What is the scope of this privacy policy?

Five Lives provides you with the means to assess the impact your lifestyle and health background may have on your cognitive abilities through our mobile applications, our medical research, our website and our online services (collectively hereinafter referred to as our “Services”).

We collect your personal data so that you can benefit from our Services.

This privacy policy describes the types of personal data we collect, how and why we collect and use your personal data, when and why we could share your personal data, and your rights and choices you have to control them in accordance with the applicable laws.

The data controller is Five Lives SAS (collectively hereinafter referred to as “we”, “our”, “us”). When you access our website or our mobile application (collectively hereinafter referred to as the “Sites”), communicate with us via our online or social media channels or participate in research, this privacy policy will apply to you.

1. Who are we?

We are a digital therapeutics company that provides you the means to assess the impact your lifestyle and medical conditions may have on your cognitive abilities. This assessment is generated by taking specific user inputs, framed from publicly available academic research and medical guidance, and analysing these inputs against the predicted outcomes indicated from the same research and guidance. We improve the accuracy of our assessments by continuous evaluation and application of user inputs against emerging research and guidance.

2. What information do we collect?

We can collect “Personal Data” (or “Data”) that identifies you:

• either directly, such as your first name and your email address
• or indirectly, such as an online identifier (e.g. your account ID, your IP address, a cookie identifier) or one or more factors specific to your physical, physiological, genetic, mental identity.

3. When do we collect your Personal Data and for what purpose?

We may collect your Data and combine this Data with data providing by our partners:

a) You participate in research and/or use our Services.

We can collect some Data to provide you with our Services, to improve and personalize your online experience, to analyze trends and demographics, to prevent fraud and to improve the security of our Services. We may collect the following types of information:

• Contact Details: this includes information such as your first name, your date of birth, your email address or your login and password (together your “Contact Details”).
• Health Data: this includes information about diabetes, stroke, heart attack blood pressure, peripheral vascular disease, atrial fibrillation, blood glucose and cholesterol levels, hearing and visual problems, medicine taken, Body Mass Index (BMI), colour blindness, low mood, diagnosed dementia, diagnosed MCI, sense of direction, epilepsy, multiple sclerosis, parkinson’s disease, migraines, schizophrenia, anxiety, mood disorders, and your cognitive abilities (together your “Health Data”).
• Lifestyle Information: this includes information about your smoking, sleep, exercise habits and work habits.
• Technical information: this includes your browsing data and technical Information, to access to our Services and security of our Services, such as: visited pages, identifier of your device and the connection (IP address, MAC address), login dates and times, information concerning the browser and the operating system you use.

We use various types of technologies such as cookies (”Cookies”) to collect such Data when you use our Services or visit a third party site where we and our partners provide personalized content or carry out content use analysis.

We allow some of our partners to set and access their Cookies on your device. These partners’ use of Cookies is subject to their own privacy policies and not this Privacy policy. To refuse Cookies or request their deletion as well as obtain the list of partners who are permitted to store and/or access these Cookies, please visit the "Cookies" section or the "How do you exercice your rights?" section below.

b) You sign into our Services or our partners platform with a social login or your credentials.‍

We collect the Data that you have agreed to share via the social media site or third party such as comments, social media handle/username, number of followers, email address.

c) You sign up to our newsletters or ask to be contacted by us or our partners.‍

We collect your email address and other contact details when you sign up to our newsletters or ask to be contacted by us or our partners. You can unsubscribe at any time by clicking on the unsubscribe link available at the end of each newsletters.

d) You make a purchase in our online services.‍

We collect the Data needed to process your purchase (in particular to handle your order, process invoices and payments, deliver your purchase, prevent fraud) such as your “Contact Details”, your bank details (your “Payment Details”) and purchase history.

e) You are exposed to personalised advertisements or content on our Services or those of our partners.‍

We collect Data such as the advertisement, and the number of times it was watched, its location and the identifier of your device. We also collect information about your actions in relation to the advertisement, such as the sites visited as well as the dates and times of the visits.

We may also use your Data collected to offer you personalised advertisements, products, services, or content (“Personalised Content”) via our Services or those of our partners.

If you wish to withdraw your consent or object to the personalisation of advertisements, please visit the "What are your rights" and "How do you exercise your rights?" sections below.

f) You take part in a survey organised by us.‍

We may collect Data such as your last name, your first name, your date of birth and your email addresses and survey responses.

We use this Data to administer the survey, to send you promotional offers and/or for internal statistical purposes.

g) You contact us via our customer support or social media.‍

If you contact us via our customer support, we collect Data such as your last name, your first name, your username, your email address, your date of birth, your postal address, depending on your questions or requests. We will record the content of our correspondence with you. This data could be used to monitor service quality and compliance, prevent fraud, or provide training for our staff and customer service teams.If you contact us via social media, we collect some of the Data included on your profile.

h) You do not comply with our terms and conditions.‍

When you use our Services, we ask that you comply with our terms and conditions which are intended to protect our users, employees and our rights.If you do not abide by these rules, you may be sanctioned including in the event of inappropriate conduct. We will keep your Data for the time needed to apply these exclusions. This Data may include for example your username, your IP address, and the identifier of your device.

i) You interact with other users (via our social media pages).‍

We collect Data such as your username, IP address, the date, time, and we save the content of your messages to allow you to interact with other users in a secure environment.

4. How long do we keep your Personal Data?

Unless the law specifies a different retention period (e.g. for complying with legal, accounting, tax requirements and for managing your rights and/or our rights), we will only keep your Data for the time strictly necessary to carry out the operations for which said Data has been collected.

For example, if you purchased a product or a service from us, we retain some transactional data attached to your contact details to comply with legal, tax or accounting obligations, as well as to allow us to manage our rights (for example to assert our claims in Courts) during applicable laws and regulations.

At the end of this data retention period, your personal data will be erased or anonymized.

5. How do we share your Data?

We process and share your health data only with your consent.

Our reference to “consent” is to the explicit consent you give us and which we must have before we can process and share any data related to your health. You may withdraw your consent for us to process your health data at any time (For more information, please read the "How do you exercise your rights?" section below).

We may share your Data with:

• Our partners and/or the technical service providers involved in the supply of the Services (such as for research, sale of assessments, infrastructure, network and technology services, and storing, combining data, logistics, product delivery, promotion of the Services, Services payment). These partners and our service providers have to comply with applicable personal data protection laws.
• The competent Administrative or judicial authorities or any other authorized third party, in compliance with applicable laws. We always verify the legitimacy of the request.
• Our subsidiaries involved in the administration of the Services.
• Other companies we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the companies receiving your personal data can use your personal data in the same way as us.
• The partners who use your Data to provide you with personalised advertisements or content, and to run our push and in-app campaigns via Cookies: to consult the list of these partners, please visit the Cookies page.

These third-parties organisations (except our subsidiaries) have their own privacy policies which you may refer to for information about how they process your information and how to exercise your data subjects’ rights as provided under applicable laws. We do not accept any responsibility or liability for the policies of other organisations.

We may share Data to establish, exercise or defend our and/or your legal rights (this includes providing Data to our professional advisors).

We may process or transfer some of your data with partners who have servers or who are based outside the UK or EEA. In such cases, your Data may be transferred to countries located outside of the UK or the European Union who provide an equivalent level of protection. In the event of transfer to other countries, the protection of your Data is especially ensured by the signature of standard contractual clauses approved by the European Commission or equivalent legal mechanisms (such as those defined in chapter V of the Regulation (UE) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR”).

6. What are your rights?

Below, we set out the rights you have under the GDPR in relation to your personal data.

• Obtain a copy of your Data – “Right of access and data portability”: You have a right to see the personal data we hold about you and you can request a copy of this data. You also have the right to request a copy, in an interoperable format (right to your data “portability”), of the personal data that you have provided to us for the performance of a contract with us or under your consent. You may also use it yourself or transfer it to another service provider. If you have been excluded in relation to our Services, we will not be able to give you access to the Data regarding your sanction to maintain our ability to detect or take action against such behavior.
• Correct your Data – “Right to rectification”: If you believe we hold inaccurate or missing information, please let us know and we will correct it.
• Object to our use of your personal data (Right to object): We will consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it or delete it.
• Give and withdraw your consent (Right to consent): At any time, you may withdraw your consent or object to:
  - Your participation in research by contacting us. When this time has been reached or if you withdraw your consent, your personal information will be securely destroyed or anonymized.
  - The reception of newsletters or email messages with news and information about our company (please use the unsubscribe link available in our newsletters and marketing emails or send us an email from the email address at which you are receiving the messages to privacy@fivelives.health.
  - The personalisation of advertisements and notifications, the sharing of your Data with some partners and the use of some categories of Cookies (please visit our Cookies page).
  - The personalisation of advertisements on our mobile application (please use the privacy settings on your telephone or your tablet and activate “Limit Ad Tracking” on Apple smartphones, or “Opt-out of Ads Personalisation” on Android smartphones).
  
• Right to erasure (Right to be forgotten): You can request the deletion of your data when:
  - You want to delete your account.
  - We no longer need to keep your personal data.
  - You have successfully made a general objection.
  - You have withdrawn your consent to us using your personal data (where we have relied on consent as the lawful basis for doing so).
  - We have unlawfully processed your personal data.
  If you have been excluded in relation to our Services, we cannot delete the Data regarding your exclusion as to allow us to maintain your exclusion.
• Limit the use of your data (Right to restriction of processing): you can restrict our use of your personal data (if you do not want us to delete it), if you have successfully made a general objection, you are challenging the accuracy of the personal data we hold, or we have used your personal data unlawfully.

If you object to the processing or withdraw your consent or ask for the deletion of your personal data by us, we will stop processing your personal data or erase it from our IT systems, except where we have legitimate and compelling grounds for processing, or for the purpose of ascertaining, exercising or defending its legal rights in accordance with the applicable laws and regulations.

7. How do you exercise your rights?

If you are a user of our application and you want to exercise any of your rights set out above, please contact us via the “contact us” button available in our application. If you want to delete your account and the data linked to your account, please visit the Settings in the Five Lives app and click on the “Delete Account & Data” button.

To exercise your rights you can also send an email to privacy@fivelives.health but before we can facilitate these rights, we will first need to be able to identify you based on the information that we have about you.

We’d like the chance to resolve any complaints you have. However, if you feel that your rights have not been respected after having contacted us, you have the right to make a complaint to the regulatory authority in your country.In the UK, you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is at ico.org.uk.

We are registered with the UK Information Commissioner’s Office as a Data Controller (Reg No. ZA710227).

8. How do we secure personal data?

In order to ensure the security and confidentiality of your Data, we implement appropriate physical, electronic and organizational procedures to safeguard and secure Data throughout our Services, in particularly, to prevent your Data from being distorted, damaged or communicated to unauthorized third parties, by ensuring an appropriate level of security with regards to the risks associated with the processing and the nature of Data to be protected.

Where you use a password for registering with our Services, you are responsible for keeping this password confidential. We ask you not to share your username and/or password with anyone.

We cannot guarantee the security of Data that you transfer over the internet or a telecommunication network to us; however, we do take appropriate technical and organisational measures to safeguard your personal data.

9. What is the lawfulness of processing?

The lawfulnesses of the data processings are:

• A contract between you and us to provide you with Services (including making a purchase, access to completed assessments for a user’s purchase including managing payments, asking to leave a review or taking a survey)
• A legitimate interest: offering you the best possible user experience (including understanding our product – strengths, weaknesses, opportunities and threats, testing and developing new products and services as well as improve existing ones, understanding and keeping abreast of current, new and emerging trends in our industry), administering and protecting our Services (maintaining the integrity of our IT services and network security, troubleshooting, system maintenance, support, reporting and hosting of data), managing payments, responding to your requests and questions or sending you our newsletters, keeping our records up to date; obtaining inputs that will be applied against the academic research and medical guidelines that are publicly available in order to generate an assessment in relation to cognitive health, establishing a database of most common risk factors and links to lifestyle for additional research purposes on cognitive health.
• Your consent: participation in research, processing of your health data, offering you personalized advertisements depending on your data via Cookies. You may withdraw your consent for us to process your Data, particularly your health data at any time.
• Complying with a legal obligation: responding to complaints and queries from competent administrative or judicial authorities or any other authorized third party, in compliance with applicable laws.

10. Children’s Privacy

Our Services are not intended for use by or directed towards children. Accordingly, we do not knowingly collect and maintain the information of anyone under the age of 18. Where we discover that the user is a child, we will promptly delete the associated user profile and any personal data that was provided to us by that user.

11. Update of our privacy policy

Please note that we may update or change this privacy policy.

If we update our privacy policy, we will post those changes to other places we deem appropriate. You are deemed to have accepted the new terms of the privacy policy when you first use the Services.

12. Contact

If you have any questions about this privacy policy, please contact our Data Protection Officer at privacy@fivelives.health.

13. Cookies

What is a “Cookie”?‍

We may store some information on your device when you access our website. This information is commonly known as a “cookie”. A cookie is widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We may use cookies or other similar technologies like SDK on mobile or small electronic files known as web beacons, (also referred to as clear gifs, pixel tags and single-pixel gifs) (“Cookies”).

Why do we use “Cookies”?‍

The use of Cookies is an industry standard and is used by most major websites to provide the visitor with tailored information.
We may use cookies in order:
- to better understand how the website is being accessed and used to determine if the website is being delivered efficiently
- o enhance your online experience by customising your use of the website and our app and eliminating the need for you to re-enter data every time you visit the website and our app
- to count users who have visited pages or opened an email and for other related Website and app statistics (for example, recording the popularity of certain Website content and verifying system and server integrity)
- to provide you personalised ads and contents.
- to measure advertising efficiency.

We allow some of our partners to set and access their Cookies on your device. These partners’ use of Cookies is subject to their own privacy policies and not our privacy policy.

How can you accept or refuse the use of Cookies?‍

Before placing Cookies in your device, a message displayed requests your consent to set up these Cookies via a banner that appears during your first visit. By consenting to place such Cookies, you give us and/or our partners the opportunity to improve our Services. You can also manage the use of cookies at any time by setting up your browser software, using the ad blockers tool or by disabling Cookies. Alternatively, you can adjust your browser settings to understand when these Cookies are stored on your device or to disable the Cookies by consulting your browser’s “Help” menu. Please note that these settings may affect your ability to access certain features of our Services whenever these Cookies are needed for the operation of our Services. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

Who are our partners that use Cookies on our Services?

• Cookie preference – We use this Cookie to remember a user’s choice about cookies on our Services. Where users have previously indicated a preference, that user’s preference will be stored in this cookie.
• Language selection - We use this Cookie to remember any selection a user has made about language on our Services, using the language selector, so that the site will be shown in their chosen language when returning to the site and our app.
• Analytics - We use this Cookie to collect the information about how visitors use our Services to compile reports and to help us improve our Services.
• Security - We use this Cookie to help maintain the security and performance of our website and our app. Some traffic may receive a challenge to check if it is genuine and if it is, a Cookie is set so the user isn’t challenged again.

Website‍

The third-party services that we use on our website are the following:

• Facebook (privacy policy) - We use Facebook for ads and marketing purposes.
• Google (privacy policy) - We use Google for ads and marketing purposes.
• Hotjar (privacy policy) - We use Hotjar for analytics purpose and improving your user experience.
• Singular (privacy policy) - We use Singular to measure advertising efficiency and marketing purpose.
• Google Analytics (privacy policy)- We use Google Analytics for analytics and marketing purpose.

‍Mobile‍

The third-party services that we use on our app are the following:

• Amplitude (privacy policy) - We use Amplitude to gather product metrics.
• Braze (privacy policy) - We use Braze to run our email, push and in-app campaigns.
• Facebook (privacy policy) - We use Facebook for ads and marketing purposes.
• Firebase (privacy policy) - We use Firebase for product metrics and A/B testing.
• Google (privacy policy) - We use Google for ads and marketing purposes.
• Thundra (privacy policy) – We use Thundra for server related logging of bugs and issues.
• Bugsnag (privacy policy) - We use Bugsnag for mobile related logging of bugs and issues.
• Singular (privacy policy) - We use Singular to measure advertising efficiency and marketing purpose.
• Snowflake (privacy policy) - We use Snowflake for product metrics and data analysis.
• Google Analytics (privacy policy)- We use Google Analytics for analytics and marketing purpose.

Our App may contain links to websites such as NHS, NCBII-Tunes, CiteSeerX, ScienceDirect, BMJ Journals, ResearchGate, the New England Journal of Medicine, Karger.com, Sociedad Argentina de Gerontologia y Geriatria, Aha Journals, n.neurology.org, Sage Journals, Heart Rhythm Journal, Oxford Academic Journal, STA Healthcare Communications, Typeform. These third-party organisations will have their own privacy policies which you should read carefully before providing any of your personal data as we do not accept any responsibility or liability for the websites of other organisations.