General Privacy Policy

Effective date: 01.12.2025

This Privacy Policy describes how Seerlinq s.r.o., including its activities related to the Seerlinq HF mobile application and the website https://seerlinq.com, collects, uses and discloses data, and what your rights are in relation to that data. When we refer to "Seerlinq" or "we", we mean Seerlinq s.r.o., with its registered seat at:

Seerlinq s.r.o.
Pekárska 160/14
917 01 Trnava
Slovak Republic
IČO: 55102239
DIČ: 2121871741
IČ DPH: SK2121871741 (registrácia podľa §4 od 14.4.2023)

Applicability

This Privacy Policy applies to Seerlinq’s services, including:

• The Seerlinq HF mobile application
• The Seerlinq web experience at seerlinq.com
• Other interactions you might have with Seerlinq (e.g., email inquiries, support requests, events, demos)

Collectively, we refer to these as the "Services". If you do not agree with the terms of this Privacy Policy, please do not access or use the Services or any other aspect of Seerlinq’s business.

This Privacy Policy does not apply to any third-party applications, software or services that may interact with our Services, nor to any other third-party products, services or businesses which have their own privacy policies.

Legal Framework and Definitions

To the extent any information we process is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as "Personal Data".

This Privacy Policy applies to all data subjects who fall under the jurisdiction of the Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”). Seerlinq currently does not operate under U.S. healthcare privacy laws such as HIPAA and does not target the U.S. market.

Under GDPR, Seerlinq acts primarily as a data controller, meaning we determine the purposes and means of processing your Personal Data. Certain technical functions (e.g. hosting on Amazon Web Services in the EU) are operated by third-party processors acting on our documented instructions.

Health Information

Within the Services, users (typically patients or healthcare professionals) collect and submit health-related data. In particular, the Seerlinq HF app may:

• Record photoplethysmography (PPG) signals via a pulse oximeter or compatible device
• Store symptom information and other health-related questionnaire responses
• Associate these data with identifiable patient information (e.g., name, date of birth, sex, diagnosis)

Our algorithms analyze these data to estimate cardiac filling pressures and related indices (such as Diastolic Reserve Index, DRI) and present information that may support clinical decision-making. Because this involves health information, it is considered a special category of Personal Data under Article 9 GDPR.

We process such data only:

• With the patient’s explicit consent, or
• Where appropriate, in the context of providing healthcare or medical device services, in accordance with Article 9(2)(h) GDPR and applicable local health laws.

How We Use Personal Data

Personal Data will be used by Seerlinq in accordance with this Privacy Policy, the applicable terms of use for the Seerlinq HF app and website, and as required by applicable law.

We use Personal Data for our legitimate interests in operating and improving the Services and our overall business, including:

• Providing and maintaining the Seerlinq HF app and website
• Enabling analysis of PPG and related health data using our algorithms
• Improving clinical insights, usability, and reliability of our technology
• Ensuring information security, fraud prevention and misuse detection
• Meeting regulatory obligations under EU MDR 2017/745 and other applicable laws

If Personal Data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable individual, Seerlinq may use it for research, statistics, and other lawful business purposes.

Processing of Personal Data

Below we describe the main categories of processing activities, including roles, legal bases, data subjects, and retention periods.

1. Account and Registration Information

To create or update an account in the Seerlinq HF app or to interact with certain parts of our website, you provide us with:

• Name and contact details (e.g., email address, phone number)
• Login credentials (e.g., username, password)

Roles: Seerlinq acts as a controller.

Legal basis: The processing is necessary for performance of a contract (Article 6(1)(b) GDPR) and for our legitimate interest (Article 6(1)(f) GDPR) in providing secure Services and preventing misuse.

Data subjects: Users of the Seerlinq HF app and website.

Retention period: Until the user account is deleted, plus any period required by law (e.g. for accounting, tax or regulatory documentation), or until statute of limitations on related legal claims expires.

2. Operation of the Services (Health Data and Algorithmic Analysis)

During operation of the Seerlinq HF app, we process Personal Data including:

• PPG recordings and related sensor data
• Health details (e.g., diagnosis, symptoms, certain clinical parameters)
• Derived metrics such as DRI or estimated cardiac filling pressures
• Time stamps and metadata related to the measurement session

Our algorithms analyze these data to generate outputs (such as risk indicators or trends) that may be used by patients and/or their healthcare providers.

Roles: Seerlinq acts as a controller of these data.

Legal basis:

• Explicit consent of the data subject (Article 6(1)(a) and Article 9(2)(a) GDPR), and/or
• Provision of health-related services and medical device functionality (Article 6(1)(b) and Article 9(2)(h) GDPR), as allowed by applicable law.

Data subjects: Individuals who use the Seerlinq HF app, including patients.

Retention period: Health-related data are generally retained for at least 10 years, in line with medical device regulatory requirements (e.g., EU MDR) and local law, unless a longer retention period is legally required.

3. Technical Usage Information

To enhance the efficiency, security and reliability of the Services, Seerlinq may process:

• Usage information: how often the app or website is accessed, features used, interaction flows, etc.
• Services metadata: logs and metadata generated during use of the Services.
• Log data: IP address, URL visited before accessing the Services, browser type and settings, date and time of access, language preferences and cookie data.
• Device information: device type, operating system and version, app version, unique device identifiers, crash logs.

Roles: Seerlinq acts as a controller.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) in ensuring security, performance, and improvement of the Services.

Data subjects: Users of the Seerlinq HF app and visitors of the website.

Retention period: Typically until the user account is deleted or for up to 12 months for logs and analytics, or longer if required for legal or security reasons.

4. Location Information

We may process approximate location information to optimize service performance (e.g., routing to the closest server region) based on:

• IP address
• Device or system settings (if enabled by you)

Roles: Seerlinq acts as a controller.

Legal basis: Your consent (Article 6(1)(a) GDPR) when location features are enabled, and legitimate interest (Article 6(1)(f) GDPR) for security and service optimization.

Data subjects: Users of the Services.

Retention period: As long as necessary for the described purposes and in line with the retention of technical logs, unless longer retention is required for legal reasons.

5. Cookie Information

Seerlinq uses cookies and similar technologies on the website to help us collect certain information and to provide functionality, analytics, and security. Third-party cookies may also be used where we rely on external analytics or embedded services.

Roles: Seerlinq acts as a controller of cookie-related Personal Data.

Legal basis: Your consent (Article 6(1)(a) GDPR) for non-essential cookies, and our legitimate interest (Article 6(1)(f) GDPR) and/or necessity for performance of a contract (Article 6(1)(b) GDPR) for strictly necessary cookies essential to the functioning of the site or app.

Data subjects: Visitors of the website and users of the Services.

For further information on how and what type of cookies we use, please refer to our separate Cookie Policy.

6. Research and Technology Improvement

We may use de-identified or anonymized health data and related information to improve and validate our algorithms and technologies. This may include PPG traces, derived metrics, and demographic attributes such as age and sex, provided they no longer allow us to identify individuals.

Roles: Seerlinq acts as a controller for these de-identified data.

Legal basis: Our legitimate interest in research and development (Article 6(1)(f) GDPR) and, where applicable, Article 9(2)(j) GDPR for scientific research and development of artificial intelligence models.

Data subjects: Individuals whose data were originally collected in identifiable form and subsequently de-identified.

Retention period: De-identified data may be kept as long as needed to achieve the research and development purposes, as long as it is not possible to re-identify individuals.

7. Medical Device Vigilance and Regulatory Compliance

As a manufacturer of a medical device under EU MDR, we may process data for vigilance purposes, such as:

• Investigating suspected incidents or safety issues
• Reporting to regulators and authorities where required
• Preventing recurrence of adverse events

Roles: Seerlinq acts as a controller.

Legal basis: Compliance with a legal obligation (Article 6(1)(c) GDPR) under EU MDR 2017/745, and legitimate interest (Article 6(1)(f) GDPR) in ensuring safety.

Data subjects: Users and patients whose data are relevant to the vigilance case.

Retention period: For the period required by law, typically 10 years or as mandated by applicable medical device and healthcare regulations.

8. Communication With You

We may contact you for various purposes:

• Responding to your requests, comments and questions
• Sending service-related messages, including security notices or updates
• Notifying you about changes in our Services or our terms
• Sending optional promotional communications or newsletters (subject to your consent where required)

Roles: Seerlinq acts as a controller.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and legitimate interest (Article 6(1)(f) GDPR) in maintaining customer relationships for service-related communications; consent (Article 6(1)(a) GDPR) for marketing communications where required by law.

Retention period: As long as the account is active or for the duration necessary to handle your request. Marketing-related data are kept until you withdraw your consent or object to such processing, and for any additional period required by legal obligations.

9. Third-Party Services and Third-Party Data

Seerlinq uses Amazon Web Services (AWS) as its main cloud infrastructure provider, hosting data in the European Union. AWS acts as our data processor according to GDPR, processing Personal Data only on our documented instructions and under strict security and confidentiality obligations.

If in the future the Services allow integration with other third-party tools (for example, device manufacturers or healthcare IT systems), these third parties will be responsible for their own processing as controllers, and their privacy policies will govern those activities.

Roles: Seerlinq is the controller; AWS and any similar providers act as processors.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and legitimate interest (Article 6(1)(f) GDPR) in using reliable technical infrastructure.

Data Retention

Seerlinq will retain Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by applicable law. In general:

• Health and medical device-related data: retained for at least 10 years or as required by EU MDR and local regulations.
• Account and profile data: retained for the active duration of the account and for a reasonable period thereafter, for legal, accounting or regulatory purposes.
• Logs and website analytics data: typically retained for up to 12 months, unless longer retention is necessary for security or legal reasons.

We may retain certain Personal Data after account deactivation where necessary to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes and enforce agreements.

How We Share and Disclose Information

Seerlinq may share Personal Data as follows:

• Service Provision: With AWS as our cloud provider, acting under a data processing agreement.
• Legal and Regulatory: With regulators, supervisory authorities or courts where required by law or to defend our legal rights.
• Corporate Transactions: In connection with a merger, acquisition, or similar corporate event, subject to confidentiality obligations.
• Aggregated or De-identified Data: We may use or disclose aggregated or de-identified data for research or business purposes, provided individuals are not identifiable.
• With Your Consent: We may share data with third parties when you have given explicit consent.

We do not sell your Personal Data.

Security

Seerlinq takes the security of Personal Data very seriously. We implement appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, loss, misuse, alteration or destruction. These measures take into account the sensitivity of the Personal Data and the current state of technology.

Age Limitations

Seerlinq does not allow use of the Seerlinq HF app by anyone younger than 18 years old. If you become aware that a minor has provided us with Personal Data, please contact us and we will take appropriate steps to delete such information.

Changes to This Privacy Policy

Seerlinq may change this Privacy Policy from time to time to reflect legal, technical or business developments. We will post the updated version on this page and update the “Effective date”. We encourage you to review this Privacy Policy periodically to stay informed.

Contacting Seerlinq

If you have any questions about this Privacy Policy, our privacy practices, or if you want to exercise any of your statutory rights, you may contact us at:

Seerlinq s.r.o.
Pekárska 160/14
917 01 Trnava
Slovak Republic
Email: privacy@seerlinq.com

Rights Applicable Under GDPR

If you are located within the EU/EEA, you may have the following rights under GDPR:

• Right of access: Request access to your Personal Data and obtain a copy.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your Personal Data in specific cases.
• Right to restriction: Request restriction of processing in specific circumstances.
• Right to object: Object to processing based on legitimate interests, including profiling, and to processing for direct marketing.
• Right to data portability: Receive your Personal Data in a structured, commonly used and machine-readable format and/or request transfer to another controller.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise these rights, please contact us at privacy@seerlinq.com. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with a data protection authority. In particular, you may contact:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava 27
Slovak Republic
Email: statny.dozor@pdp.gov.sk