GARCON Privacy Policy
Effective: March 24, 2026
Privacy Policy – GARCON Mobile Application
This Privacy Policy describes how personal data are collected, used, and protected when you use the GARCON mobile application (the "Application").
The Application is designed to collect data from wearable devices and support research studies through continuous and near real-time data acquisition.
The GARCON Application is part of the HealthReact ecosystem and focuses on data acquisition from wearable devices.
Provider Information
The Application is provided by:
University of Hradec Kralove
Rokitanskeho 62
500 03 Hradec Kralove
Czechia
("We", "Us", or "Provider")
Contact: info@healthreact.eu
Role in Data Processing
The GARCON Application is a tool used in research studies.
In most cases, the research institution conducting the study acts as the Data Controller, and the Provider of the Application acts as a Data Processor processing data on behalf of that institution.
This Privacy Policy describes how the Application handles data. Additional information about specific studies may be provided separately by the research institution.
Data We Collect
Pseudonymous Identifiers
Data processed by the Application are typically associated with a pseudonymous study identifier rather than directly identifiable personal information. The mapping between the identifier and the individual participant is usually maintained by the research institution.
Physiological Data
The Application may collect physiological data provided by wearable devices, such as heart rate, heart rate variability, sleep-related metrics, and activity data.
Sensor Data
The Application may collect raw sensor data, including accelerometer data from wearable devices.
Technical and Usage Data
The Application may collect technical and usage data automatically when used.
- device identifiers,
- timestamps of collected data,
- device and application configuration data,
- application version and system logs necessary for debugging and maintenance,
- diagnostic information such as crashes and performance data.
How Data Are Collected
Data are collected:
- from wearable devices via integrated SDKs (e.g., Garmin SDK),
- through direct communication between the wearable device and the Application,
- automatically through technical logging required for system operation.
Data Flow
Data collected from wearable devices are transmitted to the Application and subsequently to backend servers.
Where supported by the device, data are transferred directly from the wearable device to the Application using the Garmin SDK, without unnecessary routing through third-party cloud services.
The system is designed to support near real-time data transfer while minimizing unnecessary exposure of data to third parties.
Purpose of Processing
Personal data may be processed for the following purposes:
- to enable participation in research studies,
- to collect and analyze physiological and behavioral data,
- to support scientific research and evaluation,
- to enable adaptive or context-aware interventions within studies,
- to ensure proper functioning, security, and stability of the Application.
The Application does not use personal data for advertising or marketing purposes.
Legal Basis for Processing
Processing is based on:
- consent, typically obtained as part of participation in a research study,
- scientific research purposes in accordance with applicable data protection regulations, where permitted,
- legitimate interests in ensuring the secure and reliable operation of the Application.
The applicable legal basis may be further specified by the research institution conducting the study.
Data Sharing
Personal data may be shared with:
- the research institution conducting the study, acting as the Data Controller,
- service providers supporting the operation of the Application and backend infrastructure, under appropriate contractual safeguards.
Data are not shared for advertising or marketing purposes.
Data Retention
Personal data are retained for the duration of the research study and as required by applicable legal and research obligations.
Retention periods are typically defined by the research institution conducting the study.
After the retention period, data may be deleted or anonymized, depending on the requirements of the study.
International Transfers
Data may be processed on servers located within the European Union or, where applicable, in other jurisdictions.
Where data are transferred outside the European Economic Area, appropriate safeguards are implemented in accordance with applicable data protection laws.
Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
This includes encrypted data transmission (e.g., HTTPS/TLS), secure storage, and controlled access to data.
However, no method of transmission over the Internet or method of electronic storage is completely secure.
Wearable Devices and Data Accuracy
Data collected through the Application originate from wearable devices and depend on the capabilities and accuracy of those devices.
The Application is not a medical device and is not intended for clinical decision-making.
Children
Where studies involve minors, data processing is subject to additional safeguards and consent requirements defined by the research institution.
Your Rights
Depending on applicable law, you may have the right to:
- access your personal data,
- request correction of inaccurate data,
- request deletion of your data,
- restrict or object to processing,
- request data portability.
Requests should primarily be directed to the research institution conducting the study. You may also contact us using the details below.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be made available within the Application or through other appropriate means.
Contact Us
If you have any questions about this Privacy Policy, you can contact us at info@healthreact.eu.