Eight Investments JSC, a company registered in Bulgaria, UIC 206291447 (“we”, “Healee”, “us”), takes your privacy and the security of your information very seriously.
We are committed to protecting all your personal data, including confidential personal and health data.
In order to comply with applicable data protection legislation (including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (“GDPR”)), the company responsible for protecting your personal data, as the data controller, is Eight Investments JSC, UIC 206291447 (“the Company”, “we”, “us”).
Our services are provided through the Application, which is an online platform that allows healthcare and wellness professionals (“Health and Social Professionals”) to communicate with you (“Patient” or “Patients”) to provide you with remote health and medical assistance based on the medical history you report to the Health and Social Professionals (“Services”). For this purpose, the Application processes your data.
The Company is the controller for the data it processes in connection with the Application, namely data of visitors and users, including Health and Social Professionals.
When, as a registered user of the Application, you use a service, the Health and Social Professionals process your data according to their knowledge and professional qualifications. They are data controllers regarding the consultations and communications they perform with you, as they process patient data on their own legal basis—a contract with the Patient for the provision of remote health or medical assistance, determining the scope and type of data they process and how this is done. As data controllers, Health and Social Professionals bear full responsibility for the processing of your personal data. Our role in these relationships is as a data processor, and we are responsible to the extent defined by applicable law.
When you use Healee, you register by creating your personal account in the Application and you will be required to provide an email address. Alternatively, you can log in using a social network account such as Google or Facebook.
In all cases, we do not have access to your email account data or your social network account data. The connection data we use solely for authentication is always stored encrypted on our servers (see “Where and how we store your data”).
You may choose to add the following data to your profile:
You may choose to enter various health and medical data into the Application.
This information is required when and if you decide to use a paid service through the Application.
The following rules apply to the data you provide:
You have the option to allow us to import data from Apple HealthKit into the Application. If and when you do so, the following data you enter into Apple HealthKit will be automatically imported into Healee:
We will process the information we import from Apple HealthKit and display it in the Application in accordance with this Privacy Policy.
If you wish to upload a photo/recording to the Application, access to your device’s camera, microphone, or audio may be requested. This is only an option for which you will be explicitly asked for permission. If you grant the Application access to this data, its use will be limited solely to the time and performance of the specific action you desire (e.g., uploading a photo).
We do not process children’s data. The Application may be used by a guardian or parent exercising parental rights for the purpose of obtaining remote medical or social assistance for their child. In this case, the child’s data is processed based on the consent of the guardian/parent exercising parental control.
Healee reserves the right to process user data of the Application for the purpose of analyzing its usage, improving services, and developing new features in compliance with Article 9, paragraph 2, point (j) of the GDPR. Such processing is carried out only after the data has been anonymized and with the necessary technical and organizational security measures in place. In no case does Healee access personal and/or sensitive personal data that could identify a data subject, nor does it use such data for profiling.
If you wish, Healee allows you to partially or fully share your data with third parties by providing them with a special link leading to and displaying specific data you have shared. These third parties may be:
You set the parameters for data sharing—exactly what type of information is included, for what period of time, and you bear full responsibility for this. For example, you may share all your health data entered in the last three months. You can deactivate data sharing at any time, thereby revoking access for all parties to whom you have sent it.
We do not share your phone number with third parties for marketing or promotional purposes.
We do not store your data on your device. All your personal data and health information are stored on secure servers in the USA, in accordance with the EU-U.S. Data Privacy Framework.
We do not store any credit or debit card information. This information is processed and stored by a payment service provider in accordance with GDPR regulations and payment instrument security standards.
All your data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL) cryptographic protocol technology.
All personal data that could potentially identify you, such as email address, images, and messages, is encrypted not only before transmission but also while stored or processed on our servers.
We retain your personal data for the period necessary to fulfill the purposes for which it was collected, unless the law requires longer retention.
We process your personal data for the purposes stated above based on your consent; you voluntarily download, use, and provide data to the Application.
Your explicit consent is also the basis for processing special categories of data, namely information about your health status. Although we do not see this information, as it is only accessible to you and your chosen Health and Social Professional, we process it encrypted through the Application so it can function and fulfill its purpose.
We also process anonymized data for analysis and business development, product development, and system and metric improvement based on our legitimate interest, namely to constantly improve and develop our products and services.
The personal data you provide to the Application will be collected, processed, stored, disclosed, and destroyed in accordance with the applicable laws of Bulgaria and the EU, the Terms and Conditions, and this Privacy Policy.
This data may be stored on servers located outside your local jurisdiction.
Transfer of your data to countries outside the European Economic Area (EU, Norway, Iceland, and Liechtenstein) is carried out only with adequate data protection measures in place in accordance with Regulation (EU) 679/2016. The protection of your information remains with your data.
Under the GDPR, you have the following rights:
Changing the email with which you are registered on the Platform does not fall under any of the above categories and cannot be performed under any circumstances.
You can exercise the following rights directly in the Application:
You can exercise your other data protection rights by contacting us at support@healee.com.Upon receiving your request, we will verify your identity to prevent unauthorized access to personal data. Requests are processed within one month of receipt, which may be extended by two more months in case of complexity or a large number of requests, in accordance with Article 12, paragraph 3 of the GDPR.
Please note that despite your right to submit a request to exercise your rights as a data subject, we, as a data controller, are not unconditionally obliged to fulfill it if there are legal grounds for retaining the data, in accordance with Article 17, paragraph 3 of the GDPR.
If the request cannot be fulfilled, you will be informed of the reasons for the refusal, as well as your right to lodge a complaint with a supervisory authority.
Your consent, which is the basis for processing your personal data, may be withdrawn at any time, without affecting the lawfulness of processing before its withdrawal. You can practically withdraw your consent by removing your data from the Application.
Your personal data is not subject to automated decision-making, including profiling.
You have the right to lodge a complaint regarding the way we process your data with the Commission for Personal Data Protection or you can contact us atsupport@healee.comfor more information about exercising your rights.
We reserve the right to change this Privacy Policy at any time without notice. You will be notified of such changes upon your next login to the platform.