Data Controllers
The Data Controller is HEART SENTINEL S.R.L., with registered office in Parma (PR), Benedetto Cairoli Street,
No. 15, VAT ID 02790040345 – represented by the current legal representative, reachable at the following
email address: info@heartsentinel.net
The Data Controller has appointed a Data Protection Officer (DPO) in accordance with Art. 37 of the GDPR,
reachable at the following email address: dpo@heartsentinel.net
The healthcare provider to which the User will address themselves is identified as an independent data
controller for the purpose of monitoring the data and traces produced by the Ritmia™ sensor. In this
regard, the healthcare provider becomes responsible for the manner in which such data will be processed
and guarantees that the information transmitted through the service complies with the relevant laws on
privacy and data protection.

What data do we process?
The personal data collected about the User falls within the following categories:
     – information provided during registration: email address, user-chosen password, Ritmia™ sensor
        identification number
     – aggregated information that we may collect based on the User’s use of the App.

Purpose and Legal Basis of Processing
HEART SENTINEL S.R.L. acts as the Data Controller for personal data concerning the use of the Ritmia™ App
and sensor for the purpose of:
     a) providing the User with heart rate monitoring service;
     b) establishing, exercising, or defending a legal claim. 
For the above-mentioned purposes, processing will be carried out based on the following legal grounds:
     – for point (a), the legal basis is the performance of the contract in accordance with the General Conditions
        for the use of the Ritmia™ App and sensor. It should be noted that in case of the processing of health data,
        the legal basis is the User’s consent;
     – for point (b), the legal basis is the legitimate interest of the Data Controller.

Processing Methods
The processing of personal data is primarily automated, using security measures to ensure their protection and utmost confidentiality. The processing will adhere to principles of fairness, lawfulness, transparency, privacy protection, and user rights.

Sharing and Disclosure of Personal Data
Heart Sentinel commits to never sell the data and information collected through the App and Ritmia™ sensor to third parties for commercial purposes.

Data may be disclosed to entities that, on behalf of the Data Controller, carry out activities to fulfill contractual obligations

Dissemination and Transfer of Data
Data will not be disseminated.
Data will generally not be transferred outside the European Union. Any transfer of data outside the European Union will only occur to entities that ensure an adequate level of data protection and/or to countries for which competent Authorities have issued a adequacy decision. It may also occur to entities that have provided suitable guarantees for data processing through appropriate legal/contractual instruments, such as the adoption of standard contractual clauses.

Retention Period
Personal data necessary for managing the App account will be stored for the times required by the relevant regulations and for at least 10 years, unless otherwise requested by the User.
Personal data collected during the use of the Ritmia™ sensor will be retained for a limited time of up to 48 hours.

Data Subjects’ Rights
The data subject can request information about their personal data by writing to the address info@heartsentinel.net.
In particular, the data subject can:
     – access their personal data, obtaining evidence of the purposes pursued by the Data Controller, the
        categories of data involved, recipients to whom the data can be communicated, the applicable retention
        period, the existence of automated decision-making processes, including profiling, and, at least in such
        cases, meaningful information about the logic used, as well as the significance and possible consequences
        for the data subject, if not already indicated in this Notice;
     – promptly obtain the rectification of inaccurate personal data concerning them;
     – obtain, in cases provided by law, the erasure of their data;
     – obtain restriction of processing or object to it, when allowed under applicable legal provisions;

If considered appropriate, the data subject can lodge a complaint with the supervisory authority.

Parma, 28/08/2023