Effective Date: July 5, 2018
In the case of our white-labeled applications, Heka Health is classified as a Data Processor that collects data and processes it on behalf of our clients, the Data Controllers. Thus, if you sign up for our Services through an employer or healthcare provider program your data will be shared with them. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share your data with any of these third-party organizations by deleting your personal account or asking the employer or healthcare provider administrator to remove you from their program.
INFORMATION WE COLLECT
When you use our Services, we collect the following types of information.
Information You Provide Us
Account Information. You may be asked to provide Heka Health certain information to create an account and/or profile on our Services such as your name, email address, password, and in some cases your nickname, year of birth, gender, country information, zip code, height, weight, and mobile phone number.
Third-Party Services. You may also choose to grant us access to your data from another Third-Party Service, such as activity data from Fitbit, Garmin or Apple. You can stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service.
Additional Information. If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
Information We Receive From Your Use of Our Services
Personal Fitness & Health Data. Depending on which of our Services you use, we may collect data such as your activity level, weight, blood pressure and heart rate measurements in order to provide our Services. This data may be collected via manual entry or via an integrated data connection to a Third-Party Service including data from devices such as activity trackers, weight scales, or blood pressure monitors. You can stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service.
Location Information. We collect your time zone and in some cases, your country information or zip code. This is either gathered from your mobile device, your integrated Third-Party Service, or can be manually entered or set by you.
Usage Information. When you access or use our Services, we receive certain usage data. This includes information about your interaction with the Services, for example, when you install applications, create or log into your account, integrate with Third-Party Services, or update your data.
HOW WE USE INFORMATION
We use the information we collect for the following purposes.
Develop and Improve Our Services. We use the information we collect to research the effectiveness of our Services, improve and personalize the Services, and develop new Services. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; and develop new features and Services.
Communicate with You. We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or Services that we think you would be interested in or inform you of relevant updates on the program you enrolled in, for example, informing you of the start or end times of a wellness challenge. You can control marketing and program update communications via the “Unsubscribe” link in an email.
Promote Safety and Security. We use the information we collect to promote the safety and security of our Services, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
HOW INFORMATION IS SHARED
We do not share your personal information except in the limited circumstances below. We will never rent or sell your Personal Information to any third party.
Information You Agree or Direct Us To Share. Certain portions of our Services are open to other users of our Services to view such as the display of your nickname and total steps during a wellness challenge. Additionally, if you sign up for our Services through an employer or healthcare provider program remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share your data with any of these third-party organizations by deleting your personal account or asking the employer or healthcare provider administrator to remove you from their program.
For External Processing. We transfer information to service providers and other partners who store and/or process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for information technology, sales, marketing, data analysis, and research.
For Legal Reasons or to Prevent Harm. We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person. Our policy is to notify you of any legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
Aggregate, De-Identified Reports. We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in reports about activity levels and health outcomes, to partners under agreement with us.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR INFORMATION
When logged into your account, you the ability to edit your account and profile information at any time. You can also access and view much of your personal information including your activity level, weight, blood pressure and heart rate measurement trends. If you desire to download your data to a CSV file format or you want to have your account and all your data fully deleted, please contact us at firstname.lastname@example.org. Upon a written request for data deletion we will have all your information deleted within 30 days; however, Heka Health may retain an archived copy of your records as required by law or for other legitimate business purposes.
Objecting to and Restricting or Limiting Data Use. When logged into your account, you the ability to edit your account and profile information at any time and can control marketing communications via the “Unsubscribe” link in an email. You can also stop sharing the information from the Third-Party Service with us by removing/disconnecting our access to that Third-Party Service. If you are located outside the United States, please see “Additional Information for Non-US Residents.”
We keep your account information, like your name, email address, password, and fitness and health data for as long as your account is in existence because we need it to operate your account and provide you with your personal statistics and other aspects of our Services. We also keep information about you and your use of our Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm.
Heka Health does not solicit or knowingly collect personally identifiable information from children under the age of 13. If Heka Health obtains actual knowledge that it has collected personally identifiable information from a child under the age of 13, Heka Health will promptly delete such information from its database unless a parent or guardian provides consent in accordance with applicable law.
Heka Health has implemented and maintains reasonable security procedures and practices designed to protect against the unauthorized access, use, modification, destruction or disclosure of your Personal Information, however, despite these efforts, no security measures are perfect or impenetrable and no method of data transmission can be guaranteed against any interception or other type of misuse. In the event that your Personal Information is compromised as a result of a breach of security, Heka Health will promptly notify you that your Personal Information has been compromised as required by applicable law.
ADDITIONAL INFORMATION FOR NON-US RESIDENTS
If you reside in certain countries and under certain circumstances, you can object to, or seek to restrict, our processing of your information based on our legitimate interests as well as lodge a complaint with your local data protection authority. You have a general right to object to the use of your information for direct marketing purposes. Please note that you can always delete your account at any time.
If you need further assistance regarding your rights, please contact us at email@example.com. We will consider your request in accordance with applicable laws.
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at firstname.lastname@example.org.