REFLEX ACTIVE APP PRIVACY POLICY

Data
Privacy Policy

Version
No. V3

Last
updated: 27 January 2026

App:
REFLEX ACTIVE

Developer:
Reflex Active

We take protection of your
personal data very seriously and want you to feel secure when using our app and
products. Protection of your privacy when processing personal data is an
important concern for us that we also consider in all our business processes.

Personal data are collected,
processed and used exclusively in accordance with legal regulations and in good
faith. As far as possible, we design our business processes in such a way that
the data protection requirements are already considered during the development
of the products and service offers and to the extent possible, personal data is
pseudonymized.

Information
we collect

As part of our business
relationships, we process personal data that we have received directly from
you. In addition, we process personal data which we legitimately obtain from
publicly accessible sources, or which is legitimately transmitted to us by other
third parties, insofar as this data is necessary for the provision of relevant
services we provide to you and/or within the scope of the Purposes as set forth
below.

Purposes
of processing (“Purposes”) and legal basis

Your personal data will be
processed in accordance with the provisions of the GDPR and for the following
purposes.

For
the fulfillment of contractual obligations (Art. 6 Para. 1 b GDPR):

The processing of personal data
takes place in the context of trade with products and services in the field of
consumer electronics. The Purposes of data processing depend primarily on the
specific product and its software applications. Further details on this data
processing purpose can be found in the accompanying operating instructions,
manuals and other terms and conditions for the purchase of such specific
products.

Within
the framework of the balancing of interests (Art. 6 para. 1 f GDPR):

If necessary, we process your data
beyond the actual performance of the contract to protect the legitimate
interests of us; for the purpose of the assertion of legal claims and defense
in legal disputes; the guarantee of IT security and the maintenance of our IT
infrastructure and operation; the prevention and clarification of criminal
offences; and for business management purposes and the development of services
and products.

Based
on your consent (Art. 6 Par. 1 a GDPR):

If we have your consent to the
processing of personal data for specific purposes (e.g., forwarding of data
within the Group or evaluation of data for marketing purposes), the legality of
such processing is given based on your consent. The given consent can be
revoked at any time at the Reflex Active App (Settings Withdraw Consent). The
revocation of the consent does not affect the legality of the data processed
until the revocation.

Special
data protection of our fitness trackers and smart devices

We use your data to make the use
of the fitness tracker / smart device as pleasant as possible for you and so
that you can benefit optimally from your fitness program. At the same time,
this information will improve our Service.

The application stores and
processes the following data: Username, Gender, Birthday, Weight, Height,
Steps, sleeping hours, heart rates (if available), distances, calorie
consumption, goals, successes and challenges.

The application also stores and
processes Cycle Tracking data such as length of menstrual period, cycle
history, and pregnancy data, which belongs to Art.9 of the GDPR.

All your data is stored only
locally on your smartphone or device.

In the Reflex Active App ->
Settings -> FAQ & Feedback: The FAQ section provides a list of common
questions. No personal data is collected in the FAQ.

You can also provide feedback or
report a problem to us. This will help us identify and fix issues when
something is not working properly. Feedback and problem reports will be sent
via email to our designated secure customer service mailbox.

All the information you provide
will be deleted immediately after the reported issue is resolved.

To ensure compatibility of your
fitness tracker / smart device with your smartphone, our fitness tracker /
smart device and our application access the following functions of your phone:

Android

  1. Read caller list
  2. Taking pictures and videos
  3. Reading contacts
  4. Receive SMS
  5. Read SMS or MMS
  6. Read the contents of your shared memory
  7. Changing or deleting the contents of your
    shared memory
  8. Only access the exact location when
    running in the foreground
  9. Access the approximate location
    (network-based) only when running in the foreground
  10. Accept calls
  11. Retrieve phone status and identity
  12. Retrieve network connections
  13. Battery performance optimisations
  14. Perform linking with Bluetooth devices
  15. Execute foreground service
  16. Access Bluetooth settings
  17. Control vibration alarm
  18. Access to all networks
  19. Deactivate idle state
  20. BIND_GET_INSTALL_REFERRER_SERVICE
  21. BLUETOOTH (Android <= 11)
  22. BLUETOOTH_ADMIN (Android <= 11)
  23. DEVICE_POWER
  24. BLUETOOTH_CONNECT (Android 12+)
  25. BLUETOOTH_SCAN (Android 12+)
  26. Android_ID
  27. Device Serial Numbers
  28. External data storage (Android <= 12)
  29. Health Connect read-write access
  30. READ_MEDIA_IMAGES (Android 13+)
  31. POST_NOTIFICATIONS (Android 13+)
  32. SCHEDULE_EXACT_ALARM (Android 14+)
  33. ACTION_NOTIFICATION_LISTENER_SETTINGS
  34. MEDIA_CONTENT_CONTROL
  35. SEND_SMS
  36. WAKE_LOCK
  37. BLUETOOTH_ADVERTISE (Android 12+)
  38. RECEIVE_BOOT_COMPLETED
  39. com.google.android.c2dm.permission.RECEIVE
  40. READ_MEDIA_VISUAL_USER_SELECTED (Android
    14+)
  41. FOREGROUND_SERVICE_CONNECTED_DEVICE
    (Android 14+)
  42. FOREGROUND_SERVICE_REMOTE_MESSAGING
    (Android 14+)
  43. ACCESS_MEDIA_LOCATION (Android 10+) if
    applicable
  44. DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
  45. FOREGROUND_SERVICE_LOCATION
  46. ACCESS_BACKGROUND_LOCATION

iOS

  1. Location
  2. Photos
  3. Bluetooth
  4. Camera
  5. Local network
  6. Microphone
  7. Siri & search
  8. Messages
  9. Mobile data
  10. Contacts

App
permissions

To provide you with the
functionalities of the app, the app must be able to access various functions
and data of your mobile device. To do this, it is technically imperative that
you grant the app selected access authorizations.

Otherwise, the app cannot be used
for technical reasons. Before using the app for the first time, we will
explicitly inform you of the requested access rights. Usually the
authorizations are as follows:

Location: This permission is
required to determine your current location for location-based services. This
permission allows your phone to access your GPS data, WLAN identifiers and/or
Bluetooth, depending on which of them you have enabled, to locate your
location.

Push notifications: Push
notifications are messages (e.g. WhatsApp) that are sent from the app to your
device and are prioritized there. This app uses push notifications on delivery,
provided the user has consented during the installation of the app or the first
use. End users must accept the enable notifications for first time
installation. Also, the reception of push notifications can be deactivated at
any time in the settings of the app.

Access smartphone contacts: This
permission is required to show caller’s name when user receives a call
notification.

User behavior: Within the
framework of legal regulations, users can provide Name, Avatar, Gender,
Birthday, Weight, Height and Stride. User also can click “skip” to not provide
this information. The data are stored locally on the smartphone and is not linked
to any further information about the user.

Device information: In addition to
protocol data, we may also collect information about the device on which the
app is used. These include device type, operating system used, device settings,
unique device identifiers and crash data. Whether some or all this information
is collected depends on the type of device used and its settings. This allows
error messages and system crashes to be analyzed to improve future operation.
You can find out from

https://www.gstatic.com/policies/privacy/pdf/20210701/7yn50xee/google_privacy_policy_en.pdf how the
information are processed and protected.

Data
Protection and Limited Use Disclosure

All data transfer and storage are
encrypted to protect this App against unauthorized or unlawful access,
destruction, loss, alteration, or disclosure.

Health Connect: The use of
information received from Health Connect will adhere to the Health Connect
Permissions policy, including the Limited Use requirements.

https://support.google.com/googleplay/android-developer/answer/9888170?sjid=13972659535113455728-AP#ahp

Google Maps: The purpose of using
Google Maps is to provide the latitude and longitude information from our GPS
Smartwatch and to the Reflex Active App, then the App invokes Google Map to
display user activity trajectory on app which is a major function of our GPS
Smartwatch.

Google APIs: The Reflex Active
App's use and transfer to any other app of information received from Google
APIs will adhere to Google API Services User Data Policy, including the Limited
Use requirements.

https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes

Social media: If you connect to
this app via third party social media sites (such as Facebook, Twitter,
Instagram or Google+), you may be subject to the data policy of such
third-party social media sites. We do not have access to any of your personal
data stored on such third-party social media sites.

Weather: The purpose of using
weather service is that Weather is a major function of our fitness tracker /
smart device. We make use of the device's longitude and latitude information to
enquire of weather data for that location. The location information being
collected is not linked to your identity and will not be stored or used for any
other purposes. The usage of weather service and its data storage duration are
subject to their privacy policy:

https://openweather.co.uk/privacy-policy

We are distributing the Reflex
Active App via Apple App Store and Google Play Store. We have also incorporated
Google Maps (for Android devices), Firebase Crashlytics, and Google Analytics
in the Reflex Active App. GPS related sport activities and Google Maps require
Location Permissions. Firebase Crashlytics and Google Analytics collect crash
data that are not linked to any of your identity. Analytics automatically
logged some events and user properties. Details of events and user properties
can be found from Google website:

All the data being collected are
ANONYMOUS statistics. The purpose of using Firebase Crashlytics is to collect
crash data to help track, prioritize, and fix stability issues that erode our
app quality.

The legal basis for collecting the
crash data is Article 6(1)-point f) GDPR. Our legitimate interest arises from
the purposes of the data collected listed above.

Google Analytics helps to measure
and provide insight on the Reflex Active App usage and user engagement.
Analytics integrates across Firebase features and provides unlimited reporting
of up to 500 distinct events that you can define using the Firebase SDK.
Analytics reports help you understand users behave, which can help to optimize
app performance.

The purpose of using Firebase
Crashlytics is to collect crash data to help track, prioritize, and fix
stability issues that erode our app quality. Crashlytics saves our
troubleshooting time by intelligently grouping crashes and highlighting the
circumstances that resulted. Find out if a particular crash is impacting a lot
of users. Get alerts when an issue suddenly increases in severity. Figure out
which lines of code are causing crashes.

The Reflex Active App includes the
OpenTelemetry (OpenCensus OpenTracking) library, which is a part of the
original Google library. However, we do not utilize the functionality of
OpenTelemetry in our app. We have kept the OpenTelemetry-related library in the
Reflex Active App to maintain the integrity of the Google library.

We use Cloudflare Inc.
("Cloudflare") for Content Delivery Network (CDN) services.
Cloudflare may process your data to improve security and performance. Any
personal data being processed by Cloudflare for us shall be encripted and
anonymous. When Cloudflare transfers personal data from the European Economic
Area, Switzerland, or the United Kingdom to the United States, they rely on
their certifications under the EU-U.S. Data Privacy Framework, the Swiss-U.S.
Data Privacy Framework, and the UK Extension to the EU-U.S. DPF, respectively.

As a result, usage of our apps is
also subject to the following privacy policies:

Data
Safety

As part of the App functionality,
this App may collect the following data and upload it to your smartwatch in
accordance with your instructions and permissions. The collected data is
processed ephemerally and will not be shared with third parties.

  1. Contact List
  2. Image
  3. Media
  4. Notifications
  5. SMS

Data
transfer to third countries or international organization

The Reflex Active App uses 3rd
party European based server to provide firmware update service. Data is
transmitted to offices in countries inside the European Union.

No data will be transferred to
third countries or international organizations outside the European Union.

According to Article 45 GDPR,
transmission is permissible if the European Commission has decided that an
adequate level of protection exists in a third country. In the absence of such
a decision, we or the Service Provider may only transfer personal data to a
third country or to an international organization if appropriate safeguards are
provided (e.g. standard data protection clauses adopted by the Commission or
the Supervisory Authority in a particular procedure) and enforceable rights and
effective remedies are available.

We have agreed contracts with
these service providers for so-called order processing, which stipulate that
the principles of data protection are always concluded with their contractual
partners in compliance with the European data protection level.

Personal
data and Measurement data recorded & processed

We do not access your data for our
own purposes.

We process personal data that we
lawfully obtain from publicly accessible sources or that is legitimately shared
by third parties, if this data is necessary for delivering relevant services to
users and aligns with our stated purposes.

The Reflex Active App utilizes
end-user data to enhance your experience with the activity tracker and smart
device, ensuring you gain the most from your fitness program. The application
collects and processes the following data: username, gender, date of birth,
weight, height, steps taken, hours of sleep, heart rates (if available),
distances, calorie consumption, goals, achievements, and challenges.

The Reflex Active App also
collects and processes Cycle Tracking data, including menstrual period length,
cycle history, and pregnancy information, in accordance with Article 9 of the
GDPR.

All end-user data is stored
exclusively on your smartphone or device.

Storage
period

Your data is only stored on your
smartphone or device.

Smart Device (Internal)

  • Data Types: Health, personal, preference
    data
  • File Format: .bin
  • Retention Period: 7 days
  • Daily Generation Volume: ~ 10 KB

Mobile Application (APP)

  • Data Types: Health, personal (including
    name/contact information), preference, content data
  • File Format: .realm
  • Retention Period: Unlimited
  • Daily Generation Volume: ~ 10 KB

Server

  • No user data is stored on our servers.

Once the Reflex Active App is
uninstalled, all personal data will be removed from your smartphone or device
and none of the data will be retained.

The retention period of data
transmitted to third-party providers is subject to the data policy of such
third-party social media sites.

We will not actively transfer your
data to any third party. The data that has been successfully transferred to a
third party (e.g.: Apple Health, Google Fit or Strava (if available)) with your
permission will follow the third-party platform and its privacy policy. You can
turn off third-party authorization the setting at any time and the data will no
longer be transmitted.

For firmware update, the data
stored on the European servers will be stored during your use of the Reflex
Active App. You can contact us to delete. Once you make a deletion request, we
will delete or anonymize your information as soon as possible, and no later
than 90 days from the date of your deletion request. The data will be stored
for around six months until a further new update is available if a deletion
request is not made.

Access
and export user data

To comply with the EU Data Act,
this Reflex Active App allows users to easily access and export their data.
Users can view and download their data through an intuitive interface. Please
go to Settings → My Profile → Export Health Records. The App will export user
data in a structured, commonly used, and machine-readable format, as required
by the EU Data Act.

Delete
data from the App

If you would like to delete your
data from the Reflex Active App, please open the Reflex Active App and go to
Settings >>> Withdraw Consent and Delete User Profile. Press “OK” and
all your data will be deleted from the Reflex Active App.

Affected
rights

Any person concerned by the
processing of personal data has the right to:

  1. Information (Art. 15 GDPR),
  2. Corrigendum (Art. 16 GDPR),
  3. Cancellation (Art. 17 GDPR),
  4. Restriction on processing (Art. 18 GDPR),
  5. Data transferability (Art. 20 GDPR) and
  6. Opposition (Art. 21 GDPR).

There is a right of appeal to a
competent data protection supervisory authority (Art. 77 GDPR). You also have
the right to lodge a complaint with the responsible data protection supervisory
authority at any time. You can contact the responsible data protection
supervisory authority located in your country or state.

You can revoke your consent to the
processing of personal data at any time. You can uninstall the Reflex Active
App anytime if you would like to revoke this consent. Please note that the
revocation will only take effect in the future. Processing that took place
before the revocation is not affected by this.

Automated
decision making

In principle, we do not use fully
automated decision making according to Art. 22 GDPR for the establishment and
implementation of the business relationship.

Information
about your right of objection according to Art. 21 Basic Data Protection
Ordinance (GDPR)

Right of objection in individual cases

You have the right to object at
any time for reasons arising from your situation to the processing of personal
data concerning you, which is based on Art. 6 para. 1 e GDPR (data processing
in the public interest); this also applies to profiling based on this provision
within the meaning of Art. 4 no. 4 GDPR.

If you object, we will no longer
process your personal data, unless we can prove compelling reasons worthy of
protection for the processing, which outweighs your interests, rights and
freedoms, or the processing serves to assert, exercise or defend legal claims.
The Reflex Active App cannot be used if you revoke consent.

Withdraw your consent

If you have given consent under
this privacy policy to the processing of your data by the Reflex Active App,
you can withdraw consent from Reflex Active App (Settings -> Withdraw
Consent-Press “OK”) and none of the data will be retained

Points
of Contact

European
Representative and Responsible Person:

If you are based in Europe, you
may also direct your inquiry to the data protection officer of our European
representative:

A6 Europe s.a

Attn: Data Privacy Officer

127-129 Rue Colonel Bourg,

1140 Brussels, Belgium.

📧 dataprivacy1.synergy@mailo.com

Data
Protection Controller

If you have further questions
regarding the processing of your data or wish to exercise any of your rights
under the GDPR or pursuant to this policy, you can contact our data protection
controller:

Synergy Innovations Group Limited

Attn: Data Privacy Officer

Room 1004, Tower 1, Lippo Centre,

89 Queensway, Admiralty, Hong Kong.

📧 dataprivacy.synergy@mailo.com