Duties of disclosure upon collection of personal data from the data subject in accordance with Article 13 paragraphs 1, 2, and 4, as well as Article 21 paragraph 3 of the EU General Data Protection Regulation (GDPR).

Lark has issued below its Privacy Statement in the light of the upcoming enactment of GDPR, the new data protection and privacy regulation of the European Union (EU). Privacy and security are very important to lark. GDPR imposes high standards of personal data protection with extra-territorial reach which means that companies based outside the EU are, in certain circumstances bound by its provisions. We ask you to familiarize yourself with the Data Protection Information found below as well as lark’s general Privacy Policy.

Data Protection Information

The following data protection information gives an overview of the collection and processing of your data. With the following information, we would like to give you an overview of how we will process your data and of your rights according to data privacy laws.

1. Who Is Responsible For Data Processing and How Can I Contact Them?

Data Protection Officer:

Lark

2570 W El Camino Real, Suite 100

Mountain View, CA 94040

dpo@lark.com

2. What Sources and Data Do We Use?

We process personal data, personal health information, and information from your smartphones and connected devices. The sources of the data are our smartphone app, your smartphone sensors and analytics, connected health devices and in some instances your information from permitted health care partners (if contracted, the health care partners send us information such as your name, gender, enrollment date, address, contact information and health goals).

Lark captures your smartphone phone number, device identifier and ip address if applicable to enable communications with you.

If you choose to use google or facebook to log in or create an account, Lark has access to your name and email address from them.

For customer support and recruitment purposes we may also gather information from your web browser and partners including your mobile device information and computer / browser information. We use cookies in your browser to help identify you across time and partner sites.

3. What Do We Process Your Data for (Purpose of Processing) and On What Legal Basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

●  For enabling communications to you via your smartphone.

●  For determining your health habits, behaviors and data such as activity, sleep, food habits and state of mind.

●  For providing coaching personalized for you.

●  As a result of your consent. You have to permit us to collect your information both in the Lark app and on your smartphone.

4. Who Receives My Data?

Your personally identifiable information (such as name, address, insurance number) are always encrypted and only available to the Lark AI smartphone app when you are logged in, to partners who send us your information when you signed up and to customer service if needed for support.

Your de-identified data (such as interaction with the app, phone sensor readings and connected device readings) are available to the Lark AI smartphone app and authorized staff at Lark for the purposes of learning and improving the experience for everyone.

5. Will Data Be Transferred to a Third Country or an International Organization?

Your data is transferred outside of the EU – it is all securely stored and processed in Amazon Web Services in Oregon, USA.

Please contact us if you would like to request to see a copy of the specific safeguards applied to the export of your information (Article 13 para 1f of the GDPR).

6. For How Long Will My Data Be Stored?

We will process and store your personal data for as long as it is necessary in order to fulfill our contractual and statutory obligations. By default your data is stored for seven (7) years.

7. What Data Privacy Rights Do I Have?

You have the right to access according to Article 8 FADP (Article 15 of the GDPR), the right to rectification according to Article 5 FADP (Article 16 of the GDPR), the right to erasure according to Article 5 FADP (Article 17 of the GDPR), the right to restrict processing according to Articles 12, 13, 15 FADP (Article 18 of the GDPR), the right of object according to Article 4 FADP (Article 21 of the GDPR), and if applicable – the right to data portability according to Article 20 of the GDPR. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 of the GDPR).

You can withdraw consent granted to us for the processing of personal data at any time. This also applies to withdrawing declarations of consent that were made to us before the GDPR came into force (i.e. before May 25, 2018). Please contact us if you would like to request to see, amend or request removal of your data.

Please note that the withdrawal only applies to the future. Processing that was carried out before the withdrawal is not affected by it.

8. Am I Obliged to Provide Data?

Lark is not able to provide personalized effective coaching without access to your information.

9. To What Extent Is There Automated Decision-Making?

Lark does use automated decision-making pursuant to Article 22 of the GDPR in order to provide personalized coaching.

10. Will Profiling Take Place?

The Lark coach gets better at its personalized coaching with more information. Lark builds a profile of your habits in order to more effectively coach you.

Information on Your Right of Objection According to Article 21 of the General Data Protection Regulation (GDPR)

You shall have the right of objection, at any time to processing of your personal data which is based on Article 6 paragraph 1 subparagraph e of the GDPR (data processing in the public interest) and Article 6 paragraph 1 f of the GDPR (data processing based on balancing interests). This also applies to profiling based on this provision in terms of Article 4 No. 4 of the GDPR.

If you object, please delete your Lark account and uninstall the Lark smartphone app. This will cease all information gathering and processing.

The GDPR policies are effective and were last updated on May 21st, 2018.