Healthily Cold, Flu and COVID-19 Checker Privacy Policy

(December 2021)

Healthily respects your privacy and is committed to protecting your personal data. This policy, alongside our Healthily Cold, Flu and COVID-19 Checker Terms of Service, explains how we process your data when you use our services.

1. WHO WE ARE

YOUR.MD AS, incorporated and registered in Norway with the company number 999260993 whose registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1, 0252 Oslo, Norway is offering its Services which may be branded as Healthily, via its subsidiary Your.MD Limited, incorporated and registered in the UK with the company number 08727263 whose registered office is at Your.MD Ltd, 5th Floor, Lincoln House, 296-302 High Holborn, London WC1V 7JH, UK (hereinafter collectively referred to as: ‘Your.MD’, ‘Healthily’, ‘we’ or ‘us’).

Your personal data is controlled by Your.MD Ltd who is the data controller in regard to its Services. Should you have any privacy-related questions, please contact us at privacy@livehealthily.com, subject: Cold, Flu and COVID-19 Checker.

2. HOW WE USE YOUR DATA

We use your data to personalize your experience when you use our Cold, Flu and COVID-19 Checker (the “Checker”). We also use your data to improve the safety and security of the Services we provide, and for the purpose of analytics and communications.

Contract performance. This covers data that is processed by us in order to provide you with Services that you have requested.

Consent. Where you have consented to our use of your personal data, including health data.

Legitimate interests. This covers data processed by us for the purposes that can be reasonably expected within the context of your use of our Services to pursue our legitimate interests, in order to improve our Services and your experience, for general social benefits to enable free access to health information, to enable us to offer a safe and secure service.

WE USE YOUR DATA:

TO PROVIDE OUR SERVICES AND PERSONALISE YOUR EXPERIENCE
We use your data to understand your health so that we can provide relevant information personalized to your needs. We will use information about your reported symptoms to assess the likelihood of having a cold for example. Legal basis: contract performance and consent as a special condition for the processing of your health data. Data collected: As stated in ‘The data we collect’ section of this policy.

FOR INTERNAL ANALYTICS
We collect data on how you use our Checker so that we can make improvements to the service we offer you. We use identifiers and we carry out troubleshooting and testing. We also analyze your activities to understand how you use and interact with our Services. Legal basis: legitimate interests, to help us improve our Service. Data collected: Analytical information, Technical Information, as stated in ‘The data we collect’ section of this policy.

FOR SAFETY AND SECURITY
We usually process your data based on session identifiers.. To safeguard your privacy, we store health data and data which could indirectly personally identify you (session identifier) in separate databases. We do store technical logs of your activities in the Checker. In line with best practice, only authorized staff members can access personal data, and only when required for user safety or critical systems issues. Legal basis: legitimate interests, to enable us to offer a safe and secure service. Data collected: As stated in 'Technical Information of this Policy' in ‘The data we collect’ section.

FOR ADVERTISING
We use your health data (symptoms) and your location (not specific enough to identify a street) to show you Walmart health and wellbeing products that might help you. We never share your personal data with Walmart. Legal basis: consent. Data collected: health data in ‘The data we collect section’.

FOR COMMUNICATION PURPOSES
We use your data to respond to your request and/or queries sent to support@livehealthily.com and/or privacy@livehealthily.com. Legal basis: legitimate interests. Data collected: email, full name (if provided), IP address or other identifier assigned by a third-party service provider. Your data will be transferred to Zendesk , a third-party service provider that we use for a support ticketing system. Please do not share any health data when sending emails to support@livehealthily.com and/or privacy@livehealthily.com as we do not respond to any case-specific health issues.

FOR WALMART REPORTS
We provide the following information to Walmart on a monthly basis: how many users used the Checker, finished the consultation, were identified as susceptible to suffer a specific condition, all in an aggregated and anonymized form, meaning your data and health data is never disclosed. Walmart has the right to appoint an independent auditor to verify the data. In such case, we might need to disclose more data, but don’t worry, your data will be anonymized should this need to happen.

3. THE DATA WE COLLECT

DIRECTLY IDENTIFIABLE PERSONAL DATA: email address. Source: directly form you if you decide to write to us.

INDIRECTLY IDENTIFIABLE PERSONAL DATA: age, gender, location (country, region - not specific enough to identify the street), time zone, acquisition channel, identifiers (session ID attached to your profile data namely age and gender), IP address, analytics IDs, conversation/consultation ID, device ID). Source: indirectly from you when you interact with our Service.

HEALTH DATA. Any type of health data you share when using the Checker. Source: directly when you interact with our Checker.

TECHNICAL INFORMATION. User agent (web browser type and version), device model, screen information, mobile service provider, OS version, location (country and city), time zone, IP address at the time of usage, Healthily unique identifiers (session ID, conversation ID/consultation ID), records of events with Technical Information and your interaction with our Services. For example, logs on your usage of the Services, which include chat information, articles you have viewed. Source: when you interact with our Service.

ANALYTICAL INFORMATION. Hashed IP address, hashed profile ID, hashed conversation/consultation ID, analytics provider's unique client ID (Google Analytics ID).

Information on how you use our Services:

General Activity (e.g. time spent)
Sessions (e.g. when you started the session, duration)
Acquisition channel (e.g. which ad you clicked on to get to our Services)
Activity within our Services and features (e.g. your data and activities, consultation outcomes, whether you sent an input that failed to be understood by our chatbot, logs on your usage of our Services, screens you have seen, what you have clicked on).

Source: when you interact with our Service.

4. WHO HAS ACCESS TO YOUR DATA

We cannot provide all services necessary for the successful operation of Healthily Services by ourselves. We therefore share collected information with third-party providers for the purpose of offering and improving the Services. The information we share will not identify you personally, and the providers will only use the data to offer services to us. For privacy-related requests, send an email to privacy@livehealthily.com, subject: Cold, Flu and COVID-19 Checker.

THIRD-PARTY TECHNOLOGY AND PROVIDERS

Third party providers are data processors. This means they process your information on our behalf, in accordance with our instructions. We only allow your information to be used by them to offer services to us. How third party providers' use of information is controlled by the terms of their contract with us and any settings enabled by us through the user interface of their product.

Zendesk. We use Zendesk® (Zendesk, Inc.) as a support ticketing system which enables Healthily employees who respond to your emails to streamline communications in a single ticket, all within an organised workflow. This allows individual requests to be dealt with more quickly. Any information you share with us via email will be received by a Healthily support employee who will have access to information you share. This includes statistics such as when you last requested support, the nature of the issue, how it was resolved, and how long you had to wait for a resolution. Please refer to the Zendesk Privacy Policy, Zendesk Ticketing System for more information.

ANALYTICS PROVIDERS
With the help of analytics providers, we collect Analytical Information to help us improve our Services for you. We chose our providers carefully and set the most restrictive controls available to ensure they do not use your data for any purpose other than providing services to us.

Google Analytics (GA) is used on our Checker and Site (when you are visiting our Site). When you visit the Checker website, your web browser automatically sends your IP address and information on how you use the Service to GA. Processing is based on a GA-created browser ID by using cookies. GA uses IP addresses to provide and protect the security of the service, and for us to know the country you use our Services in. GA anonymizes the IP address before any storage or processing takes place by obfuscating the last few digits. Please refer to the IP Anonymization in Analytics. GA processes the data based on a GA identifier called Client ID, which is stored in a cookie. Identifiers such as cookies and GA user IDs measure and report statistics about your interactions on our Site and/or Web App. GA stores cookies on your device to keep track of how you use our Site/Web App statistics without personally identifying you. We use the data collected by GA to improve the quality of our Site and Checker and to analyze Site/Checker usage. For more information, please read How Google uses cookies. For more information on operational security and disaster recovery, please visit: How Google analytics secures your web traffic and Safeguarding your data. For general information, please read the following: How Google uses information from sites or apps that use their services, Safeguarding your data and the Google Privacy Policy.

Google BigQuery

We can draw and analyze data (log data) from GA using Google BigQuery. For more information, please see Google Service Specific Terms.

ADVERTISING PROVIDERS

We engage third party ad network to display ads within our Service.

Kevel. We use Kevel for advertising purposes, to create trackable links for reporting purposes, namely to see how many clicks are generated from a specific ad shown to you. For more information regarding data collection and usage as part of the ad serving platform, please read Kevel Privacy Policy on Ad Serving.

ADVERTISERS

We will show you personalised ads based on information you provide when using our Service. We never share your personal data (including health data) with advertisers.

We use the information that was calculated by our Checker to present you products that might be useful to you. You are not obligated to use these products. Our bot is constantly learning, so we cannot guarantee that the product we present to you based on information you share when interacting with our Checker or based on the Checker's outcome is what you need, but it will always be related to the outcome. While our bot strives to give you the best possible information it cannot consider all factors that your doctor can, so please always consult your doctor before acting on any of the advice our bot gives you. We are not in any way responsible for the actions of advertisers, the content of their sites, their products or services, the use of the information you provide to them, or any of the products or services they may offer and no agency relationship exists between us and these third parties. Our links to any advertiser’s services does not constitute our sponsorship or endorsement of, or affiliation with, or responsibility for these companies. Nor is such linking an endorsement of such third parties’ privacy or information security policies or practices, or their compliance with laws.

Walmart. If you decide to click on Walmart AD within our Services you will leave Healthily Services and be redirected to Walmart services. By doing so, you will be governed by Walmart Terms and Privacy policy.

LAWFUL PURPOSES

Your data will be disclosed only when necessary for lawful purposes, our legal obligations and rights as stated herein, and will be limited to such purposes: a) if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request b) to exercise or protect the rights, property or personal safety of our company, our users or others c) to enforce this privacy statement, including investigation of potential violations d) upon fulfilling legal requirements of local legislation to supply certain services a third-party might legally request from us e) to detect, prevent, or otherwise address fraud, security, or technical issues f) if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your data g) to respond to claims that any content published within our Services or our Services violate any right of a third-party.

5. HOW LONG DO WE KEEP YOUR DATA

We follow generally accepted industry standards and internal procedures to protect the data submitted to us during transmission, storing, and processing. We store your data for as long as is needed to provide our Services. We may store it for longer, but only in a way that it cannot be tracked back to you. We delete all personally identifiable data we have about you within 30 days of receiving your data deletion request. Please make sure you request a copy of your data before you ask to delete your data, as your data will not be retrievable afterwards.

We delete the logs we keep of the IP addresses you have used after approximately six months. When the data is no longer needed, we delete it using reasonable measures to protect the information from unauthorized access or use. Any information you send to support@livehealthily.com and/or privacy@livehealthily.com will be deleted as soon as we respond to your enquiry and/or the information is no longer needed.

6. YOUR RIGHTS

We are committed to keeping your data up-to-date. You can exercise your rights by sending an email to privacy@livehealthily.com, subject: Cold, Flu and COVID-19 Checker. We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardize the privacy of others, are impractical, or if we are required to retain such information by law or for legitimate business purposes. In the event of a suspicious request made in bad faith or accompanying unlawful behavior, we reserve the right to deny any request you make. We will not respond to any enquiry emails which we do not understand, where the request is not clearly specified, or pertains to health questions as we do not offer case-specific advice.

RIGHT TO ERASURE/ACCESS/COPY

You should be aware that we are not able to accommodate your request for the deletion/access/copy of your data because we do not store any data that could directly personally identify you. And we are not able to verify such request. If you stop using our Services, we will delete all collected data within six months.

You should be aware that we are not able to accommodate your request for the deletion/access/copy of your data because we do not store any data that could directly personally identify you. Similarly, we cannot carry out such a request if you are a Site visitor as we do not store any data that could personally identify you. If you stop using our Services, we will delete all collected data within six months. For this reason, we are not able to personally identify such a person, nor enable the exercise of rights.

OPTING OUT

Health data for provision of the Services. We need your health information to provide the Service to you. If you untick the box within the Privacy Settings available on the Privacy Matters screen you won’t be able to use our Checker.

Health data for advertising purposes. You can opt out of ads being shown within the Checker by clicking on the Privacy Settings within the Privacy Matters screen. If you opt out, we won’t show you Walmart health and wellbeing products that might help.

Google Analytics. You can opt out of Google Analytics by clicking on the Privacy Settings within the Privacy Matters screen. If you opt out, we won’t place analytic cookies on your device.

Zendesk. Correcting, updating and removing your information. If you seek to exercise your data protection rights in respect of personal information stored or processed by Zendesk on our behalf (including to seek access to, or to correct, amend, delete or restrict processing of such personal information) you should direct your query to us by sending an email to privacy@livehealthily.com. We will then instruct Zendesk to remove the personal information and they will respond within 30 days. They will retain personal information which they process and store on our behalf for as long as is needed to provide services to us.

7. CALIFORNIA RESIDENCE PRIVACY INFORMATION

This section of our Privacy Policy contains information required by California Consumer Privacy Act (hereinafter the "CCPA") that came into force on January 1st, 2020.

If you are a California resident (as defined in the section 17014 of Title 18 of the California Code of Regulations), California law requires us to provide you with some additional information regarding your rights with respect to your “personal information”.

We may transfer your personal data to third party processors in order to achieve the purposes of the processing listed in point 2 ‘How we use your data’ above. Please see point 4 ‘Who has access to your data’ to learn about what third party processors do we use.

CCPA provides Californian consumers the following rights (which does not interfere with GDPR):

Right to request disclosure of any personal information we collected. This means in particular that you have:

  • the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected (please see section “The data we collect”),
  • the purpose of the collection (please see section “How we use your data”),
  • the categories of third parties with whom we shared your personal information (please see section “Who has access to your data”), and
  • the specific pieces of personal information that have been collected please see section “The data we collect”).

Please see “Right to reassure/access/copy” section to learn how we process your request.

Right to request deletion of any personal information that we collected from you. Please see section “Right to erasure/access/copy”.

Right to non-discrimination. We will not discriminate against you for exercising your CCPA rights. This generally means that we will not deny you Services or provide a different level of Service or quality of Services. However, please bear in mind that, if you ask us to delete your data, it may impact your experience with us, and you may not be able to use our Services which require usage of your personal information to function properly.

Right to Opt-Out of Sale.
During the preceding 12 months, we did not, do not currently, and will not in the future sell or transfer your personal data to third parties (and will never do it without providing a right to opt out).

8. STORING, SECURITY AND DATA TRANSFERS

We follow generally accepted industry standards and internal procedures to protect information submitted to us.

STORING

We store Indirectly Identifiable Personal Data and Health Data in separate databases. This means that whatever you enter in the Checker, it is not connected to data that could indirectly identify you. We normally process your data with the help of identifiers, namely session ID, consultation/ conversation ID and analytic identifiers to avoid personal identification. In limited cases when required for user safety or critical systems issues, authorized personnel can access Indirectly Identifiable Data along with Health Data. Your IP address is used to determine location, but it is normally masked (hashed) when stored on our backend.

We store your information for as long as needed to provide our Service. We may store the information longer, but only in a way that it cannot be tracked back to you. We use AWS and Google Cloud Platform for storing information.

AWS. AWS has multiple security certificates https://aws.amazon.com/security/.The data we collect from you may be transferred to, and stored at, a destination outside and inside of the European Economic Area (EEA), namely the AWS regions in the US and EU. It may also be processed by staff operating outside the EEA who work for us, or for one of our Providers. Your data will still be safe - we have entered into the AWS data processing addendum to make sure your personal information (IP address) is safe, namely:
a) that the AWS will use the data only to provide its storing services
b) that it will not disclose data to any third-party
c) that the AWS restricts its personnel to process your data without their authorization
d) that we stay in control of correcting, blocking, deleting, retrieving your data
e) that AWS is responsible for implementing and maintaining the technical and organizational measures
f) that AWS is certified under ISO 27001 and agrees to maintain an information security program for the service that complies with the ISO 27001 standards or such other alternative standards as are substantially equivalent to ISO 27001 for the establishment, implementation, control, and improvement of the AWS Security Standards
g) that AWS may use subcontractors, but will restrict their access only for the purposes of offering AWS services. By using and downloading our Services, you agree to the transfer, storing and processing, as stated herein. We will take all the reasonably necessary steps to ensure that your data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our services; any transmission is at your own risk.

Google Cloud Platform. We store all analytical data on Google Cloud Platform (GCP). We control the stored data while Google is the processor. This means that Google processes the data only for the purposes of providing GCP services and technical support to us, in accordance with data processing and security terms https://cloud.google.com/terms/data-processing-terms. We control what happens to the data and can access it at any time. We have chosen to store the data in the US. Google stores data in a multi-tenant environment on Google-owned servers. The data and file system architecture are replicated in multiple geographically dispersed data centers. Google also logically isolates stored data. We have control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, enable us to determine the product sharing settings applicable to this privacy policy. We may choose to make use of certain logging capability that Google may make available via the services. Get more information on Google Cloud Platform and the terms: https://cloud.google.com/product-terms.

SECURITY

To guarantee your privacy, we securely encrypt, limit, and restrict access to your personal details. The information is encrypted and key protected, and we have integrated commercially reasonable efforts to make sure your information remains secure when processed by us. However, please be aware that no security measures are impenetrable. If you have any concerns about the security of our Services, please contact us at privacy@livehealthily.com, subject: Cold, Flu and COVID-19 Checker.

TRANSFERS

EU and UK Territory. We delete logs we keep of the IP address within six months. We store your personally identifiable data for the duration of the provision of our Services or up to 30 days after your deletion request. This section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication, or as strictly necessary for us to provide the Services you requested. We reserve the right to delete your profile after an extended period of inactivity.

US Territory. We will retain collected information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable legislation. We reserve the right to delete your profile after an extended period of inactivity.

Storing might be different depending on which territory is collecting the information and the applicable legislation, but we always strive to store the information only if it is needed for the purposes of providing, improving or personalizing our Services.

9. COOKIES

For information about cookies, please see Healthily Cold, Flu, COVD-19 Checker Cookie Policy which is hereby incorporated into this Policy. You can opt out of Google Analytics by clicking Privacy Settings on the consent screen. If you opt out, we won’t place analytic cookies on your device. You can also turn off cookies at any time by changing your specific browser settings.

Google Analytics Cookies. Google Analytics mainly uses first-party cookies to report on user interactions on websites that use Google Analytics. Google Analytics stores cookies on your computer to keep track of how you use our Checker. We use Cookies to analyze your activity to improve the Checker. For example, by using Cookies, we can look at aggregate patterns like the average number of symptom checks that were not finished. We can use such analysis to gain insights about how to improve the functionality and experience of the Checker. You may disable cookies or delete any individual cookie set by Google Analytics. Google Analytics supports an optional browser add-on that - once installed and enabled - disables measurement by Google Analytics for any site you visit. This add-on only disables Google Analytics measurement.

For information about cookies, please see our Cookie Policy which is hereby incorporated into this Policy. You can manage cookies on our Site at any time by visiting Cookie settings section available in the footer of our Site. You can turn off cookies by changing your specific browser settings. You may disable cookies or delete any individual cookie set by Google Analytics. Google Analytics supports an optional browser add-on that - once installed and enabled - disables measurement by Google Analytics for any site you visit. This add-on only disables Google Analytics measurement. You can use Ads Settings to manage the Google ads you see and disable personalization. Even if you opt out of personalized ads, you may still see ads based on factors such as your general location derived from your IP address, your browser type, and your search terms. You can also manage many companies' cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the US-based https://youradchoices.com/ choices page. Finally, you can manage cookies in your web browser. For more information visit Google Privacy&Terms and read our Cookie Policy.

10. GENERAL

Should you have any privacy-related questions, please contact us at privacy@livehealthily.com, subject: Cold, Flu and COVID-19 Checker.

We may update this Privacy Policy to reflect the changes in our data processing practices. Because we are constantly adding new services and features, we might not make an immediate upgrade of the Privacy Policy, unless in case of material changes to our Data processing practices. The most current version of this Privacy Policy will govern our use of the Data we collect from you and it is available at https://www.livehealthily.com/legal/cold-flu-covid-19-checker-privacy Because we do not create your profile account you will need to consent to the most recent version each time you use the Services.

Your.MD,

Matteo Berlucchi, CEO