Emerja Privacy Policy

Last Updated:November 13, 2024

EMERJA’S COMMITMENT TO PRIVACY

At Emerja, protecting your personal data is a task we take seriously. Our products are designed to help you to track important aspects of your health. This Privacy Policy (“Policy”) is designed to provide you with the information you need to understand how we use your personal data. Please take a moment to carefully review this Policy.

ABOUT THIS PRIVACY POLICY

This Policy applies to processing of personal data by Emerja Corporation ("Emerja") when you visit our web properties (“Sites”); use the Enerji Device with the Emerja App, or use other Emerja services (“Services”).

WHY DOES EMERJA PROCESS YOUR PERSONAL DATA?

The sections below explain the categories of personal data we collect and process, as well as the reasons we do so. You will also find information on our legal basis for processing your data, and our data sources.

DEVICE & APPLICATION USERS

PROCESSING PURPOSES

When you use Emerja Services, we collect and processes your personal data for the following purposes:

• To Provide Emerja Services: We process personal data when you use our Services, such as to provide you with personalized insights about your health.
• To Provide Customer Service: We process personal data to provide customer service and manage our customer communication. We may use the provided information to answer your questions, and for solving any issues you may have.
• To Protect Your Privacy: We may process personal data regarding your use of the Services to protect your privacy. This may involve the use of privacy-enhancing technologies and other privacy-protective techniques. When information is aggregated or anonymized, it is no longer personal data.
• To Improve Our Services: We process personal data regarding your use of our Services to understand how you use our Services and how we can improve them. For example, we may process personal data to improve your user experience in the Emerja App or to develop new features to provide you with new insights about your health. When feasible, we do this using data that has been processed in a manner to protect your privacy.
• To Perform Analysis: We may process personal health data to benefit our users and improve the insights we provide with our Services. Some features of our Services may use third-party technology to give you comprehensive insights about your data. When feasible, we do this using data that has been processed in a manner to protect your privacy.
• To Explain Our Services: We process personal data to provide explanatory communications to necessary third-parties on behalf of Emerja and our partners. When possible, we do this using data that has been processed in a manner to protect your privacy.
• To Enable Third-party Integrations and Services: We process personal data to enable third-party integrations, services, features, and offerings. For example, our Services may integrate with third-party medical systems. Emerja takes measures to help ensure third-party services protect your personal data. We process any data we receive from these third-parties according to applicable terms.
• To Comply with Legal Obligations: In certain cases, we must process certain data when it is required by applicable laws and regulations. Such statutory obligations are related, for example, to accounting and tax requirements, legal claims, or other legal purposes.

LEGAL BASIS FOR PROCESSING

Data protection law in Europe and the U.K. requires a "lawful basis" for collecting and retaining personal information from residents of the European Economic Area. Our lawful bases for processing your data depend on the particular processing purposes, including:

• Contract : When processing personal data for the purpose of providing our Services, we process personal data on the basis of a user contract, which is formed when you create your account and accept our Terms of Service.
• Consent : We process your sensitive personal data only with your consent. Typically, this consent is provided explicitly through your user contract. In some cases, you can provide your consent to us for processing your data through your actions, such as by using the Enerji Device and Emerja App.
• Legitimate interest : We process your personal data based on our legitimate interests when we process it for the purposes of providing our customer service, and improving our Services. When choosing to use your personal data based on our legitimate interests, we carefully weigh our own interests against your right to privacy, in compliance with applicable law.
• Legal Obligation : Emerja must process certain information to comply with statutory obligations which may vary in each country. For example, such obligations can relate to consumer protection or tax laws.

PROCESSED DATA AND DATA SOURCE

In most cases, Emerja collects personal data directly from you, such as when you register for an account or use your Enerji Device. We may also process personal data that is produced from the information you provide to us. Emerja may also rely on trusted third-party processors to process data on our behalf, such as our cloud service providers.

Emerja processes the following personal data categories when you use our Services:

• Contact information such as email address or physical address.
• User information such as gender, height and weight, User ID, and other information you may provide to us about yourself or your account.
• Device Information such as IP address, MAC address, and location data.
• User-provided activity and contextual information such as the activities, notes, comments, user feedback, and tags you provide to Emerja or that are provided to us by your medical provider.
• Measured data such as movement data and temperature data.
• Calculated user health data such as sleep, activity levels throughout the day, thermoregulatory data, and device usage data.

EMERJA DATA SHARING

Emerja services include allowing you to share your Enerji Device data with your doctor, medical professional, or other researchers (“Data Recipient”). If you choose to participate in Emerja Data Sharing, once you consent to sharing your personal data with the Data Recipient, the data that you sync to your Emerja App is available for the Data Recipient to view and store in their own data collection and processing systems. The Emerja service shows Data Recipients your health-related statistics in both summary and detailed forms, including temperature measurements such as skin temperature and ambient temperature over time, patterns and variations in such temperature measurements, usage data, activity level, and other data that you sync to your Emerja App.

Once your data is shared to the Data Recipient, the Data Recipient becomes the controller of your personal data. The Data Recipient is responsible for its processing of your personal data according to applicable laws. Your personal data is used by the Data Recipient in accordance with its own privacy policy. Emerja is not responsible for the security of personal data in the Data Receipient’s data systems once it has been shared to the Data Recipient’s data systems.

If you have questions or requests concerning your personal data after it has been transferred to the Data Recipient, such as how the Data Recipient uses your data, where it is transferred to, who can access it, retention policies, or your rights in relation to that data, please contact the Data Recipient that invited you to participate in Emerja services. Please see the privacy policy of the Data Recipient for contact details.

Your personal data is disclosed to the Data Recipient only if you give consent to it. You can withdraw your consent at any time by contacting Emerja at our website at emerja.io. Please note that withdrawing your consent from the Emerja service does not affect the processing of data that the Data Recipient may have already extracted from the Emerja service.

Emerja uses aggregated data for analytics, statistics, research and development purposes. Emerja is the controller of such aggregated data, which may no longer qualify as personal data due to the aggregation. For other data Emerja processes which are not at the direction of the Data Recipient, the rest of the terms in this Privacy Policy apply.

U.S. STATES WITH ENHANCED PRIVACY REQUIREMENTS NOTICE FOR ALL U.S. CONSUMERS

This notice supplements the information contained in Emerja’s Privacy Policy and applies solely to all visitors, users, and others who reside in states within the U.S. with enhanced privacy notice requirements, such as California ("customers" or "you"), and who access Emerja’s Sites or Services. Please be aware that in some instances, Emerja may be acting as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). The U.S. state privacy rights outlined in this section may apply.

COLLECTION, USE, AND SHARING OF INFORMATION

When a customer interacts with Emerja’s Sites or Services, Emerja collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, device, or household ("personal information" or “personal data”). Information about the categories of personal information we collect, the purposes for which your personal information is processed, and any sharing of your personal information can be found from relevant sections of this Privacy Policy above. In the preceding twelve (12) months, Emerja has not sold personal information to third parties, including data aggregators, as it is against our policies. We have collected and disclosed only the categories of personal information processed by Emerja under this Policy as described in the Data Sharing and Disclosures section.

CONSUMER RIGHTS

If you are a resident of a state with enhanced rights related to the personal information Emerja may process about you, you have certain rights:

• Right to know about the personal information we collect and share :

U.S. State laws may give you the right to request that we disclose the personal information we have collected about you over the past 12 months, which we only provide after we receive and validate your request. Once we receive and confirm your verifiable request, we will disclose to you:

• The categories of personal information we collected about you;
• The categories of personal information we have disclosed about you (if any);
• The categories of sources for the personal information we collected about you;
• Our business or commercial purposes for collecting or selling that personal information;
• The categories of third parties with whom we share that personal information; and
• The specific pieces of personal information we collected about you.
• Right of correction

You have the right to request correction of your personal information. After we receive and validate your request, we will correct your personal information, unless an exception applies.

• Right of deletion

You have the right to request erasure of your personal information, subject to certain exceptions, such as when we have a legal obligation to retain the data in question. After we receive and validate your request, we will delete your personal information, as well as direct our service providers to delete your personal information unless an exception applies.

• How to make disclosure, access, correction, or deletion requests

If you reside in a state that provides for enhanced privacy rights, you can request disclosure, access to, correction, and/or deletion of your personal data as described above by submitting a verifiable consumer request to us by visiting our website at Emerja.io.

We may request that you provide additional information if necessary to confirm your identity. This is for security purposes and is required by law in some cases. Only you, or a person registered with the appropriate mechanism associated with your state of residency that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You have the right to make a free request up to two times in any 12-month period. We will respond to all validated requests within 45 days of receiving your request, unless we request an extension. If we reasonably require an extension in order to respond to your request, we will notify you of any such extension within the initial 45-day period.

• Non-Discrimination

Emerja does not discriminate against users who request to exercise their privacy rights. Unless an exception applies, this includes our promise not to:

• Deny you services; or
• Provide you a different level or quality of services.

DATA SHARING AND TRANSFERS

PERSONAL DATA SHARING

Emerja does not sell or rent your personal information, and only shares your personal data with certain trusted service providers and partners so that we can provide and improve our services, to provide partner services and other offerings, and to operate our business. Whenever we share data with third-party service providers, we require that they use your information only for the purposes we've authorized, and for the limited reasons explained in this Policy. We also require these service providers to protect your personal information to at least the same standards that we do. Like most companies, Emerja uses service providers for purposes such as:

• Providing and improving our online service platform;
• Storing our users' data;
• Providing customer services;
• Analyzing information regarding the use of our Sites and Services to improve our service quality.

LEGAL FRAMEWORKS FOR INTERNATIONAL TRANSFERS

Your personal data may at times be processed on servers located outside of the country where you live. Although data protection laws vary among countries, regardless of where your personal data is processed, we apply the same protections described in this Policy. We also comply with certain legal frameworks relating to the transfer of personal data, such as the frameworks described below.

If Emerja transfers personal information received under the Data Privacy Frameworks to a third-party, the third-party’s processing of the personal data must also be in compliance with our Data Privacy Frameworks obligations, and we will remain liable under the Data Privacy Frameworks for any failure to do so by the third-party, unless we prove we are not responsible for the event giving rise to the damage.

Emerja is subject to the investigatory and enforcement powers of the US Government. In certain situations, Emerja may be required to disclose the personal information we process under the Data Privacy Frameworks in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

PERSONAL DATA DISCLOSURES

We also reserve the right to disclose personal data under certain specific circumstances, including:

• When we have your express consent to do so;
• When it is reasonably necessary for our legitimate interests in conducting our business, such as in the event a merger, acquisition, or sale;
• To protect Emerja’s legal rights and property; and
• To comply with valid legal requirements.

SAFEGUARDING YOUR DATA

Emerja uses technical and organizational safeguards to keep your data safe and secure. When appropriate, these safeguards include measures such as anonymization or pseudonymization of personal data, strict access control, and the use of encryption to protect the data we process.

Our personnel receive adequate training to ensure personal data is processed only in accordance with our internal policies, consistent with our obligations under applicable law. We also limit access to your sensitive personal data to personnel that have specifically been granted such access.

Online services that we provide via our Site protect your personal data in-transit using encryption and other security measures. We also regularly test our service, systems, and other assets for possible security vulnerabilities.

We update our Services regularly to protect your personal data. We recommend that you make sure that you always have the latest app and firmware versions installed in order to maximize protection of your data.

DATA RETENTION

The retention period for your personal data generally depends on the duration of your Emerja account lifecycle. Your personal data may be deleted when it is no longer needed for the purpose for which it was originally collected, unless we have a legal obligation to retain data for a longer period of time. Emerja also has legal obligations to retain certain personal data for a specific period of time, such as for tax purposes. These required retention periods may include, for example, accounting and tax requirements, legal claims, or for any other legal purposes. Please note that obligatory retention periods for personal data vary based on the relevant law.

If you wish, you may request deletion of your Emerja account by visiting our website at emerja.io.

YOUR RIGHTS AS A DATA SUBJECT

Whenever Emerja processes your personal data, you have certain rights that enable you to control how your personal data is being processed. This section provides you with information about each of those rights. If you wish to exercise your rights as a data subject, please contact use through our website at emerja.io with your request to do so.

• Right to access data : You have the right to know what personal data is processed about you. You may contact us to request access to the personal data we have collected about you, and we will confirm whether we are processing your data, and provide you with information about the personal data we have collected and processed.
• Right to erasure : You have the right to request the deletion of your personal data in certain circumstances. We will comply with such requests unless we have a valid legal basis not to do so, or a legal obligation to preserve the data.
• Right to rectification (of inaccurate data) : You have the right to request correction of any incorrect or incomplete personal data we have stored about you.
• Right to object to processing : You have the right to object to the processing of your personal data under certain circumstances. If we do not have legitimate grounds to continue processing such personal data, we will no longer process your personal data after we have received and verified your objection.
• Right to restrict processing : You have the right to request that we restrict processing some types of personal data under certain circumstances. For example, if you contest the accuracy of your data, you can make a restriction request that we do not process your data until Emerja has verified the accuracy of your data.
• Right to withdraw consent : If we have requested your consent to process your personal data, you have the right to withdraw your consent for such processing at any time where this right is provided by local law. It should be noted, however, that withdrawing your consent may lead to issues or restrictions on your ability to fully utilize Emerja Services. Emerja strives to address your privacy concerns. If you have contacted Emerja about your issue and are still unhappy with our response, subject to applicable law, you may contact your local supervisory authority regarding your issue. However, we urge you to first contact us at emerja.io so that we can more quickly resolve your issue before escalating the issue. If you have a question or complaint about our handling of your personal information under the Data Privacy Frameworks, please contact us at emerja.io.

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this Policy from time to time at our sole discretion. We strive to let you know about any material changes by notifying you on our Site or by sending you an email or push notification. If you keep using Emerja Services after a change to this Policy, your continued use means that you accept any such changes.