Angelo Life App Privacy Notice

This Notice applies to:

• –Clients who enter into a contract with Empaco,
• –Beneficiaries who wear the Angelo Life device (Device Users),
• –Designated persons who receive notifications or alerts through the app (App Users).

• –Identity and contact data, such as name, surname, postal address, telephone number, WhatsApp number, email address, identification details provided for contracting, and details relating to the contractual relationship.
• –Account and onboarding data, such as account credentials, client number, contract number, service package information, device allocation details, and records relating to activation and onboarding.
• –Health and wellbeing related data generated by the device and the service, such as heart rate, heart rhythm regularity, blood pressure, blood oxygen saturation, movement patterns, number of steps, fall related events, sleep patterns, and other indicators generated by the device in connection with the contracted monitoring service.
• –Location data, such as GPS coordinates and related location events of the Device User while the device is in use and location functions are enabled.
• –Device, SIM, and technical data, such as smartwatch identifier, SIM number, assigned phone number, app version, operating system information, connectivity status, and technical logs necessary for service operation, maintenance, and troubleshooting.
• –Payment and billing data, such as invoicing details, payment status, payment method, and related accounting records.
• –Support and communication data, such as emails, WhatsApp messages, complaints, service requests, and records of interactions with our support team.
• –Data received from other persons, where the Client provides information about the Device User or an App User, or where an App User is added for alerting and monitoring purposes.

• –To conclude, perform, and manage the contractual relationship, including delivery of the device, activation of the SIM subscription, account setup, access management, billing, renewals, support, maintenance, and handling of contractual communications. Legal basis: Article 6(1)(b) GDPR, performance of a contract or steps prior to entering into a contract.
• –To provide the Angelo Life monitoring service, including transmission of device data through the app, display of alerts, communication of emergency related events to the Client or Designated Person, and provision of the functions included in the selected service package. Legal basis: Article 6(1)(b) GDPR. For health-related data, special category processing is carried out on the basis of Article 9(2)(a) GDPR, explicit consent, unless Empaco documents and applies another Article 9 condition that is more appropriate for the specific service model.
• –To process location data necessary for location-based alerts, safety monitoring, and related service functions. Legal basis: Article 6(1)(b) GDPR for the core service, together with device level permissions granted by the user where required.
• –To provide customer service, resolve complaints, repair or replace devices, investigate incidents, and ensure service continuity. Legal basis: Article 6(1)(b) GDPR and, where appropriate, Article 6(1)(f) GDPR, Empaco's legitimate interest in maintaining the security and reliability of its services.
• –To comply with legal obligations, including accounting, tax, consumer protection, and responding to lawful requests from competent authorities. Legal basis: Article 6(1)(c) GDPR.
• –To ensure network, platform, and device security, prevent misuse, document incidents, and protect the integrity of our systems and services. Legal basis: Article 6(1)(f) GDPR.
• –To send strictly service-related notifications, such as activation messages, technical notices, payment reminders, device replacement information, and security notices. Legal basis: Article 6(1)(b) GDPR and, where appropriate, Article 6(1)(f) GDPR.

We may obtain personal data:

• –directly from the Client, Device User, or App User,
• –during face-to-face sales and onboarding,
• –from the device and mobile application during use of the service,
• –from the Client where the Client provides personal data about the Device User or an App User.

As a general rule:

• –contract, account, and service data are kept for the duration of the contractual relationship and for the period necessary to establish, exercise, or defend legal claims;
• –billing and accounting data are kept for the retention period required by applicable financial and tax law;
• –health and location data are kept for the duration necessary to provide the service and for a limited period thereafter according to Empaco's retention schedule and legal obligations;
• –technical logs and support records are kept only for as long as necessary for security, troubleshooting, and audit purposes.

Personal data may be accessed by:

• –authorised Empaco personnel on a need-to-know basis,
• –technical and hosting providers acting on Empaco's behalf,
• –the mobile network operator providing SIM connectivity,
• –courier or logistics providers where needed for delivery, repair, replacement, or return of devices,
• –professional advisers or competent public authorities where disclosure is required by law.

Under the GDPR, you may have the right to:

• –obtain access to your personal data,
• –request rectification of inaccurate or incomplete data,
• –request erasure of your personal data in the cases provided by law,
• –request restriction of processing,
• –object to processing where the legal basis is legitimate interest,
• –receive your personal data in a structured, commonly used, and machine-readable format, where applicable,
• –withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal,
• –lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing, ANSPDCP, or with another competent supervisory authority in the EU.