Effective as of Feb 26, 2022
Healsens is a mobile application (“App”) offered by Healsens B.V. together with any of its affiliates or subsidiaries (“Company”, or “us”, or “we”), future or present.
This Privacy Notice (“Policy) will explain to you how we use your personal data and how you can control it.
We may amend the Policy from time to time. If we make any material changes, we will notify you by email, in the App, or alike. Your continued use of the App after the effective date of any new version of the Policy will indicate your acceptance of the Policy as modified. In some cases, you will have to accept changes to the Policy explicitly.
WHAT DATA DO WE PROCESS AND WHY
Our mission is to make it clear what we do with your personal data is transparent and easily understandable to you, our customer.
Unless specifically indicated elsewhere in this Policy, the Company acts as a controller to your data.
- What does that mean? It means that we determine the purposes and means of the processing of personal data.
However, whilst we do that, this is exclusively limited to the nature of the product we offer. We will process your data to enable you to use our App – to keep all your health records in one place, to create your personalized health screening plan based on your data, and make relevant and accurate recommendations and predictions for you.
- What does that mean? It means that you authorize us to process your data only for the purposes above. Nothing more.
Based on the above, you can provide us the following personal information about your health and habits:
- Biomarkers like Blood pressure, waist circumference, etc;
- Lab tests results, medical examination results (files, pictures);
- Age, Biological gender, country of living;
- Personal habits (smoking, eating preferences, sports, wellbeing (in terms of taking into account risks factors of certain diseases)
- Mental health information;
- Family disease history.
The App may also automatically collect the following data from you:
- Device identifiers and other information;
- Information about the operating system and its version;
- Location information such as IP address, email;
- Data from third-party authentication systems such as Apple ID, Google ID, and others.
All data indicated in this section is hereinafter referred to as ‘data’, ‘personal data’ or ‘your data’.
WHY ELSE WE MAY PROCESS YOUR DATA
We would like to improve our Services to make your business decisions more informed and well-taken as well as to have your experience with our product as smooth as possible.
For that reason, we may need your data from time to time to:
|Purpose of processing||Legal basis for processing|
|Check data correctness;||Legitimate interest to provide Services conformant to your expectations and our commercial agreements|
|Actualize and improve our AI model||Legitimate interest to run effective and bug-free Services|
|Analyze it for the general improvement of our Services and the Application;||Legitimate interest to run effective and bug-free Services|
|Send you technical notices, updates, security alerts and support and administrative messages;||Our agreement with you|
|Provide customer support;||Our agreement with you|
|Monitor and analyze trends, usage and activities in connection with our Application;||Legitimate interest|
|Verify your user identity, legal standing||Legal obligation|
|Maintain security||Legitimate interest to keep our Services safe|
Please note that we may transfer some of your data to our processors to help us run the App better.
- What does that mean? Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Here is the list of such processors:
- Auth0. We use Auth0 to authenticate our users and provide better security. Auth0 may process certain data about you (but in no event any data about health). Read more about Auth0 privacy practices here.
- Google Cloud. We use Google Cloud to store your data. Read more about Google Cloud privacy practices here.
RETENTION OF YOUR DATA
We will retain your data as long as your account is active or needed to provide you Services.
If you choose to deactivate your account or terminate our agreement we will retain your data for a reasonable period in case you decide to re-activate the Services unless you decide to delete your data as specified by the Policy. After the expiration of this period, we will aggregate and anonymize all our data and will only retain it as needed for some of the purposes indicated in the section above.
We may also retain certain categories of your data and other information after your account has been terminated or deleted as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.
DATA STORAGE AND INTERNATIONAL TRANSFERS
We use third-party providers and services to store your data. We store your data in the United States.
Please note that your data may be located in counties that may not offer the same protections as the law of your jurisdiction. You consent and authorize us to store your data in such a manner.
We commit to affording your data with the requisite level of protection, e.g. using approved standard contractual clauses and other available legal mechanisms.
It does not matter what country or region you come from. We are committed to providing you with vast privacy rights with respect to your data.
- Right to withdraw your consent. If you provided us consent to process some of your data, you may withdraw this consent at any time. Please be informed that as described in the Policy, we rarely or almost never rely on consent to process your data.
- Right to object the processing of your data. You can object to the processing of your data if you process under a legal basis for processing other than consent, e.g. legitimate interest.
- Right to access your data (including receiving a copy in a portable and (or) readable form). You may request us to provide further details of what data and why is being processed as well as ask us to send you a copy of your data in a portable and (or) readable format. Please note that you may only request your data in a portable format if we process such data based on our contractual obligations or your consent.
- Right to delete your data. You may request us to delete certain data. Please note that deletion of some data may make it impossible for you to use our Services. We may also delete some of your End-user data if you instruct us to do so in compliance with our processor’s obligations under applicable laws.
- Right to restrict processing of your data. In some cases, you may instruct us to restrict the processing of certain data, e.g. if you think it is inaccurate or incomplete and require correction.
- Right to correct or rectify your data. If you believe that the data that we process is inaccurate or not up-to-date, you may request us to correct it.
- Right to lodge a complaint. You have the right to bring a claim before your competent data protection authority. However, before doing so let us know first at firstname.lastname@example.org. We care about your privacy and want to make sure that we do everything to address any of your concerns.
- How? You can exercise your privacy rights by using in-app functions (e.g. clicking on ‘delete my data’) or you can reach us at email@example.com. We will exercise your request within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay. We may also engage in dialogue with you in order to properly verify the identity and the validity of your request.
Please note that some laws may require us to perform any other action not specifically mentioned in this section as well as to limit the scope of the exercise. In such cases, we will try to match your request with the highest possible standards prescribed by the Policy but reserve a right to exercise your rights within the limits of the laws that apply to your case.
Also keep in mind that if we receive a vague request, we may engage you to better understand the motivation and content of the request. We may also refuse manifestly unfounded and excessive (repetitive) requests.
PRIVACY OF MINORS
We are committed to protecting the privacy of children. The Services are not intended for children and we do not intentionally collect information about children under 13 years old (16 years old for the European Union and European Economic Area).
Please contact us at firstname.lastname@example.org if you become aware that anyone under 13 years old (16 years old for the European Union and European Economic Area) uses the Services or her data is being processed by us. We will take the required steps to delete such information and (or) delete her account.
We undertake to respect any privacy limitations on the processing of minors’ data that apply in your jurisdiction.
You are specifically forbidden to provide us with any data that does not comply with this section of the Policy. It is your sole responsibility to make sure no minor data is processed via our Services.
We take all reasonable and appropriate measures to protect all personal data we collect from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.
Among other things, we use the following measures to protect the security of your data:
- We have limited access to your data internally. Only specific employees in very specific roles may access your data for purely technical and support reasons. All our crew is fully trained to handle personal data and is under confidentiality obligations.
- We use encryption to protect your data from unauthorized access.
- We segregate your identification data from health data.
- We protect your data integrity with various technologies.
- We maintain high physical, organizational, and legal measures to protect your data.
- We have other methods to preserve the confidentiality, integrity, and availability of your data (e.g. limiting the number of IP addresses that can access your account).
Please understand that you can help keep your data secure by choosing and protecting your device password appropriately, not sharing your password, and preventing others from using your device. Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of our Services, or that your information will not be intercepted while being transmitted to us.
If you want to report a security incident related to the Services or the Application please contact us at email@example.com.
You can reach us out at firstname.lastname@example.org