EPILLO HEALTH SYSTEMS OÜ (referred to as “we” and “our” and “us“) understands and respects your desire to maintain your privacy. It is our priority to maintain your privacy in all of your dealings with us, including through your use of the Fitmint Wear decentralized application and smartwatch (“Product”).

We may in the course of providing our services to you be required to collect your personal information.

This Privacy Policy is intended to explain how we and our related entities will collect your personal information and protect your privacy.

We are headquartered in the Estonia and our services are provided to you by us. This policy was written in English. To the extent a translated version conflicts with the English version, the English version controls.

Unless indicated otherwise, this Privacy Policy does not apply to third party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through our services.

We will always act in accordance with our governing laws. when dealing with your personal information. As a global business, we also comply with various jurisdiction-specific privacy provisions outlined in this Privacy Policy.

What information is covered under this policy?

This Privacy Policy covers your personal information. Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. All personal information received in connection with our business is subject to strict rules of confidentiality.

Common examples include your name, username, password, IP address, unique device identifiers, gender, signature, address, telephone number, email, date of birth, bank account and digital wallet details, billing and credit or debit card details, photos and videos of you, other identification credentials and biographical details, and commentary or opinions about you.

We also collect information about your location and physical movements in order for the Product to function properly and monitor and verify forms of eligible movement. You may turn location monitoring on and off from time to time using the settings of your operating system of your mobile device but, if you disable this functionality, we will not be able to collect information relating to your step-count and GPS/Cell-ID location which will prevent tracking and/or conversion of your movement into EHT tokens and reward points.

Personal information that we may collect from you

We may collect some or all of the following types of personal information:

information that you give us through your dealings with us;
information that we may collect from you; and
information that we may receive from you from other third party sources.

By agreeing to this Privacy Policy, you consent to the fact that you are aware that we are collecting your personal information and disclosing it as required by us and in accordance with the relevant privacy laws.

How personal information is collected

“Personal information” is data that identifies, relates to, describes, can be used to contact, or could reasonably be linked directly or indirectly to you. For the purposes of this Privacy Policy, there is no meaningful distinction between the terms “personal information” and “personal data”.

You may choose not to provide some of the personal information described above. Please note, however, that some of our services require some personal information to operate, so if you choose not to provide the personal information necessary to operate and provide you with a particular service or feature of that service, you may not be able to use that service or feature.

Information that you give us

We may collect your personal information directly from our contact with you. This may include by you completing forms or parts of our website, Social Media, Product and/or other software and/or mobile applications, by you providing us with consent to access personal information such as photographs, videos or photo albums, by you providing us with consent to access the microphone and/or camera on your device, or by you contacting us via the email, telephone, through Social Media and other similar functions either directly through our website or the Product or through third party host websites, in person, through various marketing channels or competitions either directly through our website or the Product or through third party host websites, and surveys.

You understand that any personal information that you provide to us must be accurate and up to date. We will assume this to be the case.

Information that we collect about you

In this Privacy Policy “Social Media” means social media networking sites of any kind or nature including but not limited to web or internet based or mobile telephonic devices or medium such as facebook, twitter, Instagram and LinkedIn which enable the creation and exchange of user generated content.

Our website, Social Media, Product and/or other software and/or mobile applications may automatically collect the following information about you each time you visit or otherwise use our website, Social Media, Product and/or other software and/or mobile applications:

technical information including but not limited to the Internet Protocol Address used to connect your device to the internet, the internet browser and version that you are using when accessing our website, Social Media, Product or other software and/or mobile applications, any additional plug-ins that you are using, and your device’s operating system and platform; and
information about the time and date you accessed our website, Social Media, Product or other software and/or mobile applications, and what you accessed on our website, Social Media, App or other software and/or mobile applications. This includes links that you clicked on, what content you accessed, how long you accessed that content for, whether you downloaded any content, whether supplied by us or downloaded from a third party host, and how you navigated to and from our website, Social Media, Product or other software and/or mobile applications to other sites, apps or other pages hosted by us.

Sensitive information

Throughout the course of collecting your personal information, we may collect sensitive information about you. Sensitive information includes:

information or an opinion about your racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual orientation or practices; or criminal record that is also personal information; or
health information about an individual; or genetic information about an individual that is not otherwise health information; or biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or biometric template.

If we do collect any of your sensitive information, we will only collect it in accordance with the applicable privacy standards. This means that we will only collect this information with your consent and for reasons that are reasonably necessary or otherwise related to the provision of our services.

Where you consent to our collection of your sensitive information, you also consent to us using that sensitive information for the purpose/s for which it was collected, including its disclosure to third parties.

How we use your personal information

You consent to the disclosure of your personal information to any of our related entities.

You consent to our collection of your personal information and disclosing it to third parties where necessary and for the purposes for which it was collected.

This may include:

providing our services;
verifying your physical movement and location and issuing EHT tokens/reward points tokens on the basis of this verified data;
investigating and/or preventing suspected fraud or other criminal activities or misuse of our services, including the collection and disclosure of user location and movement data for purposes in connection with our Machine Learning Anti-Cheating System, including detailed user behavioral analysis for these purposes;
where we collect or disclose information that is or relates to the Internet Protocol Address used to connect your device to the internet, for the purpose of fraud detection and management of the integrity of the Fitmint Wear game system and other services. This may include detecting when users are cheating the Fitmint Wear game system, and for handling accounts we suspect are stolen or have otherwise been compromised. This information helps us verify whether the account or associated assets belong to a particular user;
where information is or relates to system version information of your device, or the make and model of your device, for the purpose of our compatibility assessments with our software versions and other aspects of our services;
creating Marathon Leader boards of players, comprising all players or players meeting particular criteria;
operating the Fitmint Wear Marketplace;
nvestigating disputes between players;
using your personal information to provide you with information that you have requested from us, although we do not create a link between your user ID and your user email;
communicate with you, including to inform you of updates to the Product, epillo.io website, our Terms of Use and/or this Privacy Policy;
authenticating your financial account information or processing the transfer of digital assets;
authenticating your credit or debit card information;
using your personal information for marketing purposes to provide or offer services to you. This includes, but is not limited to, keeping you up to date with our latest news, events, special offers and promotion of our brand or other similar products that we think that you may be interested in. This includes both our direct marketing to you or another third party whom you have authorized us to disclose your personal information to;
notifying you about any changes to our products, website, Product and/or other software and/or mobile applications, brand or services offered;
seeking your opinion and feedback on any of our services, including for the purposes of product improvement and customization, website/software improvement and personalization and other general services;
for consumer engagement and/or customer service purposes, including but not limited to identifying the effectiveness of advertising, allowing you to participate on website viral features such as sharing website content and other community features (for example, blogs);
analyzing the usage of, and improve our services;
for other general services such as website/software security, maintenance, identification of fraud or errors, internal accounting and administration, and for any other purpose that we are required or permitted to do by law; and
managing our relationships with you and our other customers.

Certain of your personal data may be shared with other players of the Product as part of the normal operation of our services. Additionally, we may, from time to time, expand or withdraw our business which may involve the transfer of certain of our divisions or assets to other parties, and the data we store and use, where relevant, may be transferred to such third parties. From time to time we may also transfer the data we store and use to locations outside Europe, some of which may have different data protection laws to Estonia.

In addition we may utilize overseas IT services (including software, platforms and infrastructure), such as data storage facilities or other IT infrastructure. In such cases, we may own or control such overseas infrastructure or we may have entered into contractual arrangements with third party service providers to assist us with providing our services to you.

As we utilize cross border IT services and platforms which can be accessed from various countries via an internet connection, it is not always practicable to know where your information may be held.

Legal obligations to disclose

We may be required to disclose your personal information for the purposes for which it was collected and also subject to our legal obligations:

as required by law;
to any person where necessary or desirable in connection with our provision of services; and
on a confidential basis to our external service providers and advisors.

To be clear, you consent to our disclosure of your personal information to any of our business partners, suppliers, subcontractors or the like, advertisers and other advertising networks, analytics and search engine providers and other third parties provided the disclosure of your personal information is for the purpose or ancillary to the services that we or these third parties offer you and for the purposes the information was originally collected.

We may share your information with other third party business partners for their own marketing purposes. These third parties include online advertisers or ad tech companies, who may provide you with targeted advertising and marketing communications, where permitted under law. The information we share includes information collected through your use of our services and information we collect about you through the use of cookies and similar technologies.

You understand that we are authorized to disclose your personal information to third parties if we buy or sell any business or assets, including our business, if we are under a duty to disclose your information, or if the disclosure of your personal information is necessary for us to conduct an investigation into any unlawful activity that we know or suspect has or may be engaged in.

You consent to the disclosure of all information necessary for our company to comply with any relevant reporting obligations (if any) pursuant to the Anti-Money Laundering and Counter-Terrorism.

We will take all reasonable steps to ensure that any overseas recipient of your personal information does not willingly or knowingly breach the governing laws in relation to your personal information.

How we store your personal information

We maintain commercially reasonable technical, administrative, and physical security measures designed to protect your information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

When your credit or debit card account, financial account or digital wallet information is being transmitted to our services or through our services, it will be protected by cryptographic protocols. To be clear, we do not ourselves store your credit or debit card account information, and we do not have direct control over or responsibility for your credit or debit card account information. We may use third party payment processors that are the controllers of your information. Our contracts with third parties that receive your information require them to keep it secure and confidential.

However, we cannot guarantee that transmissions of your information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third party service providers. Except to the extent that liability cannot be excluded or limited due to applicable law, we assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third party access, or other causes beyond our control.

We will only keep your information for as long as reasonably necessary to fulfill the purposes for which your personal information was originally collected.

We will delete your information after a reasonable time. You may be required to re-enter your personal information if it has been deleted.

You agree and acknowledge that your personal information may be stored at or transferred to any country across the globe, as may be required by us.

We will take all reasonable steps and precautions to ensure that any transmission of your personal information via the internet is secure. However, we cannot guarantee the security of any data transmitted to our website and you agree and acknowledge that any such transmissions are at your own risk.

Once we receive your information, we take reasonable steps to protect your personal information. This may include storing any information on a secure server and employing strict procedures and security features to protect your personal information from any unauthorized recipients and to prevent unauthorized access to the same. We may also store your personal information in physical form.

All our employees with access to your information will be held to the confidentiality obligations as set out in this Privacy Policy.

Collections of your information using cookies and other tracking technologies

Our website and/or Product and/or other mobile applications use “cookies”. Cookies are small pieces of data sent from a website and stored in your web browser. These pieces of data will allow our website and/or Product and/or other mobile applications to remember who you are and to obtain information from you which allows us to deliver you a better and more customized service.

As a result of our website and/or Product and/or other mobile applications’ use of cookies, we may collect information such as your IP address, online activity and your web browser details. Information that we will not collect or store includes your passwords or other sensitive information.

We will use both persistent cookies, which could remain on your device until their expiration (which can be, in some cases, up to 10 years), and session cookies, which are temporary files removed from your device once your browser is closed.

The types of cookies we may use include analytical and tracking cookies, which allow us to recognize and count the number of visitors and analyse use of the services, as well as to verify transactions, and advertising and re-targeting cookies, which allow us to generate appropriate advertising directed to you on our website as well as on the Product.

If you enabled cookies when accessing our website and/or Product and/or other mobile applications, we will take this as consent to our use of cookies and other technologies mentioned in our Privacy Policy.

Please note that you should also refer to our website’s Terms of Use for further information on this issue.

Your rights

You have the right to request access to the personal information we hold about you by contacting us or our Privacy Officer by emailing raghunath@epillo.com or in writing at the following address:

Epillo Health Systems OÜ

[WRITE ADDRESS OF EUROPE]

Attn: Legal

If we cannot provide you with access, we will write to you and provide you with the reasons why we are unable to provide you with access.

If any personal information that we hold about you is inaccurate, incomplete or not up to date, you may write to us or our Privacy Officer and request that we correct the information at the above address.

You have the right to request that we do not disclose your personal information (for example, for marketing purposes). You can exercise your rights by unchecking the relevant check boxes on our website and/or PRODCUT and/or other mobile applications when you provide us with your personal information, or by writing to us at the above address.

You may choose to opt out of receiving any further correspondence from us by writing to us at the above address or emailing us at the above email address.

Jurisdiction-specific provisions – Residents of the EEA and the United Kingdom

Through our website, Social Media, Product and/or other software and/or mobile applications, we provide services to users throughout the world. We process personal information of data subjects inside the European Economic Area (“EEA”) we are also bound by Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”).

The purpose of the following data protection information is to provide you with an understandable, transparent and concise explanation of how we intend to process your personal data in accordance with Articles 13 and 14 of the GDPR. However, should you require further explanations relating to our data protection or wish to exercise any of your rights, please do not hesitate to contact our Privacy Officer at privacy@epillo.io.

We recognize the below rights which you enjoy under the applicable data protection law with respect to your personal data:

Right to be informed: You have the right to be informed about the collection and use of your personal data. This information is set out in the terms of our Privacy Policy.
Right of access: You may request information from us at any time as to whether we have stored your personal data and which personal data it has stored. We are required to provide this information to you free of charge.
Right to rectification: If your personal data stored by us is inaccurate or incomplete, you have the right to demand at any time that we correct the information.
Right to erasure: You have the right to demand that we erase your personal data if and to the extent that the data is no longer needed for the purposes for which it was collected or if the data is processed on the basis of your consent and you have opted to revoke your consent. In such cases, we must cease processing your personal data and remove that data from our IT systems and databases. You do not have a right to erasure if:
The data may not be deleted due to a statutory obligation or must be processed due to a statutory obligation.
The processing of data is necessary for the establishment, exercise or defence of legal claims.
Right to restriction of processing: You have the right to demand that we restrict the processing of your personal data.
Right to object to processing: If your data is processed by us on the basis of Article 6(1)(f) GDPR, you may object at any time to processing by us. You may assert any and all of the rights of data subjects described above against us by addressing your specific requests by contacting our Privacy Officer via privacy@stepn.com.
Right to lodge a complaint with a data protection supervisory authority: Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

Complaints

If you are concerned about a possible interference with your privacy or about the potential misuse of your personal information, please contact us at the above email address.

We take all complaints very seriously. It is our policy to handle complaints in a timely, effective, fair and consistent manner. If you are not satisfied with our response, you have the right to refer your complaint to the relevant government authorities.

Privacy Policy updates

This Privacy Policy was last updated in August 2022.

We reserve the right to make changes to this Privacy Policy at any time. We encourage you to regularly review this Privacy Policy to make sure you are aware of any changes and how your information may be used.