powering wellbeing experiences
HEKA HEALTH PRIVACY POLICY
The AAPA 2024 Step Up Challenge ("Challenge") is powered by Heka Health on behalf of our Customer (AAPA) which is promoting this Challenge. Thus both Heka Health and our Customer will have access to your data and the Challenge will be governed by the privacy policies of both Heka Health and its Customer. Please see below for more details.
Effective Date: April 15, 2024
Heka Health, Inc. ("Heka Health", “we” or “our”) is committed to respecting the privacy rights of our users. We created this Privacy Policy to explain our practices for collecting, using, protecting and disclosing your information when you visit and use our branded or white-labeled Challenge applications and services (collectively, “Services”).
This Privacy Policy applies to the data collected by us when you use our Services and does not apply to any websites, applications, or services that are owned or operated by third parties ("Third-Party Services"), which may have data collection, storage and use practices and policies that differ materially from this Privacy Policy.
Heka Health is powering (white-labelling) the Service you are registering for on behalf our Customer which is promoting this Service. In this situation, Heka Health is classified as a Data Processor that collects data and processes it on behalf of our Customer, the Data Controller. Thus, if you sign up for this Service your data WILL BE SHARED WITH OUR CUSTOMER. Heka Health will not share your personally identifiable information with any other parties. You can revoke your consent to share your data with Heka Health and it's Customer by sending a request to be removed from this Service to info@hekahealth.com or by deleting your account from within the Challenge app (click the menu in the top right corner, select Account Settings, and then click "Delete my Account"). Our Customer's use of your information and the process of revoking your consent to share your data with them will be governed by their separate privacy policies and terms.
By using our Services, you acknowledge that you have read and understood, and agree to the terms of this Privacy Policy (and as updated from time to time). Your use of our Services is at all times subject to our Terms & Conditions, which incorporates this Privacy Policy. Any capitalized terms we use in this Privacy Policy without defining them have the definitions given to them in our Terms & Conditions.
INFORMATION WE COLLECT
When you use our Services, we collect the following types of information.
Information You Provide Us
Account Information. You may be asked to provide Heka Health certain information to create an account and/or profile on our Services such as your name, email address, password, and in some cases your nickname, country information, zip code, and mobile phone number.
Third-Party Services. You may also choose to grant us access to your data from another Third-Party Service, such as activity data from Fitbit, Garmin, Google, or Apple. You can stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service.
Note that Heka Health's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy and Health Connect by Android Permissions Android, including the Limited Use requirements.
Additional Information. If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
Information We Receive From Your Use of Our Services
Personal Fitness & Health Data. In order to provide our Services, we may collect data such as your activity level or the number of times you participated in a bonus wellness activity. This data may be collected via an integrated data connection to a Third-Party Service including data from devices such as activity trackers. You can stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service.
Location Information. We collect your time zone and in some cases, your country information. This is either gathered from your mobile device, your integrated Third-Party Service, or can be manually entered or set by you.
Usage Information. When you access or use our Services, we receive certain usage data. This includes information about your interaction with the Services, for example, when you install applications, create or log into your account, integrate with Third-Party Services, or update your data.
We collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, integrated Third-party Services, referring web pages, and pages visited. We also use cookies, pixels, local storage, and software development kits (“SDKs”) for the Service to remember things about you so that we can provide you with a better experience.
HOW WE USE INFORMATION
We use the information we collect for the following purposes.
Provide and Maintain Our Services. Using the information we collect, we are able to deliver the Services to you and honor our Terms & Conditions contract with you. For example, we need to use your information to provide you with your dashboard to track your activity trends; provide reminders; and to provide you customer support.
Develop and Improve Our Services. We use the information we collect to research the effectiveness of our Services, improve and personalize the Services, and develop new Services. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; and develop new features and Services.
Communicate with You. We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or Services that we think you would be interested in or inform you of relevant updates on the program you enrolled in, for example, informing you of the start or end times of a Wellness Challenge. You can control marketing and program update communications via the “Unsubscribe” link in an email.
Promote Safety and Security. We use the information we collect to promote the safety and security of our Services, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
HOW INFORMATION IS SHARED
We do not share your personal information except in the limited circumstances below. We will never rent or sell your Personal Information to any third party.
Information You Agree or Direct Us To Share. Certain portions of our Services are open to other users of our Services to view such as the display of your nickname and total steps during a wellness challenge. Additionally, your data WILL BE SHARED WITH OUR CUSTOMER which is promoting this Service but Heka Health will not share your personally identifiable information with any other parties. Remember that our customer's use of your information will be governed by their privacy policies and terms. You can revoke your consent to share your data with Heka Health by requesting in writing to be removed from this Service.
For External Processing. We transfer information to service providers and other partners who store and/or process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for information technology, sales, marketing, data analysis, and research.
For Legal Reasons or to Prevent Harm. We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person. Our policy is to notify you of any legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
Corporate Event. Heka Health reserves the right to transfer all Personal Information in its possession to a successor organization in the event of a merger, acquisition, or bankruptcy or other sale of all or a portion of Heka Health’ assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personal Information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and an opportunity to affirmatively opt-out of it. Personal Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by Heka Health’s successor organization.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR INFORMATION
When logged into your account, you the ability to edit your account and profile information at any time. You can also access and view much of your personal information including your activity level trends. If you desire to download your data to a CSV file format or you want to have your account and all your data fully deleted, please contact us at info@hekahealth.com. Upon a written request for data deletion we will have all your information deleted within 30 days; however, Heka Health may retain an archived copy of your records as required by law or for other legitimate business purposes.
Objecting to and Restricting or Limiting Data Use. When logged into your account, you the ability to edit your account and profile information at any time and can control marketing communications via the “Unsubscribe” link in an email. You can also stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service. If you are located outside the United States, please see “Additional Information for Non-US Residents.”
DATA RETENTION
We keep your account information, like your name, email address, password, and fitness and health data for as long as your account is in existence because we need it to operate your account and provide you with your personal statistics and other aspects of our Services. We also keep information about you and your use of our Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm.
CHILDREN'S PRIVACY
Heka Health does not solicit or knowingly collect personally identifiable information from children under the age of 13. If Heka Health obtains actual knowledge that it has collected personally identifiable information from a child under the age of 13, Heka Health will promptly delete such information from its database unless a parent or guardian provides consent in accordance with applicable law.
INFORMATION SECURITY
Heka Health has implemented and maintains reasonable security procedures and practices designed to protect against the unauthorized access, use, modification, destruction or disclosure of your Personal Information, however, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse. In the event that your Personal Information is compromised as a result of a breach of security, Heka Health will promptly notify you that your Personal Information has been compromised as required by applicable law.
ADDITIONAL INFORMATION FOR NON-US RESIDENTS
If you are located outside the United States and choose to provide your information to Heka Health, your information will be transferred to the United States and processed there. By providing your information and using our Services, you agree and consent to the collection, transfer, use, storage and disclosure of your information as described in this Privacy Policy.
If you reside in certain countries and under certain circumstances, you can object to, or seek to restrict, our processing of your information based on our legitimate interests as well as lodge a complaint with your local data protection authority. You have a general right to object to the use of your information for direct marketing purposes. Please note that you can always delete your account at any time.
If you need further assistance regarding your rights, please contact us at info@hekahealth.com. We will consider your request in accordance with applicable laws.
UPDATES TO PRIVACY POLICY
Heka Health reserves the right to update, change or modify this Privacy Policy. Any material changes to this policy will be posted on our website and relevant application and will indicate when such changes will become effective. You may also be notified by email or other notification. You will be deemed to have agreed to any such modification or amendment by your decision to continue using the Service following the date in which the modified or amended Privacy Policy is posted on the Website. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used.
CONTACT US
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at info@hekahealth.com.