LAST UPDATED: Feb 7, 2021
Thank you for choosing to be part of our community at Bold Health Limited (“company”, “we,’’ “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at email@example.com.
Personal Information or personal data or personal identifiable information (PII) means information relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier such as full name, identification numbers, location address, online identifier and other identifiers within the definitions of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 and General Data Protection Regulation (GDPR) (EU) 2016/679 regulation.
Web Browser is a software program that allows users to access, retrieve and view information on the World Wide Web. Examples of browsers include Internet Explorer, Firefox, Google Chrome and Safari.
2. What information do we collect and how do we use it?
To provide You with Our Service, Bold Health will collect, store and use the following Information provided by You:
USER-PROVIDED PERSONAL INFORMATION
SET PIN FOR YOUR ZEMEDY APP
For Your privacy and security, You are advised to set your own Zemedy App PIN to protect unauthorized access of app usage data. You can extend Your mobile device screen password to include Zemedy App. To do so use the “Enable passcode” feature under settings> security in the Zemedy App. You can also remove Your PIN using the ‘toggle’ option under security. The PIN that You use is personal to You, and You are responsible for maintaining the confidentiality and security of Your PIN. You are further responsible for restricting access to Your mobile device to prevent unauthorized access to the Zemedy App. You agree to accept responsibility for all activities that occur under Your PIN. You should take all necessary steps to ensure that the PIN is kept confidential and secure and should inform Us immediately if You have any reason to believe that Your PIN has become known to anyone else, or if the PIN is being, or is likely to be, used in an unauthorized manner. The Data Protection Law sets out a number of different reasons for collecting and processing Your Personal Information. The lawful basis for processing all Your Personal Information is for the performance of this Agreement and as agreed by You.
USER PROVIDED NON-PERSONAL INFORMATION
To provide You Our Service, Bold Health will collect, store and use the following non-personal Information provided by You:
How do We handle Your conversation messages?
When You use the Service, all the conversation messages You have with the Zemedy App are private. You provide Your messages by way of choosing pre-formatted responses or by way of free text. Each submitted message gets processed in real-time by the Zemedy App’s proprietary algorithms, and directed appropriately to the subsequent context-based conversation based on a proprietary rule-based content management process. At no point during Your conversation with the Zemedy App does another natural person have access to, or gets to monitor or respond to Your messages. Your messages are not processed to send You unwanted content. Your submitted messages or app usage habits or Website browsing habits are not used to sell to advertisers. We do not ‘monetize’ the messages or the Information You submit to Us. The messages You send and receive are encrypted and stored securely.
A limited set of Your conversation messages gets anonymized before being processed for internal operations and for research purposes. This is done only to improve Your future experience when using Our Service. YOUR CONVERSATION IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
From time to time a new version of the Zemedy App is published in the Play Store or the App Store. ALWAYS CLOSE THE Zemedy APP VERSION IN YOUR MOBILE DEVICE BEFORE UPGRADING TO A NEWER VERSION TO PREVENT LOSS OF ONGOING OR PREVIOUS CONVERSATIONS.
Do We need to know Your full name?
When You use the Service, We will not ask for and will not require Your full name at any point in time during the conversation. After signing up, We take You through a one-time onboarding process. Here We ask for only Your nickname/name to help personalize Our conversation with You. Please do not share Your full name to maintain complete anonymity. You can change the nickname once provided to the Zemedy App by going to Settings > Account.
Why do We ask about Your thoughts, feelings (emotions), mood, major event or life changes, goals and energy levels?
When You use the Service, We may periodically ask You about Your thoughts, feelings or emotions, mood, major event/changes in life, Your resilience goals and Your energy levels. Your response is processed by Zemedy solely to provide You access to tools and techniques to manage Your emotional wellness and to encourage You in building resilience. Your Information is encrypted during transmission and is securely stored. YOUR INFORMATION IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
How do we handle Your responses to health-related questions?
When You use the Service, You will be asked to respond to health-related questions. The response is voluntary and You can opt to not report to any of these questions. Zemedy App currently uses five validated assessment scales for understanding your IBS severity, quality of life and well-being. Other assessment scales may be introduced in the future. You will also be asked to share how You cope with day to day activities as part of the health questions. Health-related questions are a proven way to baseline and track the progress of Your symptoms. Your response is used solely for the purpose of providing you with feedback on the progression of your symptoms and to provide You access to validated and curated tools and techniques to manage your IBS Your response is encrypted during transmission and is securely stored. YOUR INFORMATION IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
AUTOMATICALLY COLLECTED NON-PERSONAL INFORMATION To provide You with Our Service, Zemedy App will automatically collect, store and use the following non-personal Information:
Why do We collect Device Information and access logs when You use Our Service?
When You use the Service, We may also collect Non-Personal Information through the use of commonly-used information-gathering tools such as cookies, log files and web beacons. Such information may include standard information collected from Your mobile device (such as mobile application identifier, operating system, OS version, time zone, manufacturer, model and brand name) or from Our Website (such as browser type, browser language, Operating System, browser information including type and language settings) along with the actions You take on Our Website (such as the web pages viewed and the links clicked). We use this information to detect and deter unauthorized or fraudulent use of or abuse of the Service, and to optimize Your experience for e.g. to make sure the Zemedy App is displayed correctly on Your phone, or Your usage settings are applied.
Do We collect Passive Sensing Information from Your mobile device?
When You use the Service, the Zemedy App does not passively collect nor process any information from Your mobile device sensors, such as accelerometer, ambient light readings and screen on/off readings, including location (GPS) and call logs.
How do We use any Third-Party Software?
When You use the Service, non-personal device and app event information is pushed to third-party analytics software such as Firebase and Facebook Analytics via their secure API integrated within the Zemedy App. The events do not provide any individual user-specific information and are aggregated by this third-party software across all users and used to present charts, graphs and reports to help Us understand and improve Our Services. The events collected by the apps include session-based events; feedback and rating events; pin management events; tool access event; setting changes events; connectivity or network events; health-related question response events; notification access events; and app login event. Apart from the app-pushed events, the third-party software APIs also automatically collect some non-personal events. Firebase automatically collected events can be found here. Facebook Analytics automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service, Use Policy and Crashlytics Terms of Service. The use of Facebook Analytics is governed by Facebook Data Policy and Terms of Service.
OTHER OPTIONAL INFORMATION To improve Your experience, We provide optional features in the Zemedy App. If You choose to use such features, We may ask You for additional Information:
OPTIONAL: Your feedback and ratings When You use the Service, We ask You for Your feedback and Your rating of the Zemedy App. You can also provide feedback using the Feedback feature provided in the Zemedy App “settings” section. You can use this feature to email Us Your feedback. This feedback and rating are used by Us to improve the product and Your product experience. AS A BEST PRACTICE, IT IS ADVISED THAT YOU TAKE ADEQUATE PRECAUTIONS TO NOT SHARE YOUR HEALTH OR PERSONAL INFORMATION WHILE GIVING FEEDBACK OVER EMAIL NETWORKS.
OPTIONAL: Manage Notifications or reminders When You use the Service, You have the option to manage app-based notifications or reminders. The Zemedy App will ask Your preference for the time of day to receive notifications and will confirm Your local time to ensure reminders get sent as per Your preference. You can change or delete notifications at any time from Settings > Notification of Your Zemedy App. WE DO NOT SEND ANY MARKETING OR PROMOTIONAL NOTIFICATIONS TO YOU WITHOUT YOUR EXPLICIT PERMISSION.
OPTIONAL: Your Age Information When You use the Service, You have the option to provide Your age information in the form of an age number (not the date of birth). This information is processed by the Zemedy App to understand the age profile of Our users and to help provide them access to tools and techniques or provide other operational information relevant to their age range.) WE DO NOT ASK, COLLECT OR PROCESS YOUR SPECIFIC DATE OF BIRTH AT ANY TIME DURING YOUR USE OF THE SERVICE.
OPTIONAL: Location Information To use the apps, You are not required to provide Your location information (“geolocation”). Zemedy App does not collect Your Geolocation information. We do however check Your device clock and collect Your date-time settings to help us offer a safe and improved experience. If We collect or use Your geolocation data as an additional separate service, We will make sure that We provide notice and/or obtain Your consent. You can always turn off location sharing at any time using Your phone settings.
OPTIONAL: Contact Information for customer support There may be occasions where You wish to contact Us to seek support. If You contact Us via Our website or by other means, We may need some Information from You, which You may choose to provide. This includes Your name, contact info such as your email address, phone number, as well as information about Your mobile device or personal computer such as device type, and OS type. We will use this Information to address and investigate the issues You have forwarded to Us, to provide You support and to improve Our customer support service.
OPTIONAL: Contact Information for promotional events and customer surveys If You choose to participate in promotional events or surveys that Bold Health may offer from time to time, We may ask for your contact details (e.g., name, location, phone number, email address, gender and date of birth) to administer the event, such as to confirm participation eligibility for the event, to enable You to fill out a questionnaire, to conduct to deliver the prizes to You. NO PROMOTIONAL EVENT NOTIFICATIONS WILL BE SENT WITHOUT YOUR EXPLICIT PERMISSION TO RECEIVE MARKETING NOTIFICATIONS. Your survey submission will never be linked to Your Zemedy app account and hence Your Zemedy App conversations and activities will never identify You. Your submissions will reside in a secure and private storage area operated within the Zemedy G-suite account and managed by Google Forms (G-Suite security can be read here. The Zemedy G-Suite account is also protected by a two-factor secure authentication system. You can opt-out at any time by sending a request to firstname.lastname@example.org to delete Your personal Information or to discontinue receiving any further communication on this matter. On receipt of Your email, We will verify and remove only the specific identifiable Information as requested by You, within 72 hours of receiving the request.) YOUR SUBMISSIONS WILL NEVER BE SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT.
OPTIONAL: Follow on Instagram You have the option to follow Us on Instagram using Your Instagram account by going to settings. You can set up an Instagram account, if you do not own one and follow us at @tryzemedy. WE DO NOT ASSOCIATE YOUR INSTAGRAM ACCOUNT WITH YOUR Zemedy APP ACCOUNT.
3. Other Important Information for You
What Information will be processed by Us for purposes of legitimate interests? To provide the Service, We may use Your Information based on Our legitimate interests for the following purposes. We Use a legitimate interest basis to process Your Information in a way that might reasonably be expected as part of running Our business and which does not materially impact Your rights, freedom or interest.
To detect and deter unauthorized or fraudulent use of or abuse of the Service;
For transmission, use and disclosure to business associates or a third-party based on a business associate agreement. The business associate will not use or disclose personal information in any way that would violate the contract.
For uses and disclosures required by law;
For disclosures for judicial and administrative proceedings;
For disclosures for law enforcement purposes;
For uses and disclosures for public health reporting, and other public health activities;
For uses and disclosures to avert a serious threat to health or safety to You, Us, or others;
For using minimal de-identified data to improve and/or optimize the Service;
To enable Us to provide customer support, and to respond effectively to Your inquiries and claims;
For uses and disclosures for oversight activities such as audits, investigations, and inspections;
For uses and disclosures for research purposes (subject to qualifications and exceptions);
For any direct marketing purposes;
To allow You to use the apps on multiple devices and transfer Your app account to another device;
By using the Service, You hereby agree to the use of Your Information for the above-mentioned purposes.
How does Bold Health protect Your information?
To fulfil Our commitment to respecting and protecting Your privacy and the confidentiality of Your Personal Information, Bold health has implemented industry-standard safeguards to prevent unauthorized access or disclosure, misuse, alteration or destruction of Your information. More specifically, We will comply with all applicable data protection and security laws in order to assure security, availability, processing integrity, confidentiality and privacy of data. All Information between the Zemedy App and server is encrypted and transmitted via SSL. Because no method of electronic transmission or method of data storage is perfect or impenetrable, We cannot guarantee that Your Information will be absolutely safe from intrusion during transmission or while stored in Our systems. To help protect Your privacy and confidentiality of Your Information, We also need to ask for Your cooperation regarding the following: Please do not copy and transmit Your chat conversations, health data and/or Personal Information with other people. Also, please notify us at the contact information provided at the end of this policy, in the event You suspect any unauthorized use of Your account or any other breach of security via Our contact information.
Where is Your Information transmitted and stored?
How long does Bold Health keep Your Information?
Does Bold health use outside service providers or agents?
To facilitate and provide You with the Service, it sometimes is necessary for Bold Health to request third party partner service providers or agents to help Us process and/or store your Information. We strictly evaluate the partner service providers and agents, and We make every effort to ensure that they have established appropriate and secure information administration and organizational control systems, and We strictly require that they comply with confidentiality obligations and applicable laws and regulations including Data Protection Law as relevant. We also require that they access Your Information only to the extent necessary to perform tasks on Our behalf.
Does Bold Health give Your Information to third parties?
Does Bold Health use third-party modules?
Bold health uses third party advertising agencies to place advertisements on the internet or in other media. To measure the effectiveness of the advertisements to determine how much to pay to the advertising agencies, We may install third-party modules within the Zemedy app. We may also install other third-party modules within the Zemedy App in order to deliver the Service and help Us understand how the Service is used.
What are Your data protection rights?
You have certain rights under the Data Protection Law in relation to the Personal Information that You share with Us. We have tried to make it as easy as possible for You to have control over Your Personal Information. To exercise any of Your rights, please email a request at the contact Information provided in this policy. Please note that We will require You to verify Your identity before responding to any requests to exercise Your rights. We may also limit Your individual rights requests (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; or (d) where the request is unjustified or excessive. If You have provided and We process Your Personal Information based on this contract, You can always send Us a written email request at the contact Information provided in this policy at any time to check, rectify, erase, or restrict the processing of Your Personal Information. Upon verification of Your identity, We will respond to Your request within one month and in accordance with relevant Data Protection Law. Bold Health will provide You with a request form that You will need to fill and submit back to Us via email. We will verify and erase from our servers only the specific identifiable Information as requested by You, within 72 hours of receiving the filled request form. You have the right to object to the processing of Your Personal Information that is based on legitimate interests for the purposes explicitly mentioned in this policy by sending Us a written email request at the contact Information provided in this policy. You have the right of data portability to receive a digital copy of Your Personal Information in a machine-readable format. You can send Us a written email request at the contact Information provided in this policy. Upon verification of Your identity, We will respond to Your request within one month and in accordance with relevant Data Protection Law. We may charge You a small fee for this service. We do not ask for any Personal Information during Your use of Service. We may at times be unable to address Your request if We are unable to correctly identify You.
PLEASE NOTE: IF YOU HAVE UNINSTALLED THE ZEMEDY APP PRIOR TO MAKING A REQUEST FOR ACCESS, THEN WE WILL BE UNABLE TO PROVIDE YOU ACCESS TO YOUR CONVERSATION MESSAGES.
If You are not happy about any aspect of the way We collect, share or Use Your Personal Information, please let Us know at the contact Information provided in this policy. You have the right to complain to a Data Protection supervisory authority in Your state of residence.
We do our very best to protect ToC BV and the App from unauthorized access, disclosure or destruction of data held by us. We do this through the following protective measures:
All personal information is stored in a separate, extra secure, server that is accessible by you as a user only. So we can assure a very high level of privacy for your personal data.
Data on your device is secured by encryption, only if you have created an account. We follow the NHS Data Standards.
Your data is transferred from your device to our server using HTTPS and TLS for encryption. This means that all information that is sent remains confidential and is not legible by third parties.
Our web development is in compliance with ISO 27001. The ISO 27001 standard sets specific requirements for the security measures and prescribes how safety risks should be assessed and dealt with.
Our hosting provider is in compliance with ISO 27001, ISO 9001, NEN 7510 and has prepared ISAE 3402 type I and II reports. All standards have the aim to secure your data.
5. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly solicit data from or market to children under 13 years of age. By using the Apps, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Apps. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 13, please contact us at email@example.com.
6. DO WE MAKE UPDATES TO THIS POLICY?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
7. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may contact our Data Protection Officer (DPO), Jossy Onwude, by email at firstname.lastname@example.org, or by post to:
Bold Health Limited
The Stables 28 Britannia Street
London, London WC1X 9JF
8. Governing Law and Dispute Resolution