Eight Investments JSC, registered in Bulgaria, company number 206291447 (”we”, ”Healee”, ”us”), takes the privacy and security of your information very seriously.
We are committed to safekeeping all your personal data, including sensitive personal and health data.
As regards staying compliant with the requirements of the private data protection laws (including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (”GDPR”)), the legal entity responsible for protecting your private data, in its capacity of data administrator, is Eight Investments JSC, registered in Bulgaria, company number 206291447 (”we”, ”Healee”, ”us”)
We deliver our services via the application, which is an online platform, allowing doctors (“Medical practitioners”) to communicate with you (“Patient” or “Patients”), in order to provide you with remote medical evaluations and online consultations, based on the condition history you report to Medical practitioners (“Services”)
The company is a data administrator, which processes data within the app, namely the data of its subscribes, both registered and anonymous, the medical practitioners and all remaining third persons, who do not fall within any of the above categories, but their data is processed within the app.
The medical practitioners process your data based on their professional knowledge and qualifications. They are data administrators with respect to the communication and consultations they provide to Healee users, insofar as they process patient data independently from us, based on a contract (??) with the Patient for a medical consultation/evaluation, define data volumes to be processed and how data is processed. We are not responsible for how your data is processed by the Medical practitioners, as they are the ones who determine what data to request from you and how to process the data while providing their services.
When using Healee, you may choose to not sign up and remain anonymous, or sign up by creating an account.
If you decide to use Healee without signing up, you will not be required to enter your email address, or any other personal information that could potentially identify you.
If you decide to sign up and create an account, you will be asked to provide an email address. Alternatively, you can choose to log in using a social account, such as Google or Facebook.
In either case, we do not have access to the email address or the social account id, as they are always store encrypted on our servers (see ”Where and how we store your data”).
You may choose to add to your profile the following data:
You may choose to enter in the app the following health and medical data:
This information is needed when and if you decide to pay for any of our services.
The following rules apply to the data you provide:
You may choose to enter in the app the following health and medical data:
We will handle the information we import from Apple HealthKit in accordance with this Privacy Policy.
If you choose to upload a photo/video recording in the application, it is possible that we request access to the camera and/or microphone of your device. You will be explicitly asked if you allow this option. If you choose to grant the application access, the data will be used solely for the purpose and duration of the respective action (e.g., photo upload).
As a rule, we do not process child data. It is possible for the parent or custodian of the child to use the application for getting a medical consultation for the child. In this case, the data of the child is processed based on the consent given by the parent/custodian.
If you so desire, Healee enables you to share all or part of your data with 3rd parties, by providing them with a dedicated link that leads to and visualises the specific data you have shared. Such 3rd parties may be:
You set the parameters of the data share - precisely what type information it contains, for what time period. For example, you can share all your health data you have entered over the last three months. You can deactivate a data share at any time, thus revoking access for all parties you have sent it to.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
We do not store your data on your device. All of your personal and health data is stored on secure servers in the US.
We do not store any credit or debit card information. This information is maintained and payments are processed by a third party payment provider, in compliance with the payment card industry security standard.
All your data transmitted between your device and our servers is encrypted using Secure Socket Layers (SSL) technology.
All sensitive personal data that can potentially identify you, such as email address, images and messages, is encrypted not only before being transmitted, but on our servers too.
We store your data for a period of two years after your last activity in the application.
We process your data for the purposes described above, based on your consent, and you voluntarily download and use the application, and upload data in it.
Your explicit consent is legal grounds for processing the special categories of data we are processing, namely – information about your health condition. Although we do not see this information, as it is only accessible by you and the Medical practitioner you have chosen, we process this information in the application, in an encrypted form, so that the purpose of the application can be fulfilled.
We process the data for the purposes of business analysis and intelligence, development of new products, enhancement of systems and parameters, based on our legitimate interest and objective to constantly improve and develop our products.
Your personal data will be gathered, stored, processed, revealed and destroyed in compliance with EU law, the Terms and Conditions and this Privacy policy.
The data may be stored in servers outside of your local jurisdiction.
Transferring of data outside of the European Economic Area (EU, Norway, Iceland and Liechtenstein) is performed solely in case all necessary data protection measures have been taken, according to the General Data Protection Regulation (EU) 2016/679.
You have the right to request access to the information we are processing, to request that we delete it, correct any errors in your data, limit the processing of your data, to object to processing of your data, as well as to exercise your right to export and transfer your data.
You can exercise the following rights directly from within the application:
You can also exercise your rights by contacting us at support@healee.com
You can withdraw at any time the consent based on which we process your data, without this withdrawal affecting the legality of the processing carried out with your consent up to the withdrawal. You can exercise your right to withdraw your consent by deleting your profile data or your account.
Your personal data are not subject to automated decision making, including profiling.
You have the right to file a complaint about how we process your data, with the Bulgarian Personal Data Protection Commission (PDPC), or you can contact us at support@healee.com, to get more information regarding your complaints.
We have the right to change this Privacy Policy at any time, without prior notice. You will be notified of any such changes upon next login in the platform.