Privacy policy

At Hello Inside, we continuously strive to provide you with the best possible experience - and your privacy is important to us.

With the following privacy policy, we aim to:

  • make it easier for you to understand what data we collect and how we use it
  • give you more control over your data
  • provide a detailed explanation of your rights as a user.

GENERAL

Controller. Roots Health GmbH, FN 550059 k, Kopernikusgasse 8/20, 1060 Vienna, Austria (see our Imprint) (“Roots Health”, “we”, “us”). We process your personal data as a controller when you use our app or website (“Website” and together with the apps “Products”) or otherwise contact and communicate with us.

Applicable Law. The processing of your personal data is carried out in accordance with applicable local data protection laws, e.g., the EU General Data Protection Regulation (“GDPR”) or the Austrian Data Protection Act in its current version.

Content. In this privacy policy (“Privacy Policy”), we would like to provide you with information about us, the type, scope, and purposes of data processing, e.g., collection and use, and give you insights into the processing of your personal data in connection with the use of our Products. Please note that the processing of personal data of business partners and applicants is not the subject of this Privacy Policy. Corresponding information can be found in separate privacy policies.

Contact. Our general contact person for all questions, inquiries, or concerns regarding the processing of personal data is the email address: dataprotection@helloinside.com (“the Email Address”). In addition, you can also contact us by mail at the postal address mentioned above, attention to the Data Protection Officer.

Data Protection Officer. Our Data Protection Officer can be reached at the Email Address. If you have any questions about the processing of your personal data, please do not hesitate to contact them.

CATEGORIES OF PERSONAL DATA WE PROCESS

Data Sources. Hello Inside processes personal data that you provide to us directly or indirectly, for example, through the use of our Products, that others provide to us, for example, when you link your profile with a partner platform, or that we ourselves generated, for example, your user ID. Please note that the exact amount of personal data we process about you depends on how you use our Products. Therefore, we may not process personal data about you in all categories.

Categories of personal data we collect or generate from you. These are the categories of personal data we directly or indirectly collect from you and/or generate ourselves.

Identity Information - All information that identifies you as a living individual, including, but not limited to: name (first name, last name, initials), date of birth, email address, gender, profile picture, unique customer identification number and password.

Contact Information - All information with which you can be contacted, including, but not limited to: phone number, shipping and billing address, email address, social media handles or any other communication channel through which you have contacted us.

Location Information - All information we can use to know or guess where you are, in real-time or otherwise, including, but not limited to: chosen place of residence, current login location (IP address), real-time device location information via device sensors and signals, GPS location (if you wish to share it with us, for example via your mobile device settings) or information that helps us guess where you might be, such as the specific Hello Inside website you have visited which could give us clues about your location, or if you “check in” at an event or website on a social media page that indicates the location if it is shared with us.

Size Information - All information related to your body measurements, including, but not limited to: height, weight, circumferences, etc.

Purchase Information - All information we use to complete or in connection with your purchase receipt and invoice, including, but not limited to: payment provider, duration of Hello Inside subscription, price, currency and VAT (based on country information). Although we ourselves do not store or otherwise process credit or bank data, we process a payment ID number assigned by the respective payment service provider that can be associated with you.

Profile and Community Information - All information you provide to us in your social profile and/or when interacting with our communities and other users, including, but not limited to: follower information in the Hello Inside community, information you provide when participating in Hello Inside events/challenges and groups/communities either as trainer, team member, participant or as promoter, images and videos you share, information you provide in your profile bio, team memberships and roles there, interests, feedback, likes and comments, leaderboards, event participation, joined groups including roles as well as challenge participations and achievements.

If you explicitly allow us to access your phone book, we compare the email addresses of your contacts with email addresses of registered users within the Hello Inside community and show you a list of people you may want to follow. However, we do not store this information.

Social Media Information - All information about you that we receive through your interaction with us on social media channels, including, but not limited to: all social media information that is publicly available, such as your social media handles, social media interactions and public posts, “likes” and other reactions, social media connections, photos that are public, or those sent to us by mentioning us or following our social media posts by using “handles” or “hashtags”, and comments or messages you have shared with us publicly or privately on social media platforms.

Device Information - All information related to your (mobile) device that is captured by our apps, including, but not limited to: device EUI, device ID, device fingerprint, IP/WIFI information, operating system, data stored on the device when access is granted, log information when access to the device is granted, installed partner platform apps as well as device type and version.

Browsing Information - All information about your browsing behavior, including, but not limited to: browser name, IP address, clickstream data, date and time of visit, duration on the website, pages visited, links clicked in our marketing messages or on the website, transferred data volume, the referrer URL (if you came to our website via another website or an ad), browser language and version as well as add-ons.

Activity Information - All information related to your metabolic activities that you track or import with our Products, including, but not limited to: activity type (meal, exercise, fasting, mood, sleep), exercise routine (start, end time, duration), glucose value (day, meal etc.), nutrition information, photos and personal notes.

Correspondence - All information you share through correspondence with our customer service representatives and/or other employees and personnel, including all opinions you share with us that indicate your position and comments. This may be the case when you give us feedback and rate our service or products or when you participate in product research and development surveys.

Preference Information - All information that indicates your preference, whether explicit when provided by you, or inferred, including, but not limited to: activity preference, website/brand preference, preferred language, product and product attribute preferences, units (glucose, weight, temperature) and personal goals and motivation (e.g., motivations, etc.).

Personal data we receive from others. These are the personal data we receive from the following third parties:

Registration via Apple, Facebook or Google - When you register a Hello Inside account via social login, we receive the following information from the respective provider:

  • Apple Inc. (1 Apple Park Way Cupertino, CA 95014-0642 USA, “Apple”): First and last name, email address (if granted), gender and date of birth.
  • Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): First and last name, email address, gender, date of birth and profile picture.
  • Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”): First and last name, email address, gender, date of birth and profile picture.

Facebook Friends List - We receive information about your friends on Facebook from Facebook when you explicitly allow us to access it. We use this information to make suggestions about people you may want to follow in the Products, but do not store it.

Partner Platforms - We offer automatic import of your activity information from other platforms with which we have a partnership (“Partner Platforms”). However, we only import personal data from partner platforms if you and the partner have instructed us to connect your Hello Inside account with the respective partner platform.

Apple HealthKit - We offer the ability to synchronize our Products with Apple’s (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; “Apple”) HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch.

In the Health Kit settings, you can decide whether you want to allow our Products to read the personal data listed there and import it into the Products, write personal data collected in our Products to the Health Kit, or both.

Google Fit - We offer the ability to synchronize our Products with Google’s Fit SDK, an open platform that allows users to control their fitness data.

In the Google Fit settings, you can decide whether you want to allow the Products to read personal data listed in Google Fit and import it into the Products, write personal data collected in our Products to Google Fit, or both.

General Information. In general, we collect and use personal data for specific purposes. However, please note that we may also use such personal data for other purposes if we have the right and permission (“Legal Basis”) to do so.

In this section, we provide details on all scenarios and reasons (“Purposes”) where we may collect and otherwise process personal data about you (directly and indirectly). We will provide information on the legal basis of these processing activities, the affected categories of personal data, and categories of third parties with whom we share data for the respective purpose.

Communication. We process personal data to communicate with you regarding the user agreement you have with us. This includes, for example, sending information about changes to our Terms and Conditions or Privacy Policy, sending invoices for paid subscriptions or information about new features of our Products or potentially hiding certain features.

The legal basis for these processing activities is the fulfillment of your contract with us.

The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Correspondence and Preference Information.

For this purpose, we share personal data with processors, in this case with messaging service providers and CRM solution providers.

Providing Our Products. We process your personal data to enable you to have a seamless user experience when using our Products and Product features.

We may collect your personal data for this purpose through the use of technologies such as cookies, pixels and tags to capture your device information. For more information on the cookies we use, the personal data they collect, and how to disable them, please see our Cookie Policy.

The legal basis for these processing activities is the fulfillment of your user agreement with us.

The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Size Information, Profile and Community Information, Device Information, Browsing Information, Activity Information, Correspondence and Preference Information.

For this purpose, we share personal data with other users, other services (if applicable - see “Sharing Personal Data with Other Services” for more information), processors, in this case with cloud solution providers, CRM solution providers, authentication solution providers and payment solution providers, as well as with partners.

Customer Support. We process your personal data to answer your inquiries about your use of our Products and to respond to your questions and concerns via various communication channels that we provide to you, including when you contact us with questions about your privacy rights. Your inquiries to our customer service are analyzed so that we can provide you with valuable service in the future.

The legal basis for these processing activities is our legitimate interest or, in the case of privacy issues, our legal obligation to process, if applicable.

The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Device Information, Browsing Information, Activity Information, Correspondence, Preference Information.

For this purpose, we share personal data with processors, in this case with CRM solution providers and messaging service providers.

Product Research and Development. We conduct analyses and research to improve our products and services. This includes asking you questions in surveys, asking for feedback, or asking you to test our products and give us a rating. We collect this information based on your consent. If possible for the specific project or upon your request, we remove all identity, contact or device information so that the information can no longer be used to identify you and is considered “anonymized”.

  • The legal basis for these processing activities is your explicit consent. You can revoke a given consent at any time.
  • The data categories processed for this purpose depend on the respective project/survey and may include all categories of personal data we process.
  • For this purpose, we share personal data with processors, in this case with research/survey solution providers and CRM solution providers.

Domain and Network Security and User Authentication. To protect our domains, detect unusual activities and prevent security threats and protect our users from unauthorized access (such as hackers), we review all traffic to our Products and authenticate user credentials using tokens to verify the data you provide and compare it with other available information, such as the login data you provided directly to us or to other platforms (such as Facebook), or information available in the public domain to ensure that only “authorized” users have access to our Products.

  • The legal basis for these processing activities is our legitimate interest.
  • The data categories processed for this purpose are Identity Information, Contact Information, Browsing Information and Device Information.
  • For this purpose, we share personal data with processors, in this case with authentication solution providers and data analytics solution providers.

Business Operations Analytics. We need to know how we act as a company. This is in the interest of our shareholders, our board members, our employees and our partners as well as our users. We create data models for various analytical purposes and analyze based on these data models how our Products are sold in different markets, what the popular features of our Products are, what worked in our marketing and advertising campaigns, our product design and our sales strategy, our website design and the overall user experience and what did not, so we can establish, implement and evaluate our business strategy.

This includes, for example, analyzing data to understand how users browse our website and use the apps to improve our user experience design so you continue to use our Products and interact with us on our websites and apps.

We may collect your personal data for this purpose through the use of technologies such as cookies, pixels and tags to capture your device information. For more information on the cookies we use, the personal data they collect, and how to disable them, please see our Cookie Policy.

The legal basis for these processing activities is our legitimate interest.

The data categories processed for this purpose are Identity Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information, Correspondence Information and Preference Information.

For this purpose, we share personal data with processors, in this case with data analytics solution providers and cloud solution providers.

Personalized Marketing Messages via Email / Push Notification. With your explicit consent, we send you marketing messages that you might be interested in (“personalized”) to the email address you provided or via push notifications if you have installed our apps.

We may also send such messages if you purchase our Products and we consider this as an indication of your interest in our Products, services, promotions and various offers.

To send you “personalized” messages, we observe your online behavior and analyze it to best assess what you might be interested in and what you might benefit from. We therefore use various analytical tools to understand what your behavior means in terms of your preferences and dislikes towards our Products, and to understand the impact (success rates) of the messages delivered to you.

We may collect your personal data for this purpose through the use of technologies such as cookies, pixels and tags to capture your device information. For more information on the cookies we use, the personal data they collect, and how to disable them, please see our Cookie Policy.

In addition, we evaluate your behavior when reading such emails using so-called web beacons or tracking pixels.

The legal basis for these processing activities is your explicit consent or our legitimate interest. You can revoke a given consent at any time or object to data processing for this purpose based on our legitimate interest.

The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information, Correspondence Information and Preference Information.

For this purpose, we share personal data with processors, in this case with CRM solution providers and messaging service providers.

Targeted Messages on Third-Party Advertising Platforms. We use third-party solutions to send targeted campaigns and messages on their platforms. Therefore, social media platforms will try to match your profile in their database to determine the optimal time and place (e.g., the page you are browsing). In addition, we analyze information to understand the impact of our campaigns.

  • Please note that you may see ads from Hello Inside on social media or other platforms even if you have not consented to data processing for this purpose. This does not happen because we process and share your personal data, but randomly.
  • We may collect your personal data for this purpose through the use of technologies such as cookies, pixels and tags to capture your device information. For more information on the cookies we use, the personal data they collect, and how to disable them, please see our Cookie Policy.
  • The legal basis for these processing activities is your explicit consent. You can revoke a given consent at any time.
  • The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information and Preference Information.
  • For this purpose, we share personal data with processors, in this case with advertising solution providers and data analytics solution providers.

Cooperation with Law Enforcement and Regulatory Authorities (including Courts). If we are legally obliged to provide your personal data for reasons of national and public security, crime prevention, investigation and prosecution, combating money laundering, judicial proceedings, protecting the rights and freedoms of other persons and enforcing civil claims, we will provide information upon request from authorities or parties as soon as we are convinced that the request is legally required. We may not be able to notify you if this violates the law.

  • The legal basis for these processing activities is our respective legal obligation, the necessity to protect vital interests of persons or the necessity in the public interest.
  • The data categories processed for this purpose depend on the specific request/obligation and may include all categories of personal data we process. However, we will always limit the amount of personal data processed for this purpose to the smallest possible extent.
  • For this purpose, we share personal data with authorities, including courts and with processors, in this case with messaging service providers.

Contractual Disputes and/or Legal Compliance. We must keep evidence in case of a contractual dispute or defend ourselves in case of investigative audits or data protection compliance disputes and complaints, including how we have dealt with your privacy rights. In addition, we may need to process certain information that may contain personal data to comply with legal retention periods.

  • The legal basis for these processing activities is our respective legal obligation or our legitimate interest.
  • The data categories processed for this purpose depend on the specific obligation and situation and may include all categories of personal data we process. However, we will always limit the amount of personal data processed for this purpose to the smallest possible extent.
  • For this purpose, we share personal data with authorities, including courts, our lawyers and tax advisors and processors, in this case cloud solution providers and messaging service providers.

SHARING PERSONAL DATA

General Information. We share your personal data with third parties

  • if this is necessary for the purposes mentioned above,
  • if you have instructed us to do so (e.g., if you connect your account with a partner platform),
  • to exercise or protect the rights and interests of Hello Inside, our users and employees, or
  • if you have (explicitly) consented in advance.

We distinguish between the following categories of third parties with whom we share personal data:

  • other users of our Products,
  • other services,
  • processors,
  • coaching partners (read access via our Coaching Dashboard, with your explicit consent),
  • authorities including courts and
  • lawyers and tax advisors.

Sharing Personal Data with Other Users. The use of certain features of our Products includes sharing personal data with other users. These features would not work without such data sharing, i.e., it is necessary to fulfill our user agreement with you. The use of the following features involves sharing personal data with or making personal data visible to other users:

Leaderboard - If you track a glucose activity, you may be prompted to join a weekly/monthly leaderboard of accumulated glucose readings or peak values within the community. You can disable this at any time in your privacy settings.

Sharing Personal Data with Other Services. We enable you to connect our Products with multiple partner platforms and/or other services and share personal data that you recorded or generated with or in our Products there. Please note that once personal data is transferred to a partner platform or another service, further processing of this data is outside our responsibility and according to the privacy policy of the partner.

Partner Platforms - If you connect your Hello Inside profile with your accounts on partner platforms and decide to import or share personal data from our Products there, this involves transferring your data to the platform upon your explicit instruction by connecting your Hello Inside account with your respective partner platform account.

Social Networks and Messenger Services - If you choose to share activities via a social media platform or messenger service you use on your mobile device, you explicitly instruct us to share the corresponding data with the messaging service you chose.

Sharing Personal Data with Our Service Providers (“Processors”). We share your personal data with processors who assist us in conducting the processing activities required for the purposes of tracking product behavior. Our processors have access to your personal data to a reasonable extent to fulfill their tasks on our behalf and are obliged to protect them and not disclose or use them for other purposes. We use processors of the following categories: advertising solution providers, data analytics solution providers, cloud solution providers, CRM solution providers, messaging service providers, authentication solution providers and research/survey solution providers.

Sharing Personal Data with Authorities and Lawyers and Tax Advisors. We disclose personal data to authorities as well as lawyers and tax advisors when required.

Granting Coaching Partners Access to Personal Data. We cooperate with selected partners who can offer you personalized advice based on your Hello Inside data (“Coaching Partners”). Coaching Partners include, for example, gym chains, nutritionists or health coaches.

How data access works. If you receive an access code from a Coaching Partner and enter it in the Hello Inside app, you can grant us your explicit consent to provide the respective Coaching Partner with read access to certain health-related and personal data in your Hello Inside account via our Coaching Dashboard. Your data never leaves our platform at any time. The Coaching Partner receives read-only access through the Coaching Dashboard and does not receive a separate copy of your data. Access is initiated solely at your request and only after your explicit confirmation.

What data is made accessible. The categories of data that are made accessible to the Coaching Partner via the Coaching Dashboard will be displayed to you in full before you grant your consent. Depending on the partnership, this may include: profile information (name, email address, date of birth), glucose values and daily scores, meal logs, nutrition data and ingredient analysis, health assessments and focus areas, body measurements (height, weight, BMI), activity and event logs, as well as personalized health insights.

Special categories of personal data. Some of this data, in particular glucose values, body measurements and health assessments, constitutes health data within the meaning of Article 9(1) GDPR. The processing of such data and the granting of access is carried out exclusively on the basis of your explicit consent pursuant to Article 9(2)(a) GDPR.

Purpose of data access. Access is granted exclusively for the purpose of personalized advice by the Coaching Partner, for example, to create individual nutrition or exercise recommendations based on your metabolic data.

Controllership and data sovereignty. Roots Health remains the sole controller within the meaning of Article 4(7) GDPR for the processing of your personal data. Since your data never leaves our platform and the Coaching Partner only receives read access via the Coaching Dashboard, Roots Health retains full control over your data. The Coaching Partner is contractually obligated to use the data accessible through the Dashboard exclusively for the purpose of providing advice and not to store or share it elsewhere.

Duration and withdrawal. The Coaching Partner has access to your data via the Coaching Dashboard for as long as data sharing remains active. You can withdraw your consent at any time by deactivating the connection to the respective Coaching Partner in the Hello Inside app under Settings > Data Sharing. From that point onward, the partner’s access to your data via the Coaching Dashboard is immediately revoked.

Legal basis. The legal basis for granting data access is your explicit consent pursuant to Article 6(1)(a) and Article 9(2)(a) GDPR. You may withdraw any consent given at any time with effect for the future.

Data Sale. We do not sell any of your personal data to third parties.

RETENTION OF PERSONAL DATA

Retention Period. To enable you to use our Products, we retain personal data as long as you have an account with us. If certain personal data is no longer needed for the purposes mentioned above, e.g., because certain features of our Products are no longer operated or offered, we will delete or anonymize this data within a reasonable time after the complete expiration of the feature.

If our user agreement with you is terminated and you do not request us to delete your personal data immediately, we will delete it 25 months after termination.

Deletion of Personal Data. If you request the deletion of your account or if we delete it after the period mentioned above, your personal data processed by Hello Inside will be deleted, with the following exceptions:

  • Personal data required to fulfill legal obligations will not be deleted but reduced to the required minimum.
  • Personal data we need to defend against claims, enforce our claims or document our compliance with legal requirements will not be deleted but reduced to the required minimum.
  • Personal data we have collected for analytical purposes or for research will not be deleted but anonymized.

YOUR RIGHTS REGARDING PERSONAL DATA

Exercising Your Rights. To exercise your rights defined in the following sections or in the appendices to the Privacy Policy regarding personal data (“Privacy Rights”), please follow the steps provided for each case. If no specific steps are defined or if you have problems performing the steps or if you have questions, please send a request by email to the Email Address or contact us by mail at our postal address.

Withdrawal of Consent. If you have given your consent to process personal data for a specific purpose, you can withdraw (revoke) it at any time. However, this does not affect the lawfulness of data processing based on consent before withdrawal. Please note that in certain cases we may continue to process your personal data even after your withdrawal of consent if we have another legal basis for doing so.

If you wish to revoke the marketing consent you gave, please proceed as follows:

  • Log in to the Hello Inside app
  • Click on Profile
  • Go to Privacy Settings
  • Uncheck “Stay Informed”.

Please note: Implementation may take a few days. In the meantime, you may still receive some marketing messages from us based on the marketing consent you gave in the past.

Right to Information and Access. You have the right to (i) receive confirmation about whether personal data about you is being processed by us, and if so, (ii) more detailed information about the data and (iii) receive a copy of the data. The more detailed information concerns, among other things, processing purposes, data categories, potential recipients or storage duration and can be found in this Privacy Policy.

If you wish to receive a copy of your processed personal data, please send an email to dataprotection@helloinside.com

Right to Rectification. You have the right to request the rectification of incorrect personal data we process about you. If the personal data we process is not correct, we will rectify it without delay and inform you about this rectification. Please note that (i) you can rectify a large part of your personal data yourself in the settings of our Products and that (ii) it is not technically possible for us to rectify all types of data in our Products.

Right to Erasure. You have the right to have personal data we store about you deleted. If you have requested a copy of your personal data processed by us, your account can only be deleted after completion of the export, as we would otherwise no longer be able to fulfill this request.

Please note that we consider a request to delete your account as termination of our user agreement with you. However, you are free to create a new account at any time thereafter.

Please also note that deletion may take up to a few days.

Right to Restriction of Processing. You have the right to request restriction of processing of your personal data by us in the following cases:

  • the personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
  • you have withdrawn your consent on which the processing is based and there is no other legal basis for processing;
  • you have objected to processing and there are no overriding legitimate grounds for processing;
  • the processing is unlawful;
  • the personal data must be deleted to comply with a legal obligation in the European Union or a member state to which Hello Inside is subject.

Right to Data Portability. You have the right to (i) receive a copy of your data in a structured, commonly used and machine-readable format and (ii) transmit this data without hindrance from us to another controller. To exercise your right to data portability, please send an email to dataprotection@helloinside.com.

Right to Object. You have the right to object at any time to the processing of personal data for which our legitimate interest is the legal basis, including profiling. You also have the right to object to the processing of personal data for direct marketing purposes.

Right to Lodge a Complaint. You have the right to lodge a complaint with your local data protection authority if you believe that our processing of your personal data violates applicable law.

The Austrian Data Protection Authority can be contacted as follows:

Email: dsb@dsb.gv.at Phone: +43 (0) 1 52152 2550 Postal address: Barichgasse 40-42, 1030 Vienna, Austria Web: https://www.dsb.gv.at/kontakt

ADDITIONAL INFORMATION

Security Measures. We are committed to protecting your personal data and employ appropriate technical and organizational security measures to protect it from unauthorized or unlawful processing and from accidental loss, destruction or damage. We require our service providers to do the same through contractual agreements.

These security measures are constantly reviewed to meet the latest technological developments. However, you should be aware that any transmission of your personal data over the Internet is at your own risk. We can only protect your personal data once it reaches our area of responsibility.

Transfer of Personal Data Outside the EU/EEA/CH. We only disclose your personal data to third parties outside the EU, EEA and Switzerland if (i) the third party is located in a country that provides an adequate level of data protection according to Article 45 GDPR, or if (ii) appropriate safeguards exist to protect your personal data and your associated rights.

Do Not Track Signals. Our Products do not recognize or respond to browser-initiated Do Not Track signals. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com.

California Consumer Privacy Act (“CCPA”). Information about your rights as a citizen of the US state of California under CCPA can be found in Appendix 1 - Information for California Residents under the California Consumer Privacy Act (“CCPA”).

CHANGES TO THE PRIVACY POLICY

General Information. We regularly review and update the Privacy Policy to reflect changes resulting from our daily business operations. We will notify you if we make material changes that you need to be informed about.

Last Updated. This Privacy Policy was last amended on March 25, 2026.

APPENDIX 1 - INFORMATION FOR CALIFORNIA RESIDENTS UNDER THE CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)

If you are a California resident, this section applies to you and supplements the Privacy Policy. Please note that when the Privacy Policy refers to personal data, it is personal information under CCPA.

Categories of Personal Information We Process. In the past 12 months, we have collected the categories of personal information listed below.

Identifiers - See the descriptions of Identity Information, Contact Information, Device Information and Location Information in the Privacy Policy for details.

Categories of personal information described in the California Customer Records Statute (California Civil Code Section 1798.80) - See the descriptions of Size Information and Purchase Information in the Privacy Policy for details.

Characteristics of protected classifications under California law, such as gender and age (over 40) - See the description of Identity Information in the Privacy Policy for details.

Commercial information, including records of purchased products or services or purchasing habits - See the description of Purchase Information in the Privacy Policy for details.

Biometric information - See the description of Activity Information in the Privacy Policy for details.

Internet and other similar network activities - See the descriptions of Browsing Information and Device Information in the Privacy Policy for details.

Geolocation data - See the description of location data in the Privacy Policy for details.

Audio and visual information - See the description of Profile and Community Information in the Privacy Policy for details.

Your Rights. Under CCPA, California consumers have the right to request access to the specific personal information we have collected about them in the past 12 months. You can also request additional details about our processing practices, including the categories of personal information we have collected about you, the categories of sources of this collection, the business or commercial purpose of collecting personal information, the categories of third parties with whom we share your personal information, and the categories of personal information we have disclosed about you in the previous 12 months. This corresponds to the right to information and access as listed in the Privacy Policy, and can be enforced accordingly.

You also have the right to request the deletion of your personal information (subject to certain exceptions). This corresponds to the right to erasure as listed in the Privacy Policy and can be enforced accordingly.

In addition, you have the right to opt out of the sale of personal information and receive equal service and equal price and not be discriminated against, even if you exercise one of your CCPA rights.

In addition to the methods described in the Privacy Policy for enforcing privacy rights, California consumers can make their request to enforce their rights under CCPA by calling our toll-free service number.

Toll-free number for CCPA requests for residents of the US state of California: 888 694 6364.

In any case, your request must contain sufficient information that allows us to reasonably verify that you are the person about whom we have collected personal information, which may include your email address, your name and your account ID (which is only required if you already have an account with us).

We will not discriminate against you if you choose to exercise your rights under the CCPA.

The right to opt out of data sale is not enforceable with respect to Hello Inside, as Hello Inside does not sell any user data at all.

Metrics Reporting. We disclose the number of requests for knowledge we receive, which we have complied with in whole or in part, or which we have declined, as well as the number of requests for deletion that we receive, which we have complied with in whole or in part, or which we have declined retrospectively for each year. Please note that Hello Inside does not sell personal information and therefore we do not count “Do not sell my data” requests.

Please note that the rights mentioned are not absolute rights. In individual cases, it is possible that the exercise of these rights conflicts with the rights or obligations of Hello Inside or third parties.

Option to Refuse Consent and the Consequences. If the Privacy Policy indicates that the processing of your personal data for a specific purpose is based on your consent, please note that you are not obliged to give such consent and that you can revoke a given consent at any time. In the event that you do not give a specific consent or revoke a given consent, your personal data will not (continue to) be processed for this purpose.