Privacy Policy

EDAN\QR\CD39\1.0

 

Updated2025-12-17

Version1.0

 

This privacy policy(hereinafter referred to as “this policy”) applies only to EDAN INSTRUMENTS,INC.(hereinafter referred to as ” EDAN” or “we”) Q Series Biofeedback and Stimulation System products (and mobile applications). If a third-party application or service has a separate privacy policy, the privacy policy of the application or service is applied preferentially. For the contents that are not covered by the application or service privacy policy, refer to this privacy policy.

If you have any questions, comments, or suggestions, please contact us through the following means:

E-mail: Compliance@edan.com

    Company Name: EDAN INSTRUMENTS,INC.

Registered Address: No.15, Jinhui Road, Jinsha Community, Kengzi SubDistrict, Pingshan District Shenzhen,Guangdong,China

Edan understands the importance of personal data to you, and will make every effort to ensure the security and reliability of your personal data. Edan promises to take appropriate security measures to protect your personal data in accordance with well-established security standards in the industry.

Please read and understand this Privacy Policy carefully before using our products or services.

 

This policy helps you understand the following:

1. How we collect and use your personal data
2. How use cookies and similar technologies
3. How we share, transfer, and disclose your personal data
4. How we protect your personal data.
5. Your Rights
6. How we process the personal data of children
7. How do we store your personal data
8. How to update this policy
9. Contact us

 

I. How we collect and use your personal data

Personal data refers to the information that is recorded electronically or in other ways related to identified or identifiable natural persons, excluding the information after anonymization. Sensitive personal data refers to the personal data that may cause violation of personal dignity or damage to personal and property safety once it is disclosed or illegally used. It includes information such as biological identification, religious belief, specific identity, health care, financial accounts, traces, and personal data of minors under a certain age.(In this Policy, sensitive personal data involved will be highlighted in bold.) Edan will collect and use your personal data only for the following purposes described in this policy:

i.Your personal data that we need to process

To provide you with the basic functions of our products and/or services, you need to authorize us to collect and use necessary information. If you refuse to provide the information, you cannot use our products and/or services properly.

1Location Information: Based on the specific permissions granted when you install and use this service, we will collect your location information when Bluetooth is connected.

2Log Information: When you use our products or services, we collect usage data (e.g., device operating status, error logs) and store it as relevant logs.

3. When you connect and use the pelvic floor rehabilitation device for pelvic assessment, pelvic treatment and E-Stim, it is necessary to collect your electromyography waveforms and treatment records. This requires access to your storage permissions (data must be stored on your phone for your subsequent review).

ii.Your personal data that you can decide whether we can process

To improve your experience with our products and/or services, our extended functions may collect and use your personal data. If you do not provide these personal data, you can still use our products and/or services, but you may not enjoy the extra convenience brought by these extended functions. These extended functions include:

1. You may optionally provide your nickname, gender, height, weight, and date of birth. Your nickname is used for display within the application, while gender, height, weight, and date of birth are used to provide you with improved pelvic floor assessment, treatment, and electrical stimulation services.

2. When selecting a treatment plan, local notification and precise alarm permissions are required to write the treatment schedule into local notifications and precise alarms, enabling local notification and precise alarm reminders.

II. How we use Cookies and similar technologies

This service does not use Cookies, nor does it collect Cookie data.

III. How we share, transfer and disclose your personal data

This service stores data locally on your mobile device and will not share, transfer, or publicly disclose your personal data.

IV. How we protect your personal data

1. We have taken the security protection measures that comply with industry standards to protect the personal data provided by you against unauthorized access, disclosure, tampering and loss. We will take all reasonable and feasible measures to protect your personal data.

For example, We use encryption technologies to ensure data confidentiality.

2. We have obtained the following certifications:  

Edan headquarters in China has passed the ISO/IEC 27001:2022 information security certification, and can effectively protect your personal data.

3. Our data security capabilities:

We have been committed to protecting your personal data security.

We have taken various security measures, such as encryption and so forth, to protect your personal data from unauthorized access , disclosure, tampering or loss and other forms of illegal processing.

We have developed a business continuity plan to ensure that services can be provided continuously. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly, and the effectiveness of the security management architecture and measures is ensured through regular third party security audits. In case of personal data leakage, we will initiate an emergency plan, take effective measures to prevent the situation from getting worse, and notify the relevant supervisory authority and you in a timely manner.

4. We will take all reasonable and feasible measures to ensure that irrelevant personal data is not collected. We will retain your personal data only for the period required to achieve the objectives specified in this policy, unless the retention period needs to be extended or is permitted by law.

5. The Internet is not absolutely secure, and most communications, such as emails and instant messaging, are not encrypted. We strongly recommend that you do not send personal data through such means. Please use a complicated password to help us ensure the security of your mobile device .

6. The Internet environment is not 100 percent secure. We will do our best to ensure or guarantee the security of any information you send us. If our physical, technical or management protection facilities are damaged, which results in unauthorized access, disclosure, tampering or loss of your personal data that affects your legal rights and interests, we shall assume the corresponding legal responsibilities.

7. If personal data security incident occurs, we will inform you of the basic situation and possible impact of the security incident in a timely manner, the remedial measures we have taken or will take, measures that you can take to mitigate risks., remedial measures for you and our contact methods. We will inform you of the incident by email, letter, telephone or notification in a timely manner. If it is difficult to inform the subjects of personal data one by one, we will release the notice in a reasonable and effective manner.

In addition, we will actively report the handling of personal data security incidents in accordance with the requirements of the regulatory department.

V. Your rights

In accordance with personal data protection laws, regulations, standards, and common practices in other countries and regions, we guarantee that you have the following rights over your personal data:

1. Access to your personal data

You have the right to access your personal data, except for exceptions as required by laws and regulations. If you want to exercise data access rights, you can access the data by yourself in the following ways:

(1) Your Personal Data. Access the program and click the “Mine” page to view and correct your personal details.

(2) Your Records. After accessing the program, click “Records” to view your historical assessment and treatment records.

2. Correct and supplement your personal data

When you find that your personal data processed by us is incorrect, you have the right to correct and supplement your personal data. You can correct or supplement your personal data through the methods listed in "(1) Access to your personal data".

3. Delete your personal data

Data is stored on your local mobile device. You may choose to uninstall the app to delete your personal data.

4. Copy and transfer your personal data

You have the right to obtain a copy of your personal data. You can perform the following operations by yourself.

If technologies are available (for example, data interface matching) and comply with laws and regulations, you can transfer your personal data to a third party specified by you through the data backup function of mobile devices.

5. Respond to your above requests

If your request cannot be implemented through these links/methods, you can send an e-mail to Compliance@edan.com,We will respond to your access request within 30 days.

To ensure security, you may need to provide a written request or prove your identity in other ways. We may ask you to verify your identity before processing your request, and we will respond within 30 days.

In principle, we do not charge for your reasonable requests, but we will charge for repeated requests that exceed a reasonable limit. We may reject requests that repeat unreasonably, require excessive technical means (for example, development of a new system or a fundamental change of current practice), and bring risks to other people's legitimate rights and interests or that are extremely impractical (for example, involving information stored on the backup tape).

We will not be able to respond to your request in accordance with laws and regulations if:

(1) The case is directly related to national security and national defense security.

(2) The case is directly related to public safety, public health, and major public interests.

(3) The case is directly related to any criminal investigation, prosecution, trial, and execution of a judgment .

(4) There is sufficient evidence that you have subjective malice or abuse of rights.

(5) Responding to your request will cause serious damage to the legal rights and interests of yours or other individuals' and organizations'.

(6) Business secrets are involved.

VI. How we process the personal data of minors

Our products and services are for adults.

VII. How do we store your personal data

Personal data is stored solely on the user's local mobile device. Upon uninstalling the app, all data will be deleted.

VIII. How to update this policy

Our privacy policy may changes from time to time .

Without your express consent, we will not reduce your rights under this privacy policy.

We will release any changes to this policy on this page. For major changes, we will also provide more noticeable notifications (including notifications for some services, which will be sent via email to describe the specific changes in the privacy policy), and get your approval again in accordance with the requirements of applicable laws and regulations.

Major changes mentioned in this policy include but are not limited to the following situations:

1. Our service model has significantly changed. For example, the purpose of processing personal data, the type of processed personal data, and the mode of using the personal data.

2. Major changes have taken place in the ownership structure and organizational structure. Such as changes in owners caused by business adjustment or bankruptcy or mergers and acquisitions.

3. The major objects of personal data sharing, transfer, or public disclosure are changed.

4. Your right to participate in the processing of personal data and the way you exercise it have changed significantly.

5. Our responsible department for personal data security, contact method, or complaint channel have changed.

6. The personal data security impact assessment report indicates a high risk.

We will also archive the old version of this policy for your reference.

IX. Contact us

We have established a special personal data protection department – Compliance Dept. If you have any questions, comments, or suggestions on this privacy policy, please feel free to send an email to us at Compliance@edan.com, which will be replied within 30 days.

In addition, you can send letters to the Compliance Dept.

To: Compliance Dept.
Address: No.15, Jinhui Road, Jinsha Community, Kengzi SubDistrict, Pingshan District Shenzhen,Guangdong,China.

If you are unsatisfied with our response, especially when our personal data processing activities have damaged your legal rights and interests, you can seek solutions through the local data protection agency.