PRIVACY POLICY FOR SIBIONICS COMPANION APP 

Effective Date: April 30, 2026

Your privacy is important to us. We respect your privacy when handling your personal information.

This Privacy Policy for SIBIONICS COMPANION APP (“Privacy Policy ”) describes the types of personal information SIBIONICS Gmbh, and its affiliates or subsidiaries (referred to as “Sibionics” or “we” or “us”), collect about you and others, what we do with it, how we disclose it and your rights and obligations when you use our products and services related to the Sibionics Continuous Glucose Monitoring System glucose data sharing mobile application, Companion (“ COMPANION APP ”).

Your use of the COMPANION APP is subject to this Privacy Policy and the End User License Agreement and Terms of Use. This Privacy Policy does not apply to personal information collected from you for other Sibionics products and services, or to any other third-party websites, services and plug-ins linked in the COMPANION APP. 

Please read this Privacy Policy carefully before using COMPANION APP or submitting your personal information to us. 

 

Topics:  

 

·          What is "personal information"?  

·          What types of personal information do we collect?   How do we collect your personal information?

·          Do we collect "sensitive" personal information?  

·          How will we use your personal information? 

·          Do we share personal information with third parties?  

·          What rights do you have about your personal information?  

·          How do we store your personal information?  

·          How do we ensure security of your personal information?  

·         Your obligations towards the personal information of others

·         How do we protect personal information of minors? 

·         Changes to our Privacy Policy

·          Language versions of the Privacy Policy

·          How to contact us?  

What is "personal information"?  

"Personal information" means any information that identifies you or could reasonably be used to identify you when that information is combined with other data.

What types of personal information do we collect?   How do we collect such personal information?

 

·          Information that you provide to us :

Personal information you may provide to us while using the COMPANION APP

 

To create an account and complete the log-in process, you need to provide your name, email address, verification code, password, country, selected glucose unit (based on your country/region) and your date of birth. To better personalise the interface, you may also optionally upload your profile photo and choose your identity. 

 

Personal information that may be shared with you via the COMPANION APP

 

If the users of SIBIONICS GS1, GS3, GS1 ECO and other Sibionics CGM products and services in the future (collectively, “CGM Users”) enable the sharing functionality on their end and you accept an email invitation from such CGM Users to receive their data, you will be provided with the CGM Users’ personal information collected via their accounts on the CGM App, which may include their [name, status of following, device information, data on their glucose values, ambulatory glucose profile reports, etc].

 

·          Information we collect automatically about you : To maintain the security and operation of the COMPANION APP services, and for our internal analytics and reporting purposes, we may automatically collect certain information from you when you use our Website and APP. This information does not reveal your specific identity but may include your browser type and internet service provider. When you use our APP, we automatically collect and store information in service logs. This includes your device model, Mac address, wifi address, device IDs, operating system, software version, device status, network conditions, logs, IP address and location. We may also collect information about your interaction with the COMPANION APP services, such as details relating to your account registration and log-in records to our APP, or details on your use or interaction with services on the APP. Please note these data are necessary for the provision of the COMPANION APP services.

To simplify access and support consistent service experiences, we may provide a unified account system across our APPs in the future, including Companion APP and other Apps operated by us. This means that a single set of login credentials can be used to access both APPs. Please note that only limited account information — specifically your email address and name — may be managed within a shared backend infrastructure. We do not cross-access, aggregate, or use your health data across APPs without a clear and lawful purpose, and only with your prior consent where applicable.

·          Information we receive from third parties: In order to provide you with the COMPANION APP services, we may also obtain information about you from affiliated companies, business partners and other third parties, with your prior consent or where they are otherwise legally permitted or required to disclose your personal information to us.

·          Device functionality:

To enable real-time alerts and alarms (such as hypoglycemia warnings), the App may use your device’s notification functionality. These notifications are essential to provide safety-critical features of the Sibionics system.

To support optional features such as uploading a profile photo, the App may request access to your device’s camera or photo gallery. You may choose to grant or deny this access at any time via your device settings.

You may choose not to provide us with certain information, but please take note that you may not be able to use the COMPANION APP services (in full or in part) if you do not provide certain information.

In order to protect your privacy, you should not provide Sibionics with any information that is not specifically requested or required for the purposes of or in relation to the COMPANION APP services. 

 

 

Do we collect "sensitive" personal information?  

Certain personal information processed by COMPANION APP qualifies as a “special category of personal data” or "sensitive" under data privacy laws in certain jurisdictions, such as glucose values and ambulatory glucose profile reports. Sibionics shall adopt additional measures as required by local law for the processing of such sensitive personal information. 

How will we use your personal information?  

Your personal information may be collected, stored, processed or otherwise used by us for the following purposes:

·          to deliver our COMPANION APP service to you;

·          to manage our products and services and your use of our products and services, specifically the COMPANION APP services (including to provide the glucose curve and monitoring and/or provide you with analytical information such as ambulatory glucose profile report about the CGM Users’ health performance that you follow through the use of our APP with their authorisation );

·          to provide software updates, maintenance services and support for our products and services, specifically the COMPANION APP;

·          to facilitate your COMPANION APP account registration, log-in process and manage your COMPANION APP account;

·          to contact you in relation to our products and services, specifically the COMPANION APP. For example, where our products and services have changed, if there are any issues or problems with such products and services, or to request for your feedback in relation to the COMPANION APP;

·         to protect against and prevent fraud, and other legal or information security risks;

·          to keep our products and services secure , adaptable and usable , and prevent crime and fraud;

·          to consider any complaints or questions that you raise;

·          to improve or personalise our products and services or develop new ones;

·          to conduct market research in relation to our products and services;

·          to facilitate internal purposes such as auditing, data analysis, and research to improve our products, services, user experience and customer communications;

·          to comply with our legal and regulatory obligations under all relevant laws and to exercise or defend our legal rights; and

·          to send you marketing communications or information about our products and services, to help make that information more relevant to you, to invite you to participate in surveys about our products and services, or to notify you about special promotions. We may require your consent for some of this marketing activity. In such cases where consent is required, we will only conduct the marketing activity if we have obtained your consent. If you have agreed to receive marketing materials, you may always opt out at a later date. You have the right at any time to stop us from contacting you for marketing purposes or sharing your data with other members of the Sibionics group of companies for marketing purposes. You can opt out of such email/text subscription at any time via the unsubscribe link contained at the end of the emails/text or by sending an e-mail to privacy@sibionics.com.

We are allowed to process your personal information because one or more of the following apply:

·          the processing is necessary so that we can provide you with our products and services, including the COMPANION APP services;

·          there are legal and regulatory obligations that we have to discharge;

·          we may need to use your personal information in order to establish, exercise or defend our legal rights or for the purposes of legal proceedings;

·          the use of your personal information as described is necessary for our legitimate business interests, such as:

o    conducting market research in relation to our products and services, whereby legally permissible;

o    improving the products and services that we provide;

o    making our communications or the content that we provide to you more relevant to you;

o    minimising our risks, for example, in relation to credit or fraud; and

o    developing our training process and systems;

·       you have given your consent to certain types of processing, for instance to receive marketing messages from us or from third parties.

Do we share personal information with third parties?  

We respect your privacy and are committed to protecting your personal information . We may disclose your personal information within the Sibionics group in one or more of the circumstances described below:

• to help us provide our products and services;
• where we market products and services provided by different Sibionics companies; and
• for the purposes for which we have collected your personal information or a directly related purpose.

For the data sharing mentioned above, we take steps to ensure that the personal information is accessed only by employees of such affiliates that have a need to do so for the purposes described in this Privacy Policy.

We may share your personal information outside of the Sibionics group in the following manner:

 

·          We may share your personal information with third parties with whom Sibionics jointly markets a product or service or jointly conducts a programme or activity. It is Sibionics' practice to notify you if you are registering for a programme which is conducted in conjunction with another company that may require access to your personal information. 

 

·          We may share your personal information with third party vendors, agents or contractors with whom Sibionics contracts to carry out business activities for Sibionics. If Sibionics provides your personal information to such party to assist us with our business activities, it is Sibionics's practice to require those third parties to keep your personal information confidential and to use your personal information only for the purposes of performing functions for Sibionics. 

 

·          In the event that we sell any of our business or assets, we may disclose your personal information to the prospective buyer for due diligence purposes and on completion of the sale.

 

·          Your personal information may be made available to specific third party(ies) for the management of your professional account or for any other purposes you have consented to or where you have given us instructions to do the same (including the sharing of your name, email address and practising institution to the account administrator of your practising institution or to the CGM Users if you choose to accept their invitation to share data).

·          We may share your personal information with third parties for the purposes of detecting, preventing, or otherwise addressing fraud, security or technical issues, protecting against harm to the rights, property or safety of our users or the public.

 

·          We may share your personal information to professional service providers such as our lawyers and auditors.

 

·          We reserve the right to disclose your personal information to respond to authorized information requests from government authorities, to address national security situations, or as otherwise required by law. 

 

As a result of the data sharing to our affiliates based in China and third parties, your personal information may be transferred to locations outside of the locations in which you reside (such as locations outside the UK, Switzerland or the EEA). Where we transfer your personal information outside such regions, we implement appropriate technical and organisational measures to ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance, for data transferring outside of the UK, Switzerland and the EEA:

• the country to which we send the personal information may be approved by the European Commission;
• the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information; or
• we may have implemented other appropriate safeguards or can rely on derogations in accordance with applicable data protection laws, including the GDPR.

In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

You can obtain more details of the protection given to your personal information when it is transferred outside the UK or the EU/EEA (including a sample copy of the model contractual clauses) by contacting us using the details set out below.

We do not sell or otherwise disclose your personal information to third parties for our commercial benefit. 

What rights do you have about your personal information?  

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following: 

 

·          The right to access – You have the right to obtain confirmation that we process personal information about you and to request us for a copy of your personal information.

 

·          The right to withdraw consent – You may withdraw your consent to our processing of your personal information at any time. Please note, however, that we may still be entitled to process your information if we have another lawful ground (other than consent) to do so.

 

·          The right to restrict processing – You may request that we restrict our processing of your personal information in certain circumstances. Please note that some of our services can only be provided to you if you provide us with the relevant personal information. 

 

·          The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete. 

 

·          The right to erasure – You may request that we erase your personal information, under certain conditions. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled or obliged to retain it. 

 

·          The right to object to processing – You have the right to object to our processing of your personal information, under certain conditions. However we may still be legally entitled or obliged to continue processing your personal information or deny your request.

 

·          The right to data portability – You have the right to request to receive your personal information that you have provided to us in a structured, commonly used and machine readable format and/or request that we transmit this information to another organisation where this is technically feasible, under certain conditions.

 

You can exercise your rights by contacting us by way of the means as set out below under the section “How to contact us?”. If you make any such request, we will usually respond to you within one month.

 

We endeavour to resolve any privacy concerns you may have together with you. Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may lodge a complaint with a supervisory authority. Contact details for all European Union supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en .

 

How do we store your personal information?  

We securely store your data on Amazon Web Service, which is based in Germany.

 

We will retain your personal information only for as long as is necessary for the purposes as set out in this Privacy Policy according to applicable laws, or any longer retention period required by law. We will delete or destroy personal data immediately upon the expiration of your data retention period.

How do we ensure security of your personal information?  

It is our practice to ensure security of the COMPANION APP where we collect your personal information; however, please understand that there cannot be 100% security guaranteed over personal information transmitted over the Internet. We urge you to exercise caution when transmitting personal information to us over the Internet, especially personal information related to your health. We cannot guarantee that unauthorized third parties will not gain access to your personal information; therefore, when providing personal information to Sibionics and under the COMPANION APP, you must weigh both the benefits and the risks. However, if we learn of any data or security system breach, we will act in accordance with applicable laws.

The COMPANION APP may contain links to other websites. This Privacy Policy applies only to the COMPANION APP, so if you click on any link(s) to other website(s), you should read their privacy policy and carefully consider their data practices before providing your personal information. The COMPANION APP will display a warning whenever you visit a linked website on the COMPANION APP that is not controlled by Sibionics or subject to this Privacy Policy.

Your obligations towards the personal information of others

 

During your use of the COMPANION APP, you may receive personal information of others including the CGM User who have agreed to share their data with you. It is your obligation to safeguard such personal information of others in your possession, and only process such personal information in a manner and for purposes consistent with the intended use of COMPANION APP. You must not use such personal information for any other purpose or further share it with any third party without the explicit consent from the concerned individuals, which is your own obligation to obtain. You are at your own risks and liabilities if you breach such obligations, and Sibionics shall in no way be responsible or liable for your actions.

 

How do we protect personal information of minors?

We attach great importance to the protection of personal information of minors. Without verifiable consent from the legal guardian, we will not collect, process, or use the information of known minors (we define “minors” as younger than 18 or a higher age threshold if required by the laws of your country or region). The legal guardian can request to view the information provided by their child and request its deletion.

If you are a parent and become aware that your child has provided us with information, please contact us using the method specified below, and we will work with you to address this issue.

Changes to our Privacy Policy  

It is important that you check back often for updates to this Privacy Policy. The latest version of the Privacy Policy will always be made available on the APP (under the “Profile” tab > “Settings” tab > “Legal documents” > “Privacy Policy”). Without prejudice to your rights under applicable law, we reserve the right to amend this Privacy Policy without prior notice to reflect changes in how we collect and use your personal information based on technological advancements, legal and regulatory changes and good business practices. 

When there are changes to our privacy practices, we will reflect such changes in this Privacy Policy and update the effective date above. We will notify you about changes by way of push notification, pop-up notice or other means accordingly to applicable local laws.  

Language versions of the Privacy Policy

If Sibionics has posted or provided a translation of the English language version of this Privacy Policy, the translation is provided for convenience only. If there is any conflict between the English version and another language version of this Privacy Policy, the English version shall prevail.

How to contact us?  

If you have any questions about this Privacy Policy, the data we hold about you, if you would like to delete, amend or correct your personal information or would otherwise like to reach out, please do not hesitate to contact us. 

 

·          Email us at: support@sibionics.com    

·          Contact information of the Data Protection Officer: privacy@sibionics.com