GERO PRIVACY POLICY

Last update: 16.04.2021

This policy describes how we collect and process users' personal data by GERO PTE. LTD. through Gero mobile device application (referred to as the "Gero app") and through https://gero.ai/ and https://gerosense.ai websites (referred to as the "Websites"), hereinafter collectively referred to as "the Service". Unless the context otherwise requires or as otherwise noted, the terms "Gero", "we," "us" and "our" refer to GERO PTE. LTD., a company incorporated and registered under the laws of the Republic of Singapore.

We are committed to safeguarding the privacy of our users. We will not misuse your data.

From the data protection perspective, we are a data controller for the information collected through the Service. You can contact us at:

GERO PTE. LTD.

Registered address: 60 Paya Lebar Road, #05-40B, Paya Lebar Square, Singapore 409051

Contact email address: privacy@gero.ai

Our EU Representative is: DPOEU LTD

Registered Address: Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus

Email: info@dpoeu.eu.

Our Data Protection Officer is Vlad Nekrutenko, a certified privacy professional (CIPP/E, CIPM). You can contact him at dpo@gero.ai

Table of Contents:

  • Information we collect from you;
  • Legal basis for processing;
  • Third-party access to information;
  • How long we keep your personal data;
  • Your rights;
  • Children's Privacy;
  • Security of information;
  • Changes to this policy.
Information we collect from you

Contact Information

To contact us with requests or relevant questions, you will be asked to provide us with your name, your email address and your company name. In addition, you may provide us with more specific information regarding your request in the message that would be attached to your contact information. We will use this information solely to contact you back and assist you with your request.

Service usage statistic data

During your use of the Service, we collect your IP logs.

  • The data categories we receive through the Websites may include the model of the device, operating system version, country of geolocation, user ID, date, time, and duration of the user session, pages viewed, links clicked.
  • The data categories we receive through the Gero app may include the IP Address, MAC address, date and time of entry into the app, time, and duration of the user session.
We use this data for security and debugging of the Service and for Service improvement.

Cookies

We use cookies to appropriately run the Websites and to analyse the traffic of the Websites. To learn more about the cookies, please read our Cookie Notice.

Information required for Resilience (recovery rate) and Biological Age calculation

We collect your step data, biological sex and date of birth, heart rate, and heart rate variability from the Apple Health app to calculate your resilience (recovery rate) and Biological Age. We may ask you to share with us your date of birth or biological sex if it is not provided from the Apple Health app.

Also, we collect your data sources list from the Apple Health app (list of your devices such as iPhone, Apple Watch, fitness trackers, etc.) without device names assigned by the user (just vendor, model, device id, OS version, and other technical info such as hash code of device's name) to detect steps/heart rate source device technical parameters needed for adjustments of calculations of Resilience and Biological Age.

Profile Information

To use all functions of Service, you will have to log in either via Facebook or by submitting your e-mail and to create a profile. Depending on how you log in we will capture different volumes of information.

When you are log in via Facebook, we will collect your name, surname, email of a user for registration, profile picture, timezone, birthday and/or age range, last name, first name, links to your profile and its picture, language, and timezone.

We need to collect your biological sex for our calculation while Facebook has gender information. We may collect it from Facebook if your biological sex is not provided from the Apple Health app.

When you are log in via submitting your e-mail, we will collect your name, email, and year of birth.

All mentioned parameters are used to pre-set your profile and user preferences in the Service and to send you occasional notifications with information about our updates, new services, offers, and products.

Data for the research purposes

We collect your heart rate and heart rate variability for research on how it can improve Resilience calculation and can be used in a model for Resilience calculation in the future.

We will collect the answers to questions about your health, e.g. "Had you ever been diagnosed with the disease or condition from the list: Congestive Heart Failure (CHF), Myocardial Infarction (MI), Chronic Obstructive Pulmonary Disease (COPD), stroke, dementia, diabetes, cancer?" or "Do you smoke?" for research how it can improve the calculation of Resilience and Biological Age and can be used in a model for Resilience/Biological Age and other alike calculations in future.

We may also periodically ask you to answer some questions about yourself, your lifestyle, medical history, your current health and symptoms and collect these answers for the purpose of further prediction, model improvement, research on relations of lifestyle with health, or to try to track changes.

Your answers can be used in a model for Resilience and Biological Age calculation in the future. You may skip any questions that you do not want to answer.

Social network pages

To promote our Service, we maintain public pages on social networks, such as Facebook or Twitter. We track the efficiency of those social network pages based on the user traffic data provided by the social network providers. The applied legal basis for these activities is our legitimate interests (GDPR Art. 6.1.f), for which we are joint-controllers with the social network providers.

If you would like to learn more about how to exercise your rights on social networks pages, do not hesitate to contact us or the social network provider directly.

Legal basis for processing

Performance of a contract (GDPR Art. 6.1b)

We process your profile information and information required for Resilience and Biological Age calculation to provide you with our services based on our contractual obligations through the Service, namely to calculate your Resilience and Biological Age. If you do not provide us with this data, then we will not be able to provide you with our services.

Explicit consent (GDPR Art. 6.1a, 9.2a)

We process your health data, e.g., the heart rate and your heart rate variability and answers to questions about your health solely based on consent from you which serves as a legal base for the processing of your information.

Based on the consent, we also develop our commercial products based on the model built using your health data.

We process your contact information left by request (contact) form on our Websites only because you provided this information entirely voluntarily, i.e., based on your consent.

Also, we may process your profile data (your email address) to send you notifications with the information about our updates, new services, offers, and products, but only if you allowed us entirely voluntarily to do so (i.e., based on your consent).

You can withdraw your consent at any time by contacting us directly. The withdrawal will not affect the lawfulness of processing based on consent before.

Legitimate interest (GDPR Art. 6.1f)

For improving the quality of the Service, as well as debugging its work, we process your Service usage statistics data (IP logs and traffic data) and statistics cookies in our legitimate interests.

We may process your profile information to comply with the legal regulations of the country of our establishment, such as payment of taxes and compliance with financial regulations, in our legitimate interests.

Research purposes (GDPR Art.6.1f, 5.1b, 9.2j)

We process the information required for Resilience and Biological Age calculation and Health data for the research purposes to study a specific group or population, identify potential areas or targets for therapeutics development, conduct or support the development of drugs, diagnostics or devices to diagnose, predict or treat medical or other health conditions, work with public, private and/or non-profit entities on similar research initiatives.

After anonymising, we may other types of your information, including geolocation, traffic data, and account data for our research and survey purposes, including for scientific publications, as well as to develop new features in our Service.

We process this data for improving the quality of the Service and to improve the accuracy of Resilience and Biological Age calculation in the future.

Third-party access to information

We provide your personal data to service providers and suppliers for them to process personal data on our behalf.

Such service providers and suppliers enter into contractual agreements with Gero by which they observe confidentiality and data protection according to the data protection law and GDPR.

The following categories of third-party service providers are used in regard to your personal data processing:

  • email notification providers;
  • cloud storage providers and database management systems;
  • external consultants;
  • financial and business advisors;
  • auditors and accountants;
  • marketing companies and market research companies;
  • payment card processing companies.
The involvement of such providers/contractors may imply the transfer of personal data outside of the European Economic Area. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission or other suitable safeguards will be signed with these providers. If you would like to obtain a copy of the SCC signed with the service providers, feel free to contact us by the means provided at the beginning of this document.

Please note that the third-party providers/contractors can only process your data on our behalf and do not use it for their own purposes.

Third-party services

Our Service contains links to third-party services and platforms. We are not responsible for the content, terms and conditions or privacy policies of third-party websites.

We encourage users to be aware when they leave our platform and to read the privacy statements of the websites that collect personally identifiable information.

Third-party websites may contain their own cookies. We are not responsible for their usage of cookies.

Other Disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you:

  • if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights; and
  • in case we sell, license or otherwise assign our company, corporate rights, Service, or its separate parts or features to third parties.
Except as provided in this privacy policy, we will not sell, share or rent your information to third parties.

How long we keep your personal data

We will process your personal data as long as you use the Service. We undertake the obligation to erase or anonymize your personal data in case you would not use the Service for a long time (more than 2 years).

Still, we may retain your personal data for a longer time as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

Your rights

To maintain control of your personal data, you may exercise certain rights regarding your information. In particular, you have the right to:

  • Object to the processing of your information. If we process your information in our legitimate interests, e.g., for our marketing purposes, you can object against it. We will consider your request and, if there are no compelling interests to refuse it, stop the processing for such purposes;
  • Access your information. You have the right to know if we process your information; obtain disclosure regarding certain aspects of the processing; and obtain a copy of the information undergoing processing;
  • Verify your information and seek its rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;
  • Restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will not process the information for any purpose other than storing it until the circumstances of restriction cease to exist;
  • Ask us to delete/destroy/otherwise remove your information. If we are not obliged to keep the data for legal compliance, we will remove your information upon your request;
  • Ask us to transfer your information to another organisation if we process the information based on your consent or on the necessity to perform the contract; and
  • Withdraw consent. You have the right to withdraw the consent that you have given to the Gero with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
You can complete the request to exercise your right by contacting us at privacy@gero.ai.

If you believe that our use of personal information violates your rights, you can lodge a complaint with the competent data protection authority.

Children's Privacy

Our Service is not intended for use by children under the age of 17 ("Children"). We do not knowingly collect personal data from Children. If you become aware that a Child has provided us with personal data, please contact us by email: privacy@gero.ai. If we become aware that we have collected personal data from Children without verification of parental consent, we take steps to remove that information from our servers.

Security of information

We take necessary and sufficient measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

Internally, immediate access to the data is only allowed to our authorised employees involved in maintaining our Service and conducting other processing activities. Such employees keep strict confidentiality and prevent unauthorised third-party access to personal information.

Changes to this policy

We may update this privacy policy from time-to-time by posting a new version through our Service. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.