Tomo Sphere - Privacy Notice

Introduction

Last updated: May 8, 2024

In this Privacy Notice, we refer to Essence Future Living (2010) LTD as "we" or "us" or "our", and we refer to you as "you" or "your". 

We are the data controller (sometimes referred to as the “business”) for the data practices explained in this Privacy Notice. 

We comply with applicable data privacy and protection law. This means that when we process personal information for any purpose we must ensure it is:

Used lawfully, fairly and in a transparent manner

Collected only for valid purposes that have been clearly explained and not used in any way that is incompatible with those purposes

Relevant to the purposes we have told you about and limited only to those purposes

Accurate and kept up-to-date

Kept only as long as necessary for the purposes we have informed you about

Kept securely

How We Collect Information, for What Purposes and Our Legal Basis for It

This Privacy Notice covers our policies and procedures regarding the collection, use and disclosure of information we process when you download, install or use an application of Essence Future Living Platform (“Relevant Services”):

Our purpose and legal basis for processing your data is the contract (EULA and Terms of Service) between us and you for the provision of the Relevant Services to you. Our purpose and legal basis for processing analytics data is our legitimate interests in managing, developing, and improving the Relevant Services.

We need the information that we collect from you to provide you with the Relevant Services. Our services cannot be provided properly without this data, but you are not legally obligated to provide us your information.

The Personal Information We Collect

In the course of using the Relevant Services, we collect personal information (“Personal Information”).

The categories of Personal Information we collect depend on the particular type of Relevant Services you use. It can include, your name, gender, geolocation, contact details, login credentials for our services, solution configuration, sleep habits and issues, general body feelings, well-being issues.

We also process statistical analytics information about your use of the Relevant Services, such as general de-identified version of issues and symptoms before and after use of our solution.

We do not knowingly collect personal information from children under the age of 18.

Third Parties Receiving Information and International Transfers

Some of our services rely on third parties with whom we share some user information for the purpose of providing and maintaining these services to our users.

These third parties include service providers that are authorized to use your personal information only as necessary to provide these services to us and our users, and not for their own promotional purposes. A list of these service providers is available at this link.

We do not rent or sell your information to any third party.

Any transfer of data outside your region to any third party service provider is done only to countries with adequate data protection, or with appropriate contractual safeguards, as defined by relevant regulations.

We will disclose any information obtained by us if required by law or by any governmental authority (our legal basis for this disclosure is our legitimate interests in compliance with governmental authorities); in case of emergency (our legal basis for this disclosure is the protection of the vital interests of the data subject or another natural person); or to a successor entity in connection with a merger, acquisition, bankruptcy or sale of all or substantially all of our assets (our legal basis for this disclosure is our legitimate interests in our business continuity). Retention Period

We will retain your personal information for as long as you use the Relevant Service, and for a period afterward, as dictated by a reasonable backup policy and any relevant regulations.

Additional information under state privacy laws in the United States

In accordance with state privacy laws in the U.S., below is a detailed description of the information we collect from users to our commercial purposes for which we use each category of personal information. This is also the information we have collected in the past 12 months.

Categories of personal information and source from which the information is collected	Specific Types of Personal Information Collected	Business or commercial purposes	Specific purposes
Identifiers such as a real name, contact details, gender, login credentials – collected directly from you. Login credentials are sensitive information.	As described above in the “Personal Information We Collect” section.	Undertaking activities to verify or maintain the quality of the Service and to improve, upgrade or enhance the Service. Undertaking internal research for technological development and demonstration. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.	As specified above in the “How We Collect Information, for What Purposes and Our Legal Basis for It” section
Geolocation data – collected about you by the Relevant Services. This is sensitive information.
Audio, electronic, visual, thermal, olfactory, or similar information – collected about you by the Relevant Services
Internet or other electronic network activity information – collected about you by the Relevant Services.

We do not sell your personal information and have not done so in the past 12 months.

We do no share your personal information for the purpose of online targeted ads, and have not done so in the past 12 months.

We do not use or disclose your sensitive personal information for purposes other than those specified in privacy regulations.

The chart below explains the personal information we disclosed for a business purpose to third parties in the preceding 12 months.

Categories of personal information	Categories of third parties to whom we disclose your information and the specific business or commercial purpose for the disclosure
Identifiers	With third parties to which a law or binding order requires us to disclose your information to. Our purpose in doing so is complying with our obligations under the law or the binding order. With the target entity of our merger, acquisition or reorganization, and legal counsels, and advisors, for the purpose of facilitating the structural change in the operation of our business within a different framework, or through another legal structure or entity (such as due to a merger or acquisition).
Geolocation data
Audio, electronic, visual, thermal, olfactory, or similar information –
Internet or other electronic network activity information.

{For best results – when you insert a new table, mark Total Row in the Table Design ribbon }

Your rights under the state privacy laws in the United States.

Disclosure of personal information we collect about you.	You have the right to know: The categories of personal information we have collected about you; The categories of sources from which the personal information is collected; Our business or commercial purpose for collecting personal information; The categories of third parties with whom we share personal information, if any; and The specific pieces of personal information we have collected about you.
Right to correct inaccurate information.	If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you. In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information. We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate. We may deny your request to correct in the following cases: We have a good-faith, reasonable, and documented belief that your request to correct is fraudulent or abusive. We determine that the contested personal information is more likely than not accurate based on the totality of the circumstances. Conflict with federal or state law. Other exception to state privacy laws. Inadequacy in the required documentation Compliance proves impossible or involves disproportionate effort. We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to correct your information.
Right to deletion.	Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your personal information from our records; and Direct any service providers to delete your personal information from their records. Please note that we may not delete your personal information if it is necessary to: Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the state electronic communications privacy law; Engage in public or peer-reviewed scientific, historical, or statistical research that conforms to or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information; or Comply with an existing legal obligation. We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception to state privacy law. We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to delete your information.
Protection against discrimination.	You have the right to not be discriminated against by us because you exercised any of your privacy rights. This means we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
Exercising your rights.	If you would like to exercise any of your rights as described in this Policy, please email us at: DPO@essence-grp.com or call +972 (0)73 2447777. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require. You may designate an authorized agent to make a request under state privacy law on your behalf. To do so, you need to provide the authorized agent written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below.

Rights (EU, UK and EEA)

If you are in the EU, the UK or the EEA, you have the right to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to object to processing of your personal data.

If you are in the EU, the UK or the EEA, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here. A link to the UK ICO is available here.

To exercise any of these rights, contact your service provider. In some cases, you may be able to perform some of these functions yourself using the software provided. Refer to the relevant user documentation.

Our service does not entail any automated decision making. We provide information and notifications only.

Security

Safeguarding your information is a key priority for us. We employ a variety of organizational and technical security measures designed to protect your information from unauthorized access and disclosure.

Your information is protected, in compliance with ISO 27001 standards, using state of the art technical security measures, such as:

Encryption and authentication mechanisms

Regular threat and vulnerability assessment

Physical site security

We also take various organizational measures to ensure data security, such as:

Lawful data processing reviews

Privacy impact assessments

We cannot guarantee that your personal information or private communications will always remain private and secure. We are obliged to notify you of any security breach resulting in high risk of private data exposure.

Changes to this Privacy Notice

From time to time, we may change this Privacy Notice. If we do so, we will proactively notify you of such changes.

Contacting Us

If you have any concerns or questions about this Privacy Notice or would like to lodge a complaint, please contact Essence’s data protection officer at +972 (73) 2447777, DPO@essence-grp.com.