PRIVACY POLICY

Version 1.0

Date: 19 July 2024

Welcome to Healthly.live! Your privacy is of paramount importance to us. This Privacy Policy (also "Policy") outlines how we collect, use, and safeguard your personal information. We encourage you to review this document carefully. If you have any questions, do not hesitate to reach out to us. By accessing our website or using our services, you consent to the terms of this policy. If you disagree with any part of this policy, please refrain from using our services or website. We are here to assist you with any concerns or clarifications you may need.

ABOUT US

At Healthly.live, protecting your privacy is our priority. As the data controller, we are responsible for determining the purposes and means of processing your personal data, ensuring compliance with data protection regulations, and safeguarding your information. You can reach us at:

Company Name: CALLI23 LTD
Company Registration Number: 15835181
Legal Address: 5 Brayford Square, Stepney Green, London E1 0SG, UK
Email: support@healthly.live

PURPOSES AND LEGAL BASES FOR USING YOUR DATA

We use your personal data for a variety of purposes, each supported by specific legal bases:

  • (a) Service Provision: To deliver the services you have requested, ensuring a seamless and efficient experience. (Legal Basis: Contract performance)
  • (b) Account Setup and Management: To create and manage your user account, ensuring you have access to our services. (Legal Basis: Contract performance)
  • (c) User Identity Verification: To verify your identity and ensure the security of your account, fulfilling legal requirements and protecting against fraud. (Legal Basis: Legal obligation, legitimate interests)
  • (d) Legal Compliance: To comply with applicable laws and regulations, including those related to financial transactions, data protection, and corporate governance. (Legal Basis: Legal obligation, public task)
  • (e) Order Processing: To process and fulfill your orders, including handling payments and deliveries. (Legal Basis: Contract performance)
  • (f) Transaction Handling: To manage and facilitate transactions, ensuring they are processed accurately and securely. (Legal Basis: Contract performance, legitimate interests)
  • (g) User Engagement and Support: To communicate with you, provide customer support, and address any inquiries or issues you may have. (Legal Basis: Contract performance, legitimate interests)
  • (h) Risk Management and Business Decisions: To assess and manage business risks, make informed decisions, and ensure the smooth operation of our services. (Legal Basis: Contract performance, legal obligations, legitimate interests)
  • (i) Marketing and Personalized Content: To send you marketing communications and provide personalized content based on your preferences, with your consent. (Legal Basis: Consent, legitimate interests)
  • (j) Fraud Prevention: To detect, prevent, and respond to fraud and other illegal activities, safeguarding our services and your data. (Legal Basis: Legal obligation, legitimate interests)
  • (k) Information and Asset Security: To protect our information systems and assets, ensuring they are secure from unauthorized access and breaches. (Legal Basis: Contract performance, legal obligation, legitimate interests)
  • (l) Technical Issue Resolution: To identify and fix technical issues, ensuring the smooth and efficient operation of our services. (Legal Basis: Contract performance)
  • (m) Claim and Dispute Resolution: To manage and resolve legal claims and disputes, protecting our interests and ensuring compliance with legal obligations. (Legal Basis: Contract performance, legal obligation, legitimate interests)
  • (n) Service Improvement: To enhance and develop our services, based on user feedback and usage patterns, ensuring they meet your needs. (Legal Basis: Legitimate interests)

TYPES OF DATA COLLECTED

We may collect and process the following categories of data:

  • (a) Contact Information. Examples: Phone number, email address, physical address, and additional contact details you provide (alternate phone numbers, secondary emails).
  • (b) User Account Information. Examples: Login credentials (username and password), activity logs (login times, pages visited), account settings (preferences, language), avatars, and any other content you upload (profile pictures, bios).
  • (c) Identity Information. Examples: Full name, government-issued identification number (ID), details of ID documents, authentication details (security questions, two-factor authentication data).
  • (d) Technical Data. Examples: Device information (type of device, operating system), IP address, browser information (type, version, settings), and technical settings (cookie preferences, JavaScript settings).
  • (e) Transaction Data. Examples: Order and purchase details (order history, items purchased, order status), balance information, and transaction timestamps.
  • (f) Payment Data. Examples: Payment history (dates and amounts of payments made), payment status (completed, pending, failed), and preferred payment methods (credit card information, bank account details).
  • (g) User-Generated Content. Examples: Posts, comments, reviews, uploaded files (documents, images, videos), and any data generated during your use of our services (interaction history, usage patterns).
  • (h) Communication Records. Examples: Phone conversations (call logs, recordings), chat histories (messages exchanged through our platform), and email correspondence (emails sent and received).
  • (i) Customer Support Data. Examples: Information on issues raised (description of the problem, troubleshooting steps), resolution status (open, resolved, pending), and related details (support tickets, communication logs).
  • (j) Marketing Data. Examples: Marketing preferences (opt-in/opt-out status), participation in loyalty programs (membership details, points accrued), responses to marketing campaigns (click-through rates, survey responses).
  • (k) Compliance Data. Examples: Data for legal compliance (AML/CFT processes), identification documents, transaction monitoring data, and any required documentation for regulatory purposes.
  • (l) On-Premises Visit Data. Examples: Video surveillance footage (entrances, exits, common areas), visitor logs (names, visit times), and access control records (badge swipes, entry permissions).

METHODS OF DATA COLLECTION

We collect data through direct interactions when you sign up, use our services, or contact us. Additionally, we collect data automatically via cookies from your interactions with our website; please refer to our Cookie Policy on the website for more details. Furthermore, we obtain data from third parties, including our partners (such as payment processors), public authorities, and public sources.

MANDATORY AND OPTIONAL DATA

Certain data is necessary for us to provide our services. This mandatory data is clearly marked, and failure to provide it may prevent access to some of our services. Optional data, on the other hand, can enhance and personalize your experience but is not required for the core functionality of our services. You have complete control over whether or not to provide this optional data, and you can manage your preferences through your account settings at any time. If you have any questions or need clarification regarding the data requirements, please do not hesitate to contact us.

USER-GENERATED CONTENT AND SPECIAL DATA

When using our services, you may choose to upload various types of information, including special categories of data such as health-related information. We encourage you to carefully consider the following guidelines to protect your privacy:

  • (a) Use Discretion: Be mindful of the sensitivity of the information you share. Only upload data that you are comfortable with and that is necessary for your interaction with our services.
  • (b) Be Cautious with Special Data: Exercise extra caution when sharing sensitive information, particularly special categories of data like health-related details. This data requires a higher level of protection and discretion.
  • (c) Avoid Over-disclosure: Share only information that is relevant and necessary. Avoid providing excessive or unnecessary details to minimize any potential risks to your privacy.
  • (d) Understand Your Responsibility: You are responsible for the information you choose to disclose. Ensure that you are aware of the implications of sharing sensitive data and make informed decisions about what you upload.

By using our services and uploading any data, you acknowledge that you understand these considerations and agree to share information at your own discretion. We are committed to protecting your data, but the ultimate responsibility for the information you provide rests with you. If you have any questions or concerns about the type of data you are sharing, please feel free to contact us for guidance.

DATA SHARING

We share your data with trusted partners and authorities only as required by law or necessary for providing our services. We do not sell or misuse your personal information. Your trust is important to us, and we ensure responsible and ethical handling of your data.

DATA RETENTION

We retain your data only for as long as necessary to achieve the purposes for which it was collected or to comply with legal requirements. Different types of data are subject to varying retention periods based on legal obligations and our internal policies. For example, data related to anti-money laundering (AML) regulations must be kept for up to 5 years to comply with legal requirements.

In addition to legal mandates, we may retain certain data based on our company's policies, particularly when it pertains to the defense against potential legal claims. For instance, information relevant to potential legal disputes may be stored for up to 10 years, ensuring we are adequately prepared to address any claims that may arise within the legal limitation period.

After the applicable retention period, we will either securely delete your data or anonymize it to ensure your privacy is protected. If you have any questions or need more details about our data retention practices or specific retention periods, please feel free to contact us.

DATA SECURITY

Ensuring the security of your personal data is our top priority. We implement a range of measures to protect your information from unauthorized access and breaches:

  • Data Minimization: We adhere to the principle of data minimization by collecting only the information that is necessary for our services and retaining it only as long as needed. This approach reduces the risk of exposure and ensures that we handle your data responsibly.
  • Encryption: We employ advanced encryption techniques to secure your data both in transit and at rest. This means that your information is protected during transmission over the internet and while it is stored on our servers, making it inaccessible to unauthorized parties.
  • Access Controls: We enforce stringent access controls to ensure that only authorized personnel can access your data. This includes the use of multi-factor authentication (MFA) and role-based access permissions, which restrict access to your data based on job responsibilities.
  • Regular Training: Our staff receive ongoing training on data protection and privacy best practices. This training keeps our team updated on the latest security protocols and their role in maintaining the confidentiality and integrity of your information.
  • Security Audits: We conduct regular security audits and vulnerability assessments to identify and mitigate any potential risks. These proactive measures help us maintain a robust security posture and address any weaknesses in our systems and processes.
  • Incident Response: Our comprehensive incident response plan enables us to swiftly and effectively address any data breaches or security incidents. This plan includes steps for immediate containment, investigation, notification, and remediation to minimize impact and prevent recurrence.

You can also contribute to protecting your data by taking the following steps:

  • Use Strong Passwords: Create unique and complex passwords for your accounts, and change them regularly to enhance security.
  • Keep Software Updated: Ensure that your devices and software are always up-to-date with the latest security patches and updates to protect against vulnerabilities.
  • Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts to add an additional layer of security. This requires a second form of verification in addition to your password.
  • Be Vigilant: Stay alert to phishing attempts and other scams. Avoid sharing your passwords or personal information with untrusted sources and be cautious when clicking on links or downloading attachments from unknown senders.

INTERNATIONAL DATA TRANSFER

Your data may be transferred outside the European Union (EU) European Economic Area (EEA). To ensure your data remains protected during such transfers, we implement robust legal mechanisms, such as Standard Contractual Clauses (SCCs), which are approved by the European Commission. These clauses provide specific safeguards and requirements to protect your data. Additionally, we may rely on other appropriate safeguards, such as binding corporate rules, certifications, and codes of conduct, in compliance with GDPR requirements. Rest assured, we take all necessary steps to ensure that your personal data receives an adequate level of protection regardless of where it is processed. If you have any questions about our international data transfer practices, please feel free to contact us.

YOUR DATA SUBJECT RIGHTS

We respect your privacy and ensure you have control over your personal data. You have the following rights regarding the data we hold about you:

  • (a) Access Your Data: Request access to your personal data and information on its use.
  • (b) Correct Data: Request corrections or updates to inaccurate or outdated data.
  • (c) Delete Data: Request deletion of your data under certain circumstances.
  • (d) Restrict Processing: Request to limit the processing of your data in specific situations.
  • (e) Object to Processing: Object to the processing of your data for certain purposes, like direct marketing.
  • (f) Data Portability: Request a copy of your data in a machine-readable format or have it transferred to another controller.
  • (g) Withdraw Consent: Withdraw your consent for data processing at any time, where applicable.

To exercise these rights, please contact us using contact details provided in this Policy. We may need to verify your identity to ensure the security of your data. These rights are subject to certain conditions and legal requirements, which we will inform you of if applicable.

AUTOMATED DECISION-MAKING

We do not engage in automated decision-making that produces legal effects or significantly affects you. However, we may use profiling to tailor and enhance your experience with our services. If you have any concerns or questions about this process, please feel free to reach out to us.

COMPLAINTS

If you have any concerns or complaints about how we handle your data, we encourage you to contact us directly. We are dedicated to addressing and resolving your issues promptly and thoroughly. If you feel that your concerns have not been adequately addressed, or if you prefer not to contact us directly, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. In the Czech Republic, this authority is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů). We value your feedback and strive to continuously improve our data handling practices.

POLICY UPDATES

We may update this policy periodically. Please review it regularly. Significant changes will be communicated on our website or through direct notification.

CONTACT US

For questions or concerns about this policy or our data practices, please contact us at support@healthly.live