1. Scope

The controller for the processing of your personal data is epitome GmbH, Commercial Register 489535f, The ICON Vienna, Tower 17, 10th floor Gertrude-Froehlich-Sandner-Strasse 2-4, 1100 Vienna (hereinafter referred to as "epitome" or "we").

• the visit of the epitome website,
• the purchase of epitome products via our webshop under the domain www.epitome.inc, and
• the use of epitome products as well as the registration and use of the associated epitome mobile application (app);

2. What personal data does epitome collect and for what purposes?

Personal data is any information about an identified or identifiable natural person that you provide to us or that arises when you use our products or that is collected by us. Depending on a user's usage patterns, epitome processes the following personal data, either automatically or as submitted by the users.

2.1. Use of the epitome website

When you visit our website, we use necessary cookies to provide you with a service you have requested or where it is necessary for our website to function. If you agree, we will also use optional analytics and marketing cookies. Before we do this, we will ask for your consent in a pop-up window that will store your decision on your device. Cookies allow us to collect and store certain information about website visits (e.g. how many visits our websites receive, which pages are most popular and how many users receive an error message, etc.)

For more details on the individual cookies used, how they are collected and your choices, please see our Cookie Policy.

2.2. Purchasing a product on our website

In the course of ordering an epitome product on our website, you can register and open a customer account. You can also order as a "guest" without creating a customer account. In doing so, we collect the following data:

• Order data: As part of your order, we collect your title, title, first name, last name and contact details (e.g. delivery address, billing address, telephone number, e-mail address, country) as well as your gender and date of birth. When you register a customer account, you will be asked to set a personal password and a unique identification number will be generated. In addition, we collect and store information about the order time and scope, the location of your order, as well as information about the process and content of the order (delivery dates, subscription products, tracking numbers, cancellations, returns, language).
  
  Order data will be used for the purpose of executing the purchase contract, i.e. sending the ordered epitome products to the customer, as well as for managing your account and answering enquiries. If you have expressly provided your consent, also for the purpose of sending you direct marketing.

• E-mail usage data: If you sign up for our newsletter, we process data about when and how you receive our e-mail newsletters and other mailings (e.g. service e-mails) and how you use them.

• Payment Provider: Once you have selected the payment provider, you will be asked to provide your payment details to the selected payment service provider at the time of purchase; however, this data will not be passed on to epitome. Rather, the user is forwarded to the respective third-party provider who makes the payment. This data and the authorisation to accept recurring payments are stored by the respective payment providers for the purpose of order processing, but are not made available to epitome.

2.3. Use of epitome products as well as the registration and use of the associated epitome mobile application (app)

Downloading in and registering in the epitome mobile app is required to activate the device. As part of your registration in the epitome mobile app and the use of the device, the following personal data will be collected:

• App Registration Data In the course of registering in the app, we collect the following data: name, email, telephone numbers, date of account creation, date of birth, country code, time zone, language preference; Username, password, user rights; Data of the customer contract, orders, confirmations, suspensions and cancellations, profile photo or image chosen username, consents or refusal of processing of personal data or direct marketing. The processing serves the purpose of making the app available and fulfilling the contract
• Device data When using our device for the first time, the hardware identification number of the epitome device used is stored (via Bluetooth) to ensure that the device data is only shared with the respective account to which the device has been assigned and to help the customer with any support requests. In addition, the following data is processed, which is generated in the course of using the device: date, time and frequency of tooth brushing, sensor data (brushing mode, position, movement and pressure), battery level as well as type and service life of the brush head.
  
  Device data is processed so that the user can see an evaluation of the tooth brushing process and an overview of historical tooth brushing processes after using the device. Device data is also used to process warranty claims, provide repair and other product maintenance services, and to provide software updates. The legal basis for the processing is your consent to the processing is the fulfilment of the contract or the legitimate interest of epitome based on the customer relationship

• Health Data When using the device, the following health data is collected and processed: automatically taken photos of the teeth to detect biofilm, number of teeth, signs of demineralisation, oxygen saturation, bio-impedance analysis, pulse, temperature in the oral cavity.
  
  We collect this information for the following purposes: To provide the defined services, including direct feedback and advice during cleaning; Sending push notifications or in-app messages in connection with the defined services; Provision of an individual programme with information on omitted passages; Observation of the effectiveness of the brush head as well as reminder of necessary brush head change and reminder to rinse mouth and tongue cleaning. Your health data will be associated with your account.
  
  Before we collect health data (special categories of data), we will ask for your explicit consent.

• Customer relationship data (CRM data) We process customer communication data with you: for example, customer feedback, customer satisfaction survey data, complaints, chat logs and support tickets, as well as recordings of customer service conversations, other messages and other content that you send as part of your communications with us. The purpose of this data processing is to support our customers, as well as to improve, correct errors and adapt our services. In addition, the information will be used by us to respond to you when you contact us. The legal basis for the processing is the performance of the contract as well as epitome's legitimate interest based on the customer relationship.

• Analytics data If you agree to help improve the App, we will collect and process your data through your mobile device and use of the App. For this purpose, we may use the services of different providers who process your app data on our behalf and in accordance with our instructions. Our service providers use cookies to collect your information. Before cookies are used for analysis purposes, we ask for your explicit consent.

3. To whom is personal data transferred?

epitome cannot carry out all the data processing on its own. For the purpose of fulfilling contractual obligations with its users, providing support services, marketing purposes and internal administration, epitome uses the services of trusted third parties. These partners of epitome have taken appropriate technical and organisational measures to ensure the protection of your data.

We use the following third-party subcontractors to provide services on behalf of epitome:

• Logistics In order for us to transport goods to you, we transmit your address and contact details, if necessary, to logistics companies (e.g. postal service, DHL), in particular names, if applicable. company, as well as postal address / parcel station as well as associated address additions. In this context, we may transmit to you. Tracking links or codes. For these purposes, we will provide the logistics companies with information if necessary. also pass on your e-mail addresses so that the logistics company can communicate with you directly, e.g. to coordinate queries about the address, agreement on delivery times, drop-off locations, etc.; this can reduce errors or delays in delivery.

• IT & Cloud Providers These service providers provide us with hardware, software, network, storage and transaction technology or similar technology required for the execution of the App or the delivery of the defined services.

• Analytics & Survey Service Providers These service providers provide the hardware, software, networking and storage technologies, and/or other technologies necessary to conduct app analytics or surveys.

• Providers of marketing communication tools and services who assist us in marketing and promoting our products and services;

Each third-party subcontractor processes personal data only to the extent necessary for the performance of the subcontractor's tasks. Subcontractors are bound by written agreements with epitome regarding the processing of personal data, including conditions regarding confidentiality and data security.

Some of our subcontractors and suppliers process personal data outside the European Union and the European Economic Area (EEA). Unless the European Commission has decided that the level of data protection in the country where the data is processed is acceptable (adequacy decision), epitome will ensure adequate data protection by entering into written agreements with subcontractors in accordance with the Standard Contractual Clauses approved by the European Commission on 4 June 2021 or by other lawful procedures. The Standard Contractual Clauses can be found at: https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en

Your personal data may also be disclosed to other parties if this is necessary to comply with epitome's rights and legal obligations, in connection with legal proceedings, at the request of public authorities or under commercial agreements. Otherwise, personal information will not be shared with other parties without your consent.

4. How long do we keep your data?

5. Your rights to information, correction, blocking or deletion

Every natural person whose personal data we process has the following rights against us (i.e. depending on the respective conditions):

If you have any questions about the processing of your personal data by us, we will be happy to provide you with information about the data stored about you at any time free of charge (Art. 15 GDPR).

• You have the right to have incorrect data corrected and incomplete data completed.
• You have the right to block/restrict the processing or deletion of your personal data that is no longer needed or stored on the basis of legal obligations.
• You have the right to receice the data transferred in a structured, commonly used and machine-readable format, provided that you have provided us with the data on the basis of consent or on the basis of a contract between us and you (Art. 20 GDPR).
• You have the right to object at any time to the processing of your data for direct marketing.
• You have the right to object to processing based on a legitimate interest, in which case we can explain our compelling grounds. We have indicated above if this right exists.
• If you have given your consent to data processing, you can revoke it at any time with effect for the future, i.e. the lawfulness of the data processing up to the time of revocation remains unaffected. Once you have withdrawn your consent, you may not be able to continue using our services.
• Please contact us with your request in writing (subject: data protection) or by e-mail using the contact details below. We reserve the right to verify your identity so that your personal data does not become known to unauthorised persons.

In addition, you have the right to contact the competent data protection authority in your country as the competent supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42 1030 Vienna dsb@dsb.gv.at

6. Contact Data Protection Officer

Data Protection Officer
epitome GmbH
The ICON Vienna, Turm 17, 10.
Stock Gertrude-Froehlich-Sandner-Strasse 2-4,
1100 Wien
E-Mail: datenschutz@epitome.inc

7. We protect your personal data