Healistic Privacy Policy

PRIVACY POLICY– HEALISTIC GROUP LTD – HEALISTIC™

Last Updated: February 2024

 

Who we are

Healistic Group Ltd is committed to protecting your privacy. The effective management of all personal information, including its security and confidentiality, lies at the very heart of our business and underpins our practices and processes. We collect, use and are responsible for certain personal information about you. When we do so we are subject to applicable data protection laws and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

This Privacy Notice ("Notice") describes how we use your personal information when you interact with us via our website (https://healistic.net/),our app, the Healistic Prescriber Interface, communicate with us, or use our products and/or services. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a query or complaint.

Your personal information is collected by Healistic Group Ltd. ("Healistic Group"/ "we" / "us" / "our") registered in England and Wales under company registration number 13900074.

Healistic Group’s contact details are as follows:

Email: hello@healistic.net

This Notice may be changed from time to time. If we change anything important about this Notice (the information we collect, how we use it or why we use it) we will highlight those changes at the top of the Notice and provide a prominent link to it for a reasonable length of time following the change (and prior to the change taking effect if deemed necessary).

 

To whose personal information does this Notice apply?

This Notice describes our practices when using the personal information of:

  • Users who register to use our products and/or services ("Users"); and

  • Individuals who visit our website, use our app, use the Healistic Prescriber Interface or otherwise interact with our products and/or services.

 

Keeping your personal information secure

We have appropriate security measures and policies in place to prevent personal information from being accidentally lost or used or accessed unlawfully. We also have procedures in place to deal with any data breach. We have put in place guidelines for work devices, online accounts, data backups and actions in case of data breaches.

 

Internal IT security & risk awareness training is held quarterly and attended by all Healistic employees to raise awareness for common threats and vulnerabilities as well as to cultivate responsible behaviours in the handling of personal data.

Responsibility for ensuring privacy compliance across the Healistic organisation

 

Every Healistic employee is responsible for ensuring privacy compliance in their area of responsibility. Where clarity is required or new processes implemented, specialist regulatory and legal advisors are consulted. Data collection, usage and handling

We ensure a secure handling of personal data by applying the principle of least privilege. Users can only access data they require to fulfil a task.

Any processed data is encrypted when it is transit.

We will collect, store and use your personal information for the purposes set out in more detail in this section.

Your information may be shared with some third parties as set out in more detail below.

Users of our products and/or services

Information we collect about Users

We collect most of our personal information directly from our Users, by telephone, post or email and/or via our website / app / social media channels. The categories of personal information we collect include:

  • contact details such as your name, address, email and telephone number(s);

  • identification information such as date of birth;

  • information taken from identification documents like your passport or driving licence when we review your application for any of our products and/or services;

  • your sensitive personal information, but only in respect of: (i) your biometric data in relation to authenticating your identity when using our products and/or services; and (ii) your health data where you voluntarily disclose this to us in relation to the products and/or services that you are receiving;

  • information about your online or app activity, including where applicable in respect of your location and social media activity;

  • details about your transactions with us including any bank accounts you use; and

  • details relating to communications between us, such as a note or recording of a telephone call, an email or letter sent, or other records of any contact with us.

We may also collect information from other sources such as directly from a third party and public registers or other accessible sources (e.g. social media websites).

How we use the personal information we collect about Users

We use personal information from Users of our product and/or services for certain activities, including:

  • for internal analysis (including the use of artificial intelligence) and research to help us improve our products and/or services;

  • to inform you about suitable products and/or services that we can or currently provide to you;

  • to fulfil a transaction;

  • to keep records of transactions for the purpose of ensuring that the required payments are made and services received; and

  • to comply with any other contractual, legal and regulatory obligations.

Why we use the personal information of Users

We use this information because:

  • it is necessary to enter into or perform our contract with Users;

  • it is necessary to comply with legal or regulatory requirements (conducting checks to identify you and verify your identity);

  • it is necessary for the purposes of our or a third party's legitimate interest. A legitimate interest will apply only where we consider that it is not outweighed by a User's interests or rights which require protection of their personal data. We have the following legitimate interests to use User's information:

  • understanding how our User's engage with our products and/or services;

  • providing and improving our products and/or services, including understanding and responding to feedback; and

  • ensuring the security of our organisation, our website / app and our products and/or services.

  • if we process your sensitive personal information, we will only do so on the basis that we have obtained your explicit consent to carry out such processing.

Generally, we do not rely on consent as a legal basis for processing your personal information other than in relation to sending marketing communications to you (for example, via online banners, emails or text messages) and in respect of sensitive personal data.

Marketing consent

We will only send marketing communications to you if you actively opt-in to receive them, either via agreeing to push notifications in the app, and/or by consenting to marketing through non-app-based channels (during the onboarding process or any time thereafter). Non-app-based channels include email, telephone, post and direct messages online (e.g. through social media).

You can withdraw your consent to receive such marketing communications at any time by changing your app settings for push notifications, and/or by clicking on the following link for non-app-based channels. This link will allow you to opt-out of all marketing through non-app channels, or select specific channels to opt-out of, leaving consent in place for direct marketing through your preferred channels. A reminder of the link will be provided in all non-app marketing communications.    

Recipients of User contact information

We may disclose User personal information to third parties as follows:

  • to companies within the Healistic Group ;

  • to other users of the products and/or services where you have provided your approval or where you have posted information online which is publicly available;

  • to our professional advisers, suppliers or service providers (such as auditors, consultants, lawyers, insurers, marketing agencies and website hosts);

  • to third parties including for the purpose of providing the products and/or services;

  • to third parties such as health authorities, banks, tax authorities, courts, regulators and security or police authorities where required or requested by law, or where we consider it necessary;

  • if we are defending a legal claim, User information may be processed as required in connection with a claim;

  • if we discuss selling or transferring part or all of our organisation – the information may be transferred to prospective purchasers under suitable terms as to confidentiality; and

  • if we are reorganised or sold, information may be transferred to a buyer who can continue the work of our organisation.

  • We only allow third parties to handle your personal information if we are satisfied that they take appropriate measures to protect your personal information.

Legal requirements

In certain circumstances, if you do not provide personal information which is required, we will not be able to perform our obligations under the contract with you or may not be able to provide you with our products and/or services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be for you. 

Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal information if it is relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

How long do we keep your information?

We will keep your information for as long as it is reasonably necessary to fulfil the purposes we collected it for, including as necessary to comply with legal, regulatory, accounting or reporting requirements.

To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, as well as the applicable legal and regulatory requirements.

We will also routinely refresh our information to ensure we keep it up-to-date. When it is no longer necessary to retain your personal information, we will delete or anonymise it.

Where your information will be held

Where we transfer your data outside of the UK or the European Economic Area (“EEA”) we will make sure that adequate safeguards are in place, such as European Commission-approved Standard Contractual Clauses.

Your Rights

 

You may request and receive all information that Healistic holds on you

 

You can request information on the data Healistic stores about you, how it is used and how long it is stored for. Healistic will provide this data free of charge within 4 weeks after proof of identity is received. The data will be provided securely in a common machine-readable electronic format.

 

You may request correction of information that Healistic holds on you

 

If you spot mistakes in the data Healistic holds on you, you can submit a request for the data to be corrected. Healistic commits to correct this data free of charge within 4 weeks after receipt of proof of identity and correct data.

 

You may request erasure (deletion) of information that Healistic holds on you

 

If you request the erasure of your data, Healistic will comply with the request, if the deletion is not in conflict with legal obligations and professional requirements to store the data. Healistic commits to delete this data free of charge within 4 weeks after receipt of proof of identity. This request will lead to a halt of services for you.

You may request that Healistic stop processing information that Healistic holds on you

 

If you request that we  stop processing of your data, Healistic will comply with the request; any existing data will be retained. If this request relates to all kinds of processing, this will lead to the cessation of provision of services for you. If this request relates only to the processing of data for marketing purposes, you will still be able to access services via our platform.

In addition, to the extent provided for under applicable law, you have the following rights in relation to your information, which you can exercise free of charge. Some of these rights will only apply in certain circumstances.

  • Transfer: you may request the transfer of certain of your personal information to another party.

  • Not to be subject to automated individual decision-making: you may ask not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

We would hope that we can resolve any query you may raise about our use of your information. However, you also have a right to lodge a complaint with a supervisory authority (data protection regulator), in particular in the United Kingdom, where we are based, or in the country in the EEA where you are habitually resident, or where an alleged infringement of data protection law has taken place.

Right to object

In addition to the rights above, you also have a right to object to us processing your information in certain circumstances. Where we are processing your personal information based on legitimate interests you may challenge this. However, we may be entitled to continue processing your information based on our compelling legitimate grounds or where this is relevant to legal claims. You also have the right to object where we are processing your data in order to send you any direct marketing.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the ICO on individuals’ rights under the General Data Protection Regulation (GDPR).

If you want to exercise any of these rights, please contact us in writing, providing us with enough information to identify you (e.g. your full name, address and account number), proof of your identity and address (a copy of your driving licence or passport and a recent utility bill or bank account statement), and the specifics of the right you want to exercise.

Links to third party website

Our website, our app, the Healistic Prescriber Interface, our products and/or services and other communications may, from time to time, contain links to third party websites.

The personal data that you provide through these websites is not subject to this Notice and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy notices which will set out how your information is collected and processed when visiting those sites.

 

Children

Our website and app are not aimed at children under the age of 18. If you are under 18 years old, you should not submit any personal information to us via our website without checking with your parent or guardian.