Effective as of July 1, 2018
We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see: www.hhs.gov/ocr/privacy/hipaa/ understanding/consumers/noticepp.html.
When you sign up to use the app, we may collect Personal Data about you such as:
- Full name;
- Email address;
- Date of birth;
- Place of residence;
- Next of kin
When you access or use the App, we may automatically collect the following information:
- Device Information: We collect information about the mobile device you use to access the App, including the hardware model, operating system and version, unique device identifiers and mobile network information.
- Location Information: We collect your IP address, time zone, and information about your mobile service provider, which allows us to know your general location.
- Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information about your use of the app, such as frequency of use, which areas and features of our app you visit and your use patterns generally, engagement tracking with other features. To collect this information, we may send cookies to your mobile device or computer. If the information covered by this Section is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any business purpose.
By Your Consent: By creating a profile in the app, you explicitly consent that:
- Personal data you provide to us through the account creation process includes personal data you enter into the app, such as your account data (e.g. your name and email address, and your health data).
- We will not transmit any of your personal data to third parties required to provide the service to you (e.g. technical service providers), unless we have asked for your explicit consent.
We may use your information, including your Personal Data, for the following purposes:
- We may use your information, including your Personal Data, for the following purposes:
- To customize content, you see when you use the app
- To provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders.
- To customize product and service offerings and recommendations to you, including third-party products and offerings.
- To verify your identity;
- To send you technical notices, updates, security alerts and support and administrative messages;
- To respond to your comments, questions and requests and provide customer service;
- To monitor and analyze trends, usage and activities in connection with our app;
- To link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service (to use in training of neural networks, artificial intelligence, as well as for any other automated decision-making processing);
- Help with public health and safety issues: We can share health information about you for certain situations such as: Preventing disease, helping with product recalls, reporting adverse reactions to medications, reporting suspected abuse, neglect, or domestic violence, Preventing or reducing a serious threat to anyone’s health or safety.
- Do research: We can use or share your information for health research.
- Comply with the law: We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
- Work with a medical examiner or funeral director: We can share health information with a coroner, medical examiner, or funeral director when an individual die.
- Address workers’ compensation, law enforcement, and other government requests: We can use or share health information about you: For workers’ compensation claims, for law enforcement purposes or with a law enforcement official, with health oversight agencies for activities authorized by law, for special government functions such as military, national security, and presidential protective services.
- Respond to lawsuits and legal actions: We can share health information about you in response to a court or administrative order, or in response to a subpoena.
Modification, correction and erasure: You are able to modify, correct, erase, and update your Personal Data in your profile page.
Access: You have a right to access your Personal Data you insert into the app at any time.
EU residents: Individuals residing in the countries of the European Union have certain statutory rights in relation to their personal data introduced by the General Data Protection Regulation (the “GDPR”). Subject to any exemptions provided by law, you may have the right to request access to Personal data (including in a structured and portable form), as well as to seek to update, delete or correct Personal data:
- Rectification of Personal Data and Restriction of Processing. You are responsible for ensuring the accuracy of your Personal Data that you submit to ilo app.
- Access to your Personal Data and Data Portability. The App gives you the ability to access and update Personal Data within the App and your account settings.
- Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent or object to the processing of your Personal Data, or in cases where the processing of your Personal Data does not otherwise comply with the GDPR, you have right to contact us and ask us to erase such Personal Data as described above. You can simply write us at email@example.com. Please be aware that erasing some Personal Data inserted by you may affect your possibility to utilize the App and its features. Erasure of some Personal Data may also take some time due to technical reasons.
- Right to object processing of your Personal Data. You can object processing your Personal Data and stop us from processing your Personal data, simply write us at firstname.lastname@example.org.
Please be aware that erasing some Personal Data inserted by you may affect your possibility to use the App and its features.
- Notification requirements. We commit to notify you within reasonable period of time and your data protection authority within the timeframe specified in applicable law (72 hours) about any personal data breaches in the App.
- Data Protection Authorities. Subject to GDPR, you also have the right to (i) restrict our use of Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with GDPR. Following the provisions of GDPR we might also require you to prove your identity (for example, by requesting an ID or any other proof of identity) in order for you to invoke the mentioned rights. Please note that we will grant your request within 30 days after receiving it, but it may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.
- Aggregated Information. We may also share aggregated, anonymized or de-identified information, which cannot reasonably be used to identify you. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users.
Retention of your personal data
- You can direct us to share data from the app with other parties for the purpose of providing medical care.
- We take all reasonable and appropriate measures to protect all collected Personal Data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data that we process, and risks associated with special categories of Personal Data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal Data:
- Pseudominization and tokenization of certain categories of your Personal Data;
- Encryption of your Personal Data in transit and in rest;
- Systematic vulnerability scanning and penetration testing;
- Protection of data integrity;
- General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 18 years old. If you are aware of anyone under 18 using the App, please contact us at email@example.com. and we will take required steps to delete such information and (or) delete the account.
- Age limitation for EU residents. Due to requirements of the GDPR you shall be at least 16 years old in order to use the App. To the extent prohibited by applicable law, we do not allow use of the App by the EU residents younger than 16 years old. If you are aware of anyone younger than 16 using the App, please contact us at firstname.lastname@example.org. and we will take steps to delete such information and (or) delete her account.
We may contact you from time to time via email to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email.
The Company is based the United States and the information we collect is governed by U.S. law. We use only such processors and storage providers that self-certified under EU-US Privacy Shield framework as, for example, AWS, or use any other admissible tools for secure and compliant processing of your Personal Data. See more about AWS data privacy compliance and data practices here . In addition, you agree that information collected through the app may be stored and processed in where the Company currently rents servers. The European Commission has so far recognized Canada (commercial organizations) and the US (limited to the EU-US Privacy Shield framework) as providing adequate protection for international data transfers.
To communicate with our Data Protection Officer, please email at email@example.com.