HELFIO PRIVACY POLICY
1.1. Dear Users, we present to you the privacy policy of the service we operate under the name "Helfio".
1.2. Whenever this privacy policy uses one of the following terms, we mean it as defined below:
- Administrator / We meaning Helfio Ltd. with its registered office at ul. Grzybowska 87,00-844 Warsaw
- Application software operated and distributed under the name Helfio via iOS and Android mobile applications enabling access to the Service.
- Personal data means information about an identified or identifiable natural person ("data subject") within the meaning of the ODO Rules.
- Sensitive data shall mean Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and genetic data, biometric data processed for the purpose of uniquely identifying a natural person or data concerning the health, sex life or sexual orientation of that person.
- Helfio/Service means the organised IT platform, including, in particular, the computer program, IT mechanisms, interfaces and all data and information, accessible through the Application.
- Terms of Service means the Terms of Service, available on the website www.helfio.com and on the Application under the Terms of Service tab. Whenever this Policy uses one of the terms defined in the Terms of Service, it shall be construed as in the Terms of Service, unless the Policy expressly defines such terms differently for its own purposes.
- (Privacy) Policy means the following document.
- ODO Regulations means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (Official Journal of the EU.L No. 119, p. 1), also referred to in the Privacy Policy as Regulation 2016/679, other generally applicable provisions of Polish law or European Union law governing the principles of personal data protection.
- User/You/You means any natural person using the Service.
1.3. Your use of the Service indicates that you accept the provisions of the Privacy Policy. If you do not accept this Policy, you should immediately stop using the Service.
1.4. We are the controller of your Personal Data. You may contact Us, via email using the address iod@helfio.com.
1.5. We process your Personal Data in accordance with the ODO Regulations.
1.6. The use of the functionalities of the Website is partly free of charge and does not require registration on the Website, and is partly chargeable. We inform you about the need to create an account on the Service by a login prompt. You are informed of the need to pay by a call to pay for a subscription via AppStore or Google Play. The rules for creating a Profile in Helfio, the rules for using the Service, and the payment of fees for these are set out in the Terms and Conditions.
2.1. We process your Personal Data for the following purposes:
2.1.1. to carry out the services provided to you under the Terms of Service, including in particular to enable you to collect, organise and manage information about your health - which applies to the identification, contact and other data provided in the course of registration and in the Profile, including about your health;
2.1.2. to analyse the performance of the Service, to optimise its operation as regards the identification, contact and other data provided during registration and in the Profile, including health data;
2.1.3. for the purpose of contacting you when you use electronic forms of contact with us without entering into a Contract - which concerns identification and contact details;
2.1.4. in order to provide services to all Users and our other customers, including in particular to enable them to use the learned algorithm also based on the information you have uploaded to the Profile regarding your health. We will only anonymise such information and share it with Users and our other clients in the form of a learned algorithm, which will not allow these people to identify you;
2.1.5. for the purposes of direct marketing of our own products - which concerns identification and contact data.
2.1.6. to allow you to share your content with other Users through the Community and Gamification modules.
2.2 The Community module does not allow automatic or manual sharing of your Personal Data with other Users, but only for text-based communication with other Users.
3.1. We may process your Ordinary Personal Data in the cases indicated in Article 6(1) of Regulation 2016/679 where one of the following conditions is met:
3.1.1. the data subject has consented to the processing of their Personal Data for one or more specified purposes;
3.1.2. the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;
3.1.3. the processing is necessary for compliance with a legal obligation on the controller;
3.1.4. the processing is necessary to protect the vital interests of the data subject or of another natural person;
3.1.5. the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child; the legitimate interest for which we process your data is the marketing of our own services.
3.2. We will only process sensitive data in the cases indicated in Article 9(2) of Regulation 2016/679 where one of the following conditions is met:
3.2.1. the data subject has given his or her explicit consent to the processing of that personal data for one or more specific purposes unless Union law or Member State law provides that the data subject may not consent to such processing;
3.2.2. the processing relates to personal data manifestly made public by the data subject;
3.2.3. the processing is necessary for the establishment, investigation or defence of claims or in the exercise of justice by the courts;
3.3 You have the right to withdraw your consent to the processing of your Personal Data at any time. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to its withdrawal.
4.1 The Service collects the following categories of Personal Data: first name, last name, email, weight, height, country, gender, date of birth, test results provided by you, including blood tests, and health data (including past or chronic illnesses and medications taken).
4.2 Apart from the functionality of calculating your BMI based on the data you have provided, it is not possible to use the functionality of the Website without creating a Profile on the Application and entering into an Agreement with Us.
4.3 In order to conclude a Contract with us, it is necessary for you to provide the following Personal Data name, surname, date of birth, and e-mail address. - This is voluntary but necessary for registering an account on the Website and concluding a Contract with us. The provision of other Personal Data, including in particular Sensitive Data, is voluntary and depends solely on whether you wish to use a particular functionality of the Website. The use of certain functionalities of the Website (e.g. reports, analyses or calculators relating to your state of health or analysis of health parameters or results of your tests) will only be possible if you provide such data for analysis. You may provide Sensitive Data either by entering it into the Application or by connecting to another application containing such Data and consenting to its transfer to the Service.
4.4 When you use the Website via the App, we collect, by automatic means, information about you by collecting and storing your IP number, device type, language and access time, and navigation information, including information about the App functionalities used. We store this information as Application logs unless you have prohibited the transfer of this Data to us in your device settings. This Data is not used to build your user profile and is collected to ensure that the content of the Website is properly edited and optimised. They may also be used by law enforcement authorities in the event of unauthorised activity. In order to increase the protection of your Personal Data, we use it in anonymised form. Whereby the anonymised server log data is saved separately from other Personal Data.
4.5 If you contact us electronically by e-mail, the Personal Data provided so, voluntarily, is automatically stored under the terms and conditions specified in the Policy.
5.1. The Service may share Your Personal Data with the following categories of recipients:
5.1.1. entities providing us with outsourcing services related to Our business, e.g. entities providing accounting or IT services. In this situation, they will be entities to whom We have outsourced the processing of Your Personal Data and We will enter into appropriate contracts with them;
5.1.2.to Our customers and other Users to whom We provide services involving the preparation of reports, statistics and analyses relating to health care and prevention issues based on an algorithm created by Us. In such a situation, the sharing of such Personal Data only takes place indirectly, after it has been anonymised.
6.1. We do not intend to transfer Personal Data to third countries or international organisations within the meaning of the ODO Regulations.
7.1. We will only process your Personal Data for the period necessary to fulfil the purpose for which it was collected and on a specific legal basis. This means that
7.1.1. We will process your Personal Data that you have collected in the Profile for the duration of the Agreement and, after the termination of the Agreement, for the period and to the extent necessary to assert or defend claims for non-performance or improper performance of the Agreement, but for no longer than 12 years from the date of expiry of the Agreement;
7.1.2. Your Personal Data, including Sensitive Data which in an anonymised version has been included in the Content available on the Website for a period of up to 12 years from the date of expiry of the Agreement.
7.2. We will delete your Personal Data if the purpose or legal basis has ceased to exist, in particular after the expiry of the period referred to above.
8.1. You have the right to be informed by us as to whether we are processing your Personal Data, the right to access that Personal Data and to be informed of the following:
8.1.1. the purposes of the processing;
8.1.2. the categories of Personal Data processed;
8.1.3. the recipients or categories of recipients to whom the Personal Data has been or will be disclosed, in particular recipients in third countries or international organisations, and if your Personal Data will be transferred to a third country or international organisation, you will be entitled to be informed of the appropriate safeguards relating to such transfer;
8.1.4. where possible, the intended period of retention of Personal Data and, where this is not possible, the criteria for determining that period.
8.1.5. the right to request Us to rectify, erase or restrict the processing of Your Personal Data and to object to such processing;
8.1.6. the right to lodge a complaint with a supervisory authority;
8.1.7. if the Personal Data was not collected from You, any available information about its source;
8.1.8. automated decision-making, including profiling and, at least in those cases, relevant information about the modalities of such decision-making, as well as the significance and anticipated consequences of such processing in relation to you.
8.2. You have the right to require Us to immediately rectify your Personal Data that is inaccurate. Taking into account the purposes of the processing, you have the right to request the completion of incomplete Personal Data, including by providing an additional statement.
8.3. You have the right to "be forgotten" i.e. to request that We delete Your Personal Data without undue delay and We shall be obliged to delete such Personal Data without undue delay if one of the following grounds applies:
8.3.1. the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;
8.3.2. you have withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
8.3.3. you object to the processing based on your particular situation and there are no overriding legitimate grounds for the processing or you object to the processing of your Personal Data for direct marketing purposes.
8.3.4. Personal data has been unlawfully processed.
8.3.5. Personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which we are subject;
8.3.6. personal data was collected in connection with the offering of information society services.
8.4. The exercise of the right to be forgotten does not apply where the processing is necessary:
8.4.1. to exercise the right to freedom of expression and information;
8.4.2. for compliance with a legal obligation requiring processing under the Union law or the law of a Member State to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
8.4.3. for reasons of public interest in the field of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) of Regulation 2016/679;
8.4.4. for archival purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, insofar as the right is likely to prevent or seriously impede the purposes of such processing;
8.4.5. For the establishment, investigation, or defence of claims.
8.5. You have the right to request that We restrict the processing of Your Personal Data in the following cases:
8.5.1. you challenge the accuracy of the Personal Data - for a period of time to allow Us to check the accuracy of the Personal Data;
8.5.2. the processing is unlawful and You object to the deletion of the Personal Data by requesting a restriction on its use;
8.5.3. we no longer need the Personal Data for the purposes of the processing, but it is needed by You, to establish, assert or defend a claim;
8.5.4. you have objected to the processing - until it is determined whether the legitimate grounds on Our side override the grounds for your objection.
If, processing has been restricted in connection with the exercise of the above rights, we may process such personal data, with the exception of storage, only with your consent, or in order to establish, assert or defend claims, or to protect the rights of another natural or legal person, or for compelling reasons of public interest of the Union or a Member State, of which we will inform you.
8.6. You have the right to receive in a structured, commonly used machine-readable format your Personal Data that you have provided to Us , and you have the right to send that Personal Data to another controller without hindrance from Us if:
8.6.1. the processing is carried out on the basis of consent pursuant to Article 6(1)(a) or Article 9(2)(a) of Regulation 2016/679 or on the basis of a contract pursuant to Article 6(1)(b) of Regulation 2016/679 ; and
8.6.2. the processing is carried out by automated means.
Insofar as this is technically possible, you may request that we send such Personal Data directly to another controller designated by you.
8.7. You have the right to object at any time - on grounds relating to your particular situation - to the processing of your Personal Data when:
8.7.1. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Article 6(1)(e) of Regulation 2016/ 679); or
8.7.2. the processing is necessary for purposes deriving from legitimate interests pursued by Us (Article 6(1)(f) of Regulation 2016/ 679),
including profiling on the basis of these provisions. We will not be permitted to process this Personal Data unless We demonstrate that there are compelling legitimate grounds for the processing which override Your interests, Your rights and freedom, or grounds for establishing, pursuing or defending claims.
8.8. Where Personal Data is processed for direct marketing purposes, you will have the right to object at any time to the processing of Personal Data relating to you for such marketing, including profiling, to the extent that the processing is related to such direct marketing. In such case, we will no longer be permitted to process your Personal Data for such purposes.
8.9. You may exercise the above rights at any time by contacting Us as set out in the Policy.
8.10. In addition, without prejudice to any other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place where the alleged breach was committed, if you believe that the processing concerning your Personal Data is in breach of Regulation 2016/679.
10.1. We do not use cookies in our App. Cookies are not used to identify Users.
10.2. We use cookies on the website administered by us www.helfio.com (hereinafter the Website).
10.3. Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the Website user's terminal equipment and are intended for the use of the Website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.
10.4. Cookies are used for the following purposes:
10.4.1. creating statistics that help us understand how you and other users of the Site use the Site, so that we can improve the structure and content of the Site;
10.4.2. maintaining your session (after logging in), thanks to which you do not have to enter your login and password again on each subpage of the Site;
10.4.3. determining a profile of a Site user in order to display customised material to that user on advertising networks, in particular the Google network.
10.5. The Site uses two main types of cookies: "session" cookies and "permanent" cookies (persistent cookies). "Session" cookies are temporary files that are stored on the Website user's terminal equipment until the user logs out, leaves the website, or switches off the software (web browser). "Permanent" cookies are stored on the Website user's terminal equipment for the time specified in the parameters of the cookies or until they are deleted by the Website user.
10.6. The web browsing software (web browser) usually allows cookies to be stored on the Website user's terminal device by default. You can change your settings in this respect. Your web browser allows you to delete cookies. It is also possible to automatically block cookies For details, please refer to the help or documentation of your Internet browser.
10.7. Restrictions on the use of cookies may affect some of the functionality available on the Website.
10.8. Cookies are placed on the Website user's terminal equipment and may also be used by advertisers and partners cooperating with the Website operator.
10.9. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which a user uses the Website. For this purpose, they may retain information about the user's navigation path or the time spent on a particular page.
10.10. If you do not wish to receive cookies, you may change your browser settings. Please note that disabling cookies that are essential for authentication processes, security, maintaining user preferences may make it difficult, and in extreme cases may make it impossible, to use the Websites.
10.11. Our Website uses Google Analytics remarketing and tracking, to advertise our Services and display personalised ads to you.
10.12. The profiling we perform does not lead to decisions by Us with legal effect for You.
10.13. We use both our own cookies and third-party cookies to inform, optimise and display advertisements based on your visit history on the Site.
10.14. Google and other providers display our advertisements online. In order to block the use of your data in Google Analytics, you can install the Google Analytics blocking add-on in your browser, which is available at this address: https://tools.google.com/dlpage/gaoptout/?hl=pl.
10.15. You can also opt out of the Google cookie in the Ads Settings at: https://adssettings.google.pl/authenticated, as well as opt out of third-party providers' cookies at: http://optout.networkadvertising.org/?c=1#!/
10.16. Our Service uses links on its website to its Facebook and Instagram social media accounts. The rules for the processing of personal data by these portals can be found on the following websites:
10.16.1. for Facebook at: https://facebook.com/about/privacy/
10.16.2. for Instagram at: https://help.instagram.com/519522125107875
The privacy policy takes effect from 22.11.2021