory that a parent or legal guardian registers with the App on behalf of the minor. Specifically, for minors under the age of 16, in compliance with GDPR, we require verifiable parental consent for the collection and processing of the minor's personal data by Empatica.

3. What kind of personal data does empatica collect about the user?

Empatica collects the following categories of personal data:
App Service Registration. Empatica collects the name, date of birth, and contact details of the User (and its parents if the User is under 16). For any designated caregivers, name and phone number are collected. With regard to the designated caregiver, the User declares and warrants to have provided him with Empatica's privacy information notice and have obtained his prior consent to the processing of his personal data by Empatica for the provision of the Services prior to providing his personal details to Empatica;

Other Information. Empatica automatically collects the following information via EmbracePlus and the App, whenever the User's device is connected to the Internet:
  1. Physiological Information. EmbracePlus tracks, in real-time skin conductance, temperature, movement, and acceleration as well as heart rate and other physiological information from the EmbracePlus sensor information (the "Special Categories of Personal Data"). This information is transmitted, automatically, from EmbracePlus to the App, using Bluetooth®, and then from the App to Empatica via the User's mobile device’s WiFi connection or other cellular network.
  2. Personal Health Information - you may choose to use certain features of the App that will allow you to input other Personal Information with respect to your health, such as the medications you take, how often you take your medication, and dosage (collectively your “Health Information”).
  3. Technical Information. Empatica also collects other technical information such as IP address, EmbracePlus identifier, geolocation information (which is collected exclusively when the Service detects a distress), the dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).

4. How does Empatica use the user's personal data?

Empatica processes the above mentioned personal data of the user for the following purposes:

a) the provision of the services available through EmbracePlus and the App, including the billing of the relevant fees, gathering activity information;

b) the provision to the User of customer support and technical assistance, including the delivery of communications relating to the provision of the services through EmbracePlus;

c) the measurement of the service quality and relevant metrics provided through EmbracePlus and the App;

d) the management of complaints and disputes;

e) the performance of the activities necessary to ensure compliance with the applicable national/EU laws and/or respond to request from public and government authorities (the purposes from letters a) to e) are jointly referred to as "Contractual Purposes");

f) the performance of credit recovery procedures and credit assignment to authorized companies, also by means of third parties;

g) the performance of tests, updates, and developments of EmbracePlus, the App and more in general the services provided by Empatica, in order to optimize the services provided to the User also by way of machine learning systems and artificial intelligence provided that the process of personal data, albeit limited to the necessary, is essential in order to carry out such tests activities;

h) the performance of technical assessment and due diligence activities by third parties such as acquirers and/or their advisors for a potential merger, sale of assets or transfer of all or a material part of its business, by disclosing and transferring the Client's personal data to the third party or parties involved in the transaction as part of the transaction; (the purposes of letters from f) to h) above are jointly referred to as "Legitimate Interest Purposes");

i) the delivery of direct marketing communications concerning products and services of Empatica (e.g., sending of advertising materials, market researches). The communications, may be sent by both automated (e.g., SMS, MMS, fax, calling systems, email and web applications) and traditional (e.g., calls by human operators) means of contact;

j) the delivery of marketing communications customized on the User's interests and needs by means of the channels of communication set out under letter i) above;

(the purposes of letters i) and j) above are jointly referred to as "Marketing Purposes").

5. On what legal basis does empatica process the User's personal data?

The processing of the User’s personal data is necessary with regard to the Contractual Purposes as it is essential:
  • * for the performance of the contract regarding the provision of the requested Services with regard to the cases as per Section 4 letters from a) to d); and
  • * in order to comply with provisions as provided by the applicable laws as per Section 4 letter e).

Should the User not provide its personal data with regard to the Contractual Purposes, Empatica will not be able to provide the Services to the User.
In addition to the above, with reference to the collection of Special Categories of Data processed for Contractual Purposes Empatica will collect the User's consent. However if the User does not provide its consent to the processing of Special Categories of Data Empatica will not be able to provide the Services.
The processing of the User's personal data with regard to the Legitimate Interest Purposes as per Section 3 letters f) and h) is carried out in compliance with article 6, letter f) of the EU General Data Protection Regulation No. 679/2016 (the "Privacy Regulation"), for the pursuit of Empatica legitimate interest, which is adequately balanced with the User's interest since the data processing is performed within the limits strictly necessary to perform such activities. This data processing activity with regard to the Legitimate Interest Purposes is not mandatory and the User can object to the data processing at any time through the modalities as per Section 10 of this privacy policy.
Finally, the data processing with regard to the Marketing Purposes is based on the User's prior consent. Such data processing is not mandatory however should the User refuse to provide the relevant consent the User will not receive marketing communications as per Section 4 letters i) and j) above. In any case, the User can withdraw its consents at any time through the modalities as per Section 10 of this privacy policy.

6. How does empatica process the user's personal data?

The User's personal data will be processed both electronically and/or manually, in any case in such a way as to guarantee the security, protection, and confidentiality of the data, thanks to appropriate administrative, technical, personnel, and physical measures against loss, theft, and unauthorized use, disclosure, or modification.

7. Who can have access to the User's personal data?

For the Contractual Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) the caregiver within specific limits [third parties service providers entrusted with processing activities that provide services or assistance and advice to Empatica, with special but not exclusive reference to technology, accounting, administrative, legal, insurance, IT matters; (c) companies of the Empatica group, (d) persons and authorities whose right to access personal data is recognized by law, regulations, or provisions issued by legally empowered authorities. The aforementioned recipients will process personal data as data controllers, data processors, or persons in charge of processing, depending on the circumstances. For the Legitimate Interest Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) third parties service providers entrusted with processing activities that provide services or assistance with reference to credit recovery procedures and credit assignments, as well as tests, updates, and developments of EmbracePlus and the App, (b) companies of the Empatica Group, (c) potential purchaser of Empatica and the entities resulting from mergers or any other transformation involving Empatica, (d) competent authorities.
For the Marketing Purposes, personal data may be transferred to the following categories of recipients located both within the EU and, within the limits as per Section 8 below, outside of the EU: (a) third parties service providers entrusted with processing activities that provide services or assistance with regard to the delivery of marketing communications, (b) companies of the Empatica group.
A complete list of the data processor is available upon request through the modalities as per Section 9 below.

8. Is the User's personal data transferred abroad?

The Client's personal data may be transferred to countries within and outside the European Economic Area, in particular in the United States. For transfers from EU to countries not considered adequate by the European Commission, Empatica has put in place appropriate and suitable safeguards to protect the User's personal data. Accordingly the User's personal data are transferred in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the Privacy Regulation.

9. Data retention periods applying to the User's personal data

Personal data of the User will be stored for the period necessary to fulfil the purposes for which the data was collected as outlined in this Privacy Notice. In any case the following retention periods will apply to the processing of the User’s personal data for the purposes indicated below:

data collected for Contractual Purposes and for Legitimate Interest Purposes is retained during the provision of the Services plus a period of 10 years after the termination or withdrawal from the contract with Empatica, except when the detention of the data is necessary to respond or to file legal actions, upon request of the competent authorities or in compliance with the applicable laws;
data collected for Marketing Purposes relating to the delivery of marketing communications and running of market searches as per Section 4 letter i) of this privacy policy is retained for the duration of the contract and a subsequent period of 24 months;
data collected for Marketing Purposes relating to the profiling of User's preferences for marketing purposes as per Section 4 letter j) of this privacy policy is retained for a period of 12 months from the time they are collected.

10. What are the user's rights with regard to personal data?

The User, at any given time, can exercise the following rights, by sending an email to the following address privacy@empatica.com

(a) to obtain from Empatica confirmation of the existence of personal data and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
(b) request the erasure, anonymisation or restriction of the processing of personal data processed in breach of the applicable laws;
(c) object in whole or in part, on legitimate grounds, to the processing of the data;
(d) to withdraw the consent to the processing of the data (if and to the extent such a consent is necessary).
In addition to the above the User will also have the right, in any given moment, to:

request Empatica to limit the processing of the User’s personal data where:
  • * the User contests the accuracy of the personal data until Empatica has taken sufficient steps to correct or verify its accuracy;
  • * the processing is unlawful but you do not want us to erase the User’s personal data;
  • * Empatica no longer needs the User’s personal data for the purposes of the processing, but the User requires them for the establishment, exercise, or defense of legal claims; or
  • * The User has objected to processing justified on legitimate interests, pending verification as to whether Empatica has compelling legitimate grounds to continue processing.

object to the processing of the User’s personal data;
request the erasure of the User's personal data without undue delay;
receive an electronic copy of the User's personal data, if the User would like to export its personal data to itself or a different provider, when Empatica is relying upon the User's consent or the fact that the processing is necessary for the provision of the Services and the personal data is processed by automatic means; and
lodge a complaint with the relevant data protection supervisory authority.

11. Data protection officer

The Data Protection Officer appointed by Empatica pursuant to Section 37 of the Privacy Regulation can be contacted at the following email address: privacy@empatica.com

12. Updates

This privacy information notice might be subsequently updated or integrated. Changes will be notified in advance and in any case User will be able to review the updated version of the privacy information notice on the website www.empatica.com.

Your Cart

Your cart is currently empty.

Go to Store
ItemPrice (USD)
X

Select your Location

If you do not see your country listed, please visit the International site.
Please note that Embrace Alert System is not available in the following countries .