What is a Privacy Notice?
A Privacy Notice is a document that explains to people how their personal data will be used and protected.
Who are we and what do we do?
Healthy.io (UK) Limited, a company registered in the UK (together with its parent company, affiliates, and/or related companies (Companies House registration number: 10996079). (“Healthy”, “Healthy.io” “we”, “our” or “us”) prioritises the safe processing and proper use of personal data. Our data practices are properly communicated to our service users and our potential service users.
Healthy.io are a global company and comply with all applicable laws, for the purpose of the UK GDPR and EU GDPR:
Please refer to section “how can you contact our Data Protection Officer?” for our Data Protection Officer’s contact details.
This Privacy Notice describes how we collect, store, use and disclose personal data relating to any individual (“user(s)” or “you”) in relation to following-up with service users about the Healthy.io services.
You can find out more about our mission, to deliver healthcare at the speed of life, on the About Us page of our website.
Healthy.io has four services that are supported by mobile apps:
You can find out more about the way each of these services and apps process your personal data by reading their individual Privacy Notices.
What is the purpose and legal basis for processing your data?
When we collect feedback from service users about our products, we use personal data.
Please see below for an outline of the personal data processed, purpose and legal basis for processing.
What personal data items are obtained?
Is special category data processed?
What is the purpose of the processing?
What is the lawful basis under the UK General Data Protection Regulation (GDPR)?
Explicit consent may be obtained by signing a document (electronically or manually), ticking a consent box, or verbally when we speak with you. We keep a record of consent as required by law and in line with the Information Commissioner’s Office guidance.
Who is the Data Controller?
A Data Controller determines the purposes for which and the means by which personal data is processed.
For the purposes of this processing, which is to collect feedback from service users about our services, Healthy.io is the Data Controller.
We are registered with the Information Commissioner’s Office (ICO), our Data Protection registration reference is ZA289700.
How do we obtain your personal data?
We obtain your personal data when you interact with one of our products or services, we may also collect personal data when we contact you to collect feedback about our services.
The personal data collected is stored separately from the product database. Only authorised staff access the product database. When you give consent to participate in the collecting of feedback, staff with authorised access to the product database will share your personal data items outlined in the “what is the purpose and legal basis for processing this data?” with staff who are involved in collecting feedback.
Sharing with other organisations
When you grant permission to share the feedback you have given, we will share it along with personal information such as your name, age and location. We will never share your personal information with any third parties for other purposes, such as companies that conduct direct marketing.
We use third party Data Processors to provide elements of services (such as data hosting). We have contracts in place with our Data Processors which ensures appropriate use of your data.
Your personal data may be shared between Healthy.io’s group companies in the UK and Israel, provided that such transfer complies with applicable Data Protection Legislation.
In some circumstances we are legally obliged to share information. If we do need to share personal data with other statutory organisations, we do this in line with the Data Protection Act 2018, the UK GDPR and relevant legislation or court order and we share the minimum amount of information required.
Do we process personal data outside the UK?
We work with trusted Processors to deliver our products and services. The Processors that we use are:
Name: Google
Name: Healthy.io Ltd.
*Healthy.io (UK) Limited’s parent company, Healthy.io Ltd., is headquartered in Israel; Israel is amongst a few countries or territories that are covered by UK “adequacy regulations” set out in law that the legal framework in that country, territory, sector or international organisation has been assessed as providing ‘adequate’ protection for individuals’ rights and freedoms for their personal data.
How long will we keep your personal data?
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for and in line with our Data Retention, Archiving, Destruction and Restitution Policy.
To determine the appropriate retention period for personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements have all been considered. For the purpose of this processing, your data may be kept until you withdraw consent.
When personal data is no longer required, we delete or anonymise data in line with Data Protection Legislation.
How do we protect your information?
In order to protect your personal data, we and our Processors use all reasonable industry-standard physical, procedural and electronic security measures (such as access control, secure servers, firewalls, internal policies, encryption, database backup etc.). We cannot and do not guarantee the absolute safety of any Personal Data stored with us or with any third-party.
We are committed to complying with information security industry standards such as:
More information about information security can be found on the Trust Centre webpage of our website.
Your rights, including your right to object and to withdraw consent
The below summary is intended as a general guide to show the individual rights that are available in line with the UK GDPR lawful basis for the data processing (in this case the lawful basis is consent). The specific circumstances may affect the scope of your rights.
Your right of access
Your right to rectification
Your right to erasure
Your right to restriction of processing
Your right to object to processing and withdraw consent
Your right to data portability
Do we carry out automated decision making or profiling? • We do not carry out automated decision making or profiling in relation to collecting feedback from service users about our services.
You can contact Healthy.io’s Data Protection Officer regarding your rights: [email protected].
How can you contact our Data Protection Officer?
If you have any questions or queries regarding our Privacy Notice, or if you have any concerns regarding your personal data processed by us, please contact Healthy.io’s Data Protection Officer at [email protected].
How can you make a complaint?
You have a right to make a complaint if you are unhappy about how we process your personal data.
Please note that the Information Commissioner's Office (ICO) will not normally consider an appeal until you have exhausted your rights of complaint to us directly. Please see the ICO website (link below) for further advice.
To raise a concern with Healthy.io please contact [email protected].
If you remain dissatisfied, you may wish to contact the ICO:
Website: https://ico.org.uk/make-a-complaint/
Post:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF