This statement supplements the HMD Global Privacy Policy for products and services and applies to the HarmBlock+ service.

HarmBlock+ is a digital safety and parental control service, managed through the HarmBlock+ application on the guardian’s device, designed to help guardians monitor and manage their child’s device activity. Once an account is created and the HMD Fuse device is paired, guardians can, for example, track location, screen time, and step count, and configure features such as School Mode, Bedtime Mode, app usage limits, contact permissions, timers, and notifications through the HarmBlock+ application.

Guardians also control the HarmBlock AI solution, a pre-trained, self-contained AI protection system that blocks nudity and sexual imagery from being displayed on the screen, captured by the camera, or stored on the device.

Each HMD Fuse device comes with the pre-installed HarmBlock+ Junior application, which gives the user a clear overview of key HarmBlock+ service features - such as their own screen time and step count - as well as the settings configured by the guardian.

Why are we processing your data?

We process your data to provide the HarmBlock+ service and related applications.

What data are we processing?

We collect and process the following personal data when a guardian signs up for the HarmBlock+ service and pairs a HMD Fuse device to their account through the HarmBlock+ application:

1. Account data:

• Users of HarmBlock+ application
  • Email address
  • Mobile phone number
  • Name

• Users of HMD Fuse: N/A

• What is the basis for processing your account data? Contract between us.

2. Device data

• Users of HarmBlock+ application

  • Type of device
  • Device token
  • Installation ID
  • Firmware and software version

• Users of HMD Fuse:

  • Type of device
  • IMEI number
  • Firmware and software version

• What is the basis for processing data? Contract between us.

3. Profile and activity data

• Users of HarmBlock+ application

  • Paired devices
  • Contact icon image
  • Location
  • Steps
  • Chat history from the HarmBlock+ application
  • Subscription status
  • Service period

• Users of HMD Fuse:

  • Subscription status
  • Service period
  • Name
  • Phone number
  • Contact icon image
  • Location
  • Steps
  • Call and messaging activity
  • Chat history from the HarmBlock+ application
  • Mode status (School Mode, Bedtime Mode)
  • Battery status
  • Screen time
  • App usage statistics
  • Applications installed or previously installed on the device

• What is the basis for processing data? Contract between us.

How long is the data retained?

We store your personal data as long as needed to provide the HarmBlock+ service and related applications to you. If your account remains inactive for a continuous period of 48 months, we will delete your personal data from our systems, unless we are legally obliged or entitled to retain certain information for a longer period.

If you choose to deactivate your account:

• Your data will be stored for a 45-day deactivation period starting from your request, unless otherwise agreed.
• During this time, your account is inactive and your data is inaccessible, but you can reactivate your account if you change your mind.
• After 45 days, your personal data will be permanently deleted. Complete deletion of your personal data can take up to 7 days.

Separate retention times apply to certain categories of data:

• Location data is deleted automatically after 72 hours.
• Chat messages are deleted automatically after 1 month.

If a guardian performs a factory reset on the HMD Fuse device through the HarmBlock+ app, or equests HMD Support to do so, the deletion process for the device, profile, and activity data associated with the HMD Fuse device will begin immediately. Complete deletion of the data can take up to 7 days.

What data is transferred and where?

1. Account data

Who are the recipients of the personal data and where are they located?

• Cloud service provider located in the EU/EEA.
• Technical support and backend maintenance service provider in the EU/EEA and the UK.

What are the transfer safeguards? All personal data is stored and processed within the EU/EEA and the UK.

2. Device data

Who are the recipients of the personal data and where are they located?

• Cloud service provider located in the EU/EEA.
• Technical support and backend maintenance service provider in the EU/EEA and the UK.

What are the transfer safeguards? All personal data is stored and processed within the EU/EEA and the UK.

3. Profile and activity data

Who are the recipients of the personal data and where are they located?

• Cloud service provider located in the EU/EEA.
• Technical support and backend maintenance service provider in the EU/EEA and the UK.

What are the transfer safeguards? All personal data is stored and processed within the EU/EEA and the UK.