HH Prevent App Privacy Policy

Version 2 – Last updated 10 June 2019

Please read this privacy policy (the Privacy Policy) carefully.  It sets out important information in relation to how we process your personal data when you use the HH Prevent App (the App).  

In broad terms, the term “personal data” means any information that relates to you and that can be used to identify you, directly or indirectly. This information includes your name, email address, phone number, location data and information about your health. 

If you have any requests concerning your personal data or any queries with regard to our processing of your personal data, please contact us at DPO@healthyhealth.uk.

Contents

 

  • About Us

  • Purpose of this Privacy Policy

  • Lawful basis for processing your personal data 

  • How we use your personal data

  • What data we may collect from you

  • How we collect information from you

  • Security and international transfers 

  • Transfers of your data

  • Retention of your data 

  • Rights in relation to your personal information 

  • Cookies

  • Marketing 

  • Third party links

  • Amendments to this Privacy Policy

  • Closing your HH Profile 

  • Questions in relation to this Privacy Policy

 

1. About us

We are HEALTHYHEALTH-UK LTD, a company incorporated and registered in England and Wales with company number 10964467 and our registered office is at No. 1 Poultry, London, England, EC2R 8EJ (HH, we, us or our).  We provide Internet and mobile app-based services.  

 

2. Purpose of this Privacy Policy

2.1. This Privacy Policy contains important information about what personal data we may collect from you; how we will use, store and protect your personal data; with whom we may share your personal data; and your rights under relevant data protection laws.

2.2. It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data. This Privacy Policy supplements the other notices and is not intended to override them.

3. Lawful basis for processing your personal data

 

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your personal data are set out below. 

  • We will process your personal data where you have given us your consent to do so for one or more specified reasons. This is particularly important in relation to processing information about your health where we require your explicit consent. 

  • We may process your personal data to perform a contract that we have with you. 

  • We may also process your personal data where it is necessary for the purposes of our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our business (provided these interests do not interfere with your rights).

  • We may also process your personal data to satisfy any legal and/or regulatory obligations to which we are subject.

 

4. ​How we use your personal data

 

4.1. The App services cannot be provided without an individual providing us with their personal data. We therefore need your personal data to provide our services  to you through the App.

 

4.2. The aim of the App is to provide you with tailored suggestions of actions you can take to improve your wellbeing. This is accomplished by using the personal data collated via the App to calculate an aggregated wellness score (Wellness Score). The Wellness Score is an analysis of a user’s personal data to calculate their risk of being diagnosed with a set of medical conditions (also referred to as “prevention opportunities” in the user interface). The aggregate Wellness Score is in the form of either a synthetic global score or a list of medical conditions with the corresponding score. We aim to tailor this information in relation to each individual based on their personal data.

4.3. For each user (described below), HH collates and processes his/her personal data with the aim of providing the App services to the user and the corresponding client (described below).

Example

A new user downloads the App and creates a HH account using the credentials provided by the client paying for the service. The user then gives their consent to HH for HH to access the user’s relevant past and future personal data. The App is able to provide the user with the HH services specific to the App. 

The App collates the user’s personal data and then provides the tailored recommendations based on the Wellness Score to the [user and the client]. This service is based on algorithms through which user data (including personal data) is passed and is updated over time. No other usage (such as commercial usage) of the collected personal data is carried out directly or indirectly. 

The Client receives aggregated anonymised dashboards of the service usage and results as part of the service.

4.4. We also provide our clients aggregated non-personal data made of statistics, such as data on usage of the App and user engagement, for analytics purposes on the population of users.  Clients pay us for this service. 

4.5. We also use the aggregated anonymised and non-personal data for use in research activities, primarily to improve our wellness model.  We store this anonymised data indefinitely. You will not be identifiable from this data. 

4.6. Collated or calculated personal data contained in a user’s profile is never communicated to a client without being anonymised, de-identified or aggregated in statistical content, in ways that the client cannot personally identify individual user(s).

4.7. We also anonymise collated or calculated user personal data for the purpose of:

 

 

  • further improving our algorithms; 

  • providing aggregated insights to the relevant client; and 

  • contributing to scientific research programmes (a process which is still under preparation).

 

As a user of the App, you will receive notifications either by email, SMS, phone notifications or any other means as part of the usage of the App services. Notifications are used for non-commercial messages such as notifications to a user on the status of his/her data analysis and change(s) in this Privacy Policy.  We will inform you about the means through which you will receive notifications.  As part of the access to your personal data, you will be able to change your settings regarding how we make these notifications. 

4.8. We may process your personal data to provide customer services to you, including to respond to your enquiries or to fulfil any of your requests for information. 

4.9. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

 

5. What data we may collect from you

Details of the personal data that we may collect from you and process are set out below. 

  • Information about your health, ethnicity origin. We require this information to provide the App services.

  • The consent that you grant to us to enable us to collect your data from different sources. 

  • Information extracted from your smart devices including (but not limited to) gender, age, weight, pre-existing conditions, walking and running distance, cycling distance, heart rate (and related information), blood pressure, weight and BMI.

  • Details about your employer or insurer. 

  • Demographic information, activity information and bio-markers made available from your smart devices.

  • Your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Information that you provide to us through your user profile which you create. 

  • Email address and telephone numbers. 

  • Technical data including your Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and information relating to the devices you use to access the App and the technology contained in your mobile device(s).

  • Your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Information about how you use the App and our other products and services.

  • Your preferences in receiving marketing from us and our third parties and your communication preferences.

 

6. How we collect information from you

We collect your personal data in a number of ways. 

  • Directly: This includes information such as your contact details, health details and all data which you directly provide to us when you fill in online forms or correspond with us in any way, for example when you:

    • create your account on the App;

    • submit a query to us;

    • request or consent to us sending you marketing materials; or

    • provide us with feedback.

  • Automatically: As you use the App, we may collect certain information relating to your browsing patterns and technical data about the equipment you are using to access the App.  

7. Security and international transfers 

 

7.1. We have appropriate organisational and technical security measures to protect your personal data.  These measures include us having engaged two information specialist partners to safeguard your personal data, as further described below.

 

7.2. All your personal data is stored on servers located in Ireland in a secured infrastructure setup and monitored on a cloud platform called AWS, with software for privacy and personal data management provided by a specialised partner called Pryv (see Pryv.com). Pryv’s software is designed to ensure that user collated and calculated data are only accessible by the user and a restricted list of algorithms and operators of the service. Our partners are very strict in security and data management and are used by hospitals, clinics and insurers to handle personal data. 

7.4. All transmissions of personal data are encrypted with state of the art solutions provided by our partners. 

 

7.5. In case of a detected security flaw, a patch will be provided by the partners to secure a state of the art encryption and security infrastructure.  

 

7.6. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

8. Transfer of your data

Transfers to members of our group

 

8.1. We may share your data with other members of our Group.

Transfers to third parties

 

8.2. In addition to our data scientists, our clients (as referred to in section 4 above) and AWS (as referred to in section 7 above), there may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA. 

 

8.3. The third parties to which we may transfer your personal data include:

  • calling agents used by us for the purpose of providing customer support to you in relation to the services that we provide; and

  • third party software providers (e.g. e-mail providers) which we use to provide our services.  

8.4. The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

  • you have expressly consented to your data being shared with specific third parties;

  • the third party needs to access the personal data for the purposes of us providing our services to you; 

  • the third party has agreed to comply with our instructions, required data security standards, policies, and procedures and put adequate security measures in place;

  • the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and  

  • a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.

 

8.5. As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

  • only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;

  • where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or

  • where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield. 

 

8.6. For more information on the safeguards used when we transfer personal data to third parties, please contact us at DPO@healthyhealth.uk 

9. Retention of your data 

 

9.1. Unless we are required to do so for a longer period by law, we will retain your personal data for a maximum of three years since the last update from you. Thereafter, your personal data will be securely deleted automatically and cannot be restored.

 

9.2. For more details about our retention periods, please contact us at DPO@healthyhealth.uk.

 

9.3. We retain anonymised data. This may remain stored and used by us with no time limits.  This data is no longer associable to any user and is therefore not personal data.

 

10. Rights in relation to your personal information 

 

10.1. You have certain rights in relation to the personal data we process and hold about you. These include:

  • Right of access: you have the right to request access to personal data that we may process about you. 

  • Right to rectification: you have the right to require us to correct any inaccuracies in your data.

  • Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements. 

  • Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. 

  • Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed. 

  • Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit. 

  • Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data (to the extent processing is based on consent and consent is the only permissible basis for processing).

 

10.2. If you are not able to complete the above via the App, please write to us at DPO@healthyhealth.uk specifying the right you wish to exercise. 

 

10.3. Unless we are permitted to do so by applicable law, we will not charge a fee for you to exercise any of the rights listed above.  

 

10.4. In case you have given your consent to let the App access your personal data from a given third party source such as Garmin or Apple Health, you can always revoke your consent from those sources directly or ask us to revoke this consent manually by sending a request to DPO@healthyhealth.uk.

 

11. Cookies

Our Website uses cookies. For more information about the cookies we use, please see our Cookies Policy [www.healthyHealth.uk/Site-Cookie-Policy]. 

 

12. Marketing

It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us. 

Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at DPO@healthyhealth.uk. We will process your request to be opted-out of marketing within 30 days of receipt.

We will ensure that we obtain your consent before we share your personal data with any company outside of our Group for marketing purposes.

Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 4 above.

13. Third party links

The App may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

 

14. Amendments to this Privacy Policy

 

14.1. We reserve the right to vary this Privacy Policy from time to time. So you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page.  The new modified or amended Privacy Policy will apply from that revision date.  Therefore, we encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.

14.2. We will notify you in case we make material changes to this Privacy Policy. If you do not agree with the amended Privacy Policy then you have the right to stop using the App, and should do so immediately.  

 

15. Closing your HH Profile 

Details about the services, related disclaimers and how to close your HH profile are available on the App Terms of Use [www.healthyhealth.uk/term-of-use].

 

16. Questions in relation to this Privacy Policy

16.1. You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner's Office in the UK (the ICO). 

16.2. We have appointed a data protection officer (the DPO) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this Privacy Policy and handling requests in relation to the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPO using the details set out below. 

Email address: DPO@healthyhealth.uk

Post: Data Protection Officer, HealthyHealth-UK Ltd, No. 1 Poultry, London, England, EC2R 8EJ.

16.3. We will respond to requests and questions addressed to DPO@healthyhealth.uk within 15 to 30 calendar days.

 

HH-Logo-B-round.png

14 Dufferin Street, EC1Y 8PD London, United Kingdom

Combined Shape Copy.png
Twitter.png

@2019 by HEALTHYHEALTH