Privacy Policy

Last Updated: January 2025

At Norcemic Inc., we prioritize the protection of your privacy and personal information. This Privacy Policy outlines our commitment to safeguarding your data and explains in detail how we collect, use, and protect your information when you use our SmartCemic device, mobile application, and related services. As we handle sensitive health information and provide critical healthcare technology, we maintain the highest standards of data protection and comply fully with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Norcemic Inc. acts as the data controller for all personal information collected through our services. Our dedicated Data Protection Officer oversees all aspects of data privacy and protection. You can reach our privacy team at [contact information], where we are ready to address any questions or concerns about your personal data.

Our collection of personal information is integral to providing you with effective diabetes management solutions. When you use our SmartCemic device and application, we gather various types of information to ensure accurate and personalized service delivery. This includes your name, contact details, and account information that you directly provide to us when creating and maintaining your account. More importantly, we collect health-related data through our SmartCemic device, including glucose measurements, treatment patterns, and other relevant health metrics that help us provide you with accurate monitoring and insights.

The SmartCemic application may also automatically collect technical information about your device usage, including device identifiers, IP addresses, and usage patterns. This technical data helps us optimize your experience and ensure the reliable operation of our services. Location data may be collected with your explicit consent to provide location-specific features and emergency services when necessary.

Our processing of your personal data is governed by strict legal frameworks. For general personal data, we rely on several legal bases as defined by the GDPR. When you enter into a service agreement with us, we process data necessary for fulfilling our contractual obligations. We also process data to comply with legal requirements applicable to medical device manufacturers and healthcare service providers. In some cases, we process data based on our legitimate interests in improving and securing our services, always ensuring that these interests are balanced against your privacy rights.

The processing of health-related data, which falls under special categories of personal data, is conducted primarily under the legal basis of providing healthcare services and medical diagnosis. We maintain specific safeguards and compliance measures for handling this sensitive information, ensuring it receives the highest level of protection.

Your personal data serves several essential purposes in our service delivery. The primary purpose is to provide you with accurate, reliable glucose monitoring and diabetes management tools. We analyze your health data to generate insights and alerts that help you manage your condition more effectively. This includes processing your glucose measurements, tracking patterns, and generating personalized health recommendations through our AI-powered system.

We also use your data to continually improve our services, develop new features, and ensure the security and reliability of our platform. This includes analyzing usage patterns, conducting research and development (using anonymized data), and maintaining the technical infrastructure that supports our services. Any communication we send you, including important service updates and optional marketing messages, is based on your explicit preferences and consent.

In providing our services, we sometimes need to share your data with carefully selected third parties. These sharing arrangements are governed by strict data processing agreements that ensure your information remains protected. Our service providers, including cloud storage providers and payment processors, are bound by contractual obligations to maintain the confidentiality and security of your data.

When we share data with healthcare providers, we do so only with your explicit consent or when necessary for your medical care. In certain situations, we may need to share data to comply with legal requirements or protect our legal rights. These disclosures are always made in accordance with applicable laws and with appropriate safeguards in place.

Given the global nature of our operations, your data may sometimes be transferred to countries outside the European Economic Area (EEA). We ensure these transfers comply with GDPR requirements by implementing appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally approved transfer mechanisms. Our data transfer agreements ensure that your data receives the same level of protection regardless of location.

We maintain clear policies regarding how long we keep your data. Account information is retained for the duration of your relationship with us plus an additional period as required by law. Health data is retained in accordance with medical regulations and best practices for healthcare records. We regularly review our retention periods and securely delete data that is no longer needed.

Our security measures include state-of-the-art encryption for data both at rest and in transit, strict access controls, regular security assessments, and comprehensive staff training. We maintain incident response procedures and regularly update our security protocols to address emerging threats.

As a user of our services, you have extensive rights regarding your personal data. These include the right to access your data, correct any inaccuracies, request deletion, restrict processing, and transfer your data to other services. You can also object to certain types of processing and withdraw any consent you have previously given. We make exercising these rights straightforward through our dedicated privacy portal and responsive support team.

For marketing communications, you have complete control over what you receive. We only send marketing messages with your explicit consent, and you can withdraw this consent at any time through our application settings or by contacting our support team.

Our services are designed for adult users managing diabetes. We do not knowingly collect or process data from children under 16 years of age without verified parental consent. If we discover we have inadvertently collected data from a child without appropriate consent, we will take immediate steps to delete this information.

Our Privacy Policy may be updated periodically to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you through email, application notifications, or website announcements. We encourage you to review this policy regularly to stay informed about how we protect your data.

We maintain open channels for all privacy-related inquiries and concerns. Our Data Protection Officer and privacy team can be reached at admin@norcemic.com for any questions about this policy or our privacy practices. If you believe your privacy rights have not been adequately addressed, you have the right to file a complaint with your local data protection authority.

This Privacy Policy represents our commitment to protecting your privacy while providing innovative healthcare solutions. By using our services, you acknowledge and agree to the practices described in this policy. We remain dedicated to maintaining your trust through transparent privacy practices and robust data protection measures.

Last Updated: January 22nd, 2025.