PRIVACY POLICY

KAMU Health Ltd Privacy Policy
2019-02-22

1. General

Your privacy is important to us. The KAMU Health Privacy Policy (“Privacy Policy”) is
designed to protect your privacy and to help you understand, what personal data KAMU
Health Ltd (“KAMU Health”) collects from you, how we collect the data, and how use the
data. KAMU Health offers a range of services directly to customers and via partners. Our
services include but are not limited to digital health and wellbeing services. When taking
any of our services into use, you have actively given consent to our Terms of Service and
this Privacy Policy. This Privacy Policy applies to KAMU Health’s interactions with you and
the KAMU Health products and services listed below, as well as other KAMU Health
products and services that display this Privacy Policy.

2. KAMU Health Privacy Principles:

● We fulfil the requirements of the General Data Protection Regulation 2016/679
(GDPR) of the European Union
● You as an end-user have control over your personal data: You decide, how much of
your personal details you want to share with others. You can transfer your personal
data from our digital tools in machine readable format (“data portability”). You can
remove your personal data from our digital tools (“right to erasure”).
● We only collect and process personal data that is necessary for providing and
developing our products and services.
● We provide aggregate level reporting to our customers. These reports are only
shown, when sample sizes are large enough to not enable identifying individuals.
● We do not sell, rent, loan or give out your name, email address, or other personal
data to anyone without your consent. However, if the service provider or all of its
assets would be acquired, customer information might be transferred to the
acquiring party.
● Your personal data may be transferred across international borders to server
locations supporting the service. Data recipients and locations are listed in chapter
5.
● We make consistent efforts to keep your information secure. However, no security
system is impenetrable and security risks exist in any system. We have risk
management process in place to identify and mitigate such risks.
● We may use cookies in order to provide a better service, related to Authentication,
Security, User Preferences, Performance, Analytics, Research, and Advertising.
Details of our Cookie usage practices are covered in chapter 4.
● Changes to our Privacy Policy will be published on our website.
● Should you have any privacy related questions or suggestions, please contact us at
support@kamuhealth.com.

3. Personal data collection in KAMU AsthmaTM

● KAMU Asthma is a holistic asthma self-care service. We collect and process
personal data in order to track, guide and visualise your health wellbeing.

● The KAMU Asthma is by default and design a private service: your personal
information is shared only to your nominated entities, whom you have approved to
this role.
● Data created by users of KAMU may be used for creating aggregate and
anonymous statistics visible to other users and KAMU Health’s customers.
● KAMU Health may share anonymized data stored in the service for research and
development purposes with it’s partners and customers.
Personal data collected when using the service:
Using KAMU Asthma requires that you give us your consent to process your personal
data. We use your data to provide you the service and related customer support. Below is
list of the personal data that we collect from you:
● The user’s personal information (name, sex, birthday)
● The user’s contact information (email)
● The user’s personal measurement information (height, weight)
● The user’s ethnicity
● Information regarding diagnoses, medications, treatment plan, known asthma
triggers
● Current and past location of the user
● Status of content consumption provided in the service
● Answers to health related and other assessments prompted to the user in the
service
● The user’s symptoms log information and other health, wellness and other data
entered to the service by the user, including journal entries created by the user
● Health and wellness data from wearable devices connected to KAMU by the user,
e.g. exercise data, daily step count, sleep data, resting heart rate, blood pressure,
pulse oximeter data, spirometry data
● Data from health hubs such as Apple HealthKit and Google Fit connected to KAMU
by the user, e.g. exercise data, daily step count, sleep data, resting heart rate, blood
pressure, pulse oximeter data, PEF and spirometry data
● Email and other notification sending permissions per notification type
● Messages sent to the user from KAMU service (message title and date)
● Internet-server technical logs (including user’s IP address and browser information)
● Mobile application analytics information: Application analytics help us learn how
well our application performs in different locations. We also use analytics to
understand, improve, and research products, features, and services, including when
you access KAMU from other websites, applications, or devices such as your work
computer or your mobile device.
● Information sources: Information provided by user her/himself or generated by the
KAMU service or generated by 3rd party services integrated to KAMU by the user.

4. Personal data collection in our website

4.1 Personal data collected when visiting the website

Upon certain interactions with Kamuhealth.com (e.g. subscribing to our newsletter), you
give consent for your personal details to be added for marketing register, which may
contain the following personal data, submitted by the user her/himself:
● Name
● E-mail address
● Mobile phone number
● Age and gender
● Job level and position
● Company name and industry
● User submitted interests for newsletter subscription preferences
In addition to self-submitted data, we use analytics and marketing automation tools,
which collect data on users’ browsing information, such as traffic sources, browser and
devices used, time spent in KAMU Health’s website, pages visited, geographic location
etc.
We collect personal data mainly at the point of subscription, but also later during the
customer relationship. KAMU Health’s website uses cookies, web beacons and other
similar methods in order to improve user experience, to develop our websites and services
further, and for targeting content and communications. Cookies are small pieces of data
sent from a website and stored on the user’s computer by the user’s web browser. Cookies
can be blocked from your browser’s settings. Our pages may also include other third-party
components, such as lead trackers.
We process personal data for the uses of customer relationship management and
marketing with the consent of the visitor, without disclosing customer personal data to
any third party. We maintain a register on newsletter subscribers and other users of our
website’s functionality. Newsletters are sent to subscribers by email based on the
marketing register’s information.
KAMU Health’s website runs a marketing automation system that is used for improving
the general user experience of our website and its content, and for creating target
segments for marketing.
We may place cookies, when a visitor first arrives to our website, in order to learn, how
visitors consume content in the site. A visitor’s personal data remains anonymous to
KAMU Health until:
1. Visitor subscribes to KAMU Health’s newsletter or other material
A user’s personal data may be linked to the cookie, when a visitor subscribes to a
newsletter, white paper etc. Submitted information is stored in the KAMU Health
marketing register.
2. Visitor arrives at the website from an email marketing message sent by KAMU
Health
A user’s personal information may be linked to a cookie, when the user arrives at the
website via an email marketing message sent by KAMU Health. The source for email
marketing messages is KAMU Health’s marketing register. A user, whose cookie is linked

to personal data, may receive email marketing that is personalised based on her/his
website visitor history. In case a user wishes to unassociated from their previous browsing
history, they can do so by clearing their browser cookies.

4.2 Personal data collected when purchasing products from our online store

When purchasing products from our online store at kamuhealth.com we collect personal
data required to deliver the product to you and to send you important information related
to your purchase. We also may use your email address to send you marketing email.
Emails that we send include unsubscribe link which you can use to opt-out from our
marketing emails. Below is list of the personal data that we collect from you:
● Name
● E-mail address
● Phone number
● Address
● Payment details

5. Recipients of the data and data retention policy

We use following services to store and process your personal data. We have ensured with
contracts that our service providers process the data in accordance to the GDPR and to
this privacy policy.
● Kinsta (online store hosting, data stored in USA)
● Hetzner (data center service provider in EU)
● TBD Payment processor
● Nettivarasto.fi, logistics services provider, data stored in EU and USA.
● Microsoft, Azure cloud services, data stored in EU.
● Google, Google Analytics for Firebase, data stored in USA.
We retain data related to your KAMU Asthma account 12 months after your subscription
expires and then delete or anonymize the data. Newsletter subscription related data is
retained until you unsubscribe the newsletter. Internet-server technical logs are retained
for 6 months. Mobile application, website and email analytics are retained for 60 days.
Sales data related to products and services we deliver are retained 6 years for accounting
purposes.
We have regulatory obligation to retain contact information for medical devices we
deliver. This information is used to notify customers and users about any potential
product safety hazards. For this purpose only, for each device we deliver, we maintain
sales contact information and contact information of the last user account a device has
been used with. These contacts are retained for 10 years after the last device of given
type has been delivered.

6. Your rights and data controller contact information

You have the legal right to inspect the data we have collected concerning you. You also
have the right to request the correction or deletion of incorrect, defective, unnecessary or
outdated personal data. You can also ask to receive your data in machine readable format.
If you request to delete your KAMU Asthma account, we will delete or anonymize all data
related to that account.
Newsletter subscribers can unsubscribe directly from the newsletter and all our marketing
emails include option unsubscribe.
For other requests related to your rights, please contact us at support@kamuhealth.com
or by writing to the postal address KAMU Health Oy, MARIA 01, Lapinlahdenkatu 16,
00180 Helsinki, Finland. KAMU Health Oy is the data controller for all the data processing
described in this privacy policy.