# Your.MD Symptom Checker Privacy Policy for VHI

(April 2019)

---

## WHO WE ARE 
Your.MD is a trademark of YOUR.MD AS, incorporated and registered in Norway with the company number 999260993. The registered office is at c/o Advokatfirmaet Simonsen Vogt Wiig AS, Filipstad Brygge 1, 0252 Oslo, Norway. It offers the Your.MD Symptom Checker (“symptom checker”, “chatbot”) via its subsidiary Your.MD Limited, incorporated and registered in the UK with the company number 08727263. The registered office is Your.MD Ltd, 5th Floor, 43 Whitfield Street, London, W1T 4HD, UK (hereinafter collectively referred to as: ‘Your.MD’ or ‘we’).

Should you have any privacy-related questions, please contact us at [privacy@your.md](mailto:privacy@your.md?subject= Vhi Health Assistant app).

---

## HOW WE USE YOUR DATA

### LEGAL BASIS

**Consent.** Where you have consented to our use of your data. 

**Legitimate interests.** This covers data processed by us for the purposes that can be reasonably expected within the context of your use of our service to pursue our legitimate interests, in order to improve our service and your experience, for general social benefits to enable free access to health information, to enable us to offer a safe and secure service.

### FOR PROVIDING OUR SERVICE
We use your data so the chat-bot can calculate the most likely condition based on your reported symptoms. **Legal basis:** legitimate interests.

### FOR INTERNAL ANALYTICS
We collect data on how you use our service so we can make improvements and to understand how you use and interact with our service. We collect analytical and technical information (as stated in section 3 of this privacy policy) and use identifiers to carry out troubleshooting, testing and research. **Legal basis:** legitimate interests, to help us improve our service.

With the help of analytics ID assigned to you, we can use the data that you enter when talking to our chatbot (health data, age and gender) for our internal analytics and research. We do not process any information which could directly identify you in our analytical databases. For example, we check how many users have finished a consultation.

### FOR SAFETY AND SECURITY
We also use your data to improve the safety and security our service. To safeguard your privacy, we store health data and data which could personally identify you in separate databases. In line with best practice, only authorised staff members can access personal data, and only when required for user safety or critical systems issues. **Legal basis:** legitimate interests, to enable us to offer safe and secure service.

### FOR COMMUNICATION PURPOSES
We will use your email to respond to any queries you send to [privacy@your.md](mailto:privacy@your.md). Please do not share any health data when sending emails to us as we do not respond to any case-specific health issues. **Legal basis:** legitimate interests, to enable us to respond to your queries.

### FOR REPORTS
We will send reports to our partner VHI, who is hosting our chatbot on VHI Health Assistant App. We provide information such as, how many users used the symptom checker, have finished the consultation, to VHI on monthly basis, all in an aggregated and anonymised form, meaning that your personal data is never disclosed. VHI has the right to appoint an independent auditor to verify the data. In such case, we might need to disclose more data, but don’t worry, your data will be anonymised should this need to happen. **Legal basis:** legitimate business interests.

---

## THE DATA WE COLLECT
**Indirectly identifiable data:** age, gender, time zone, acquisition channel, identifiers (IP address, profile ID attached to your profile data, analytics IDs, conversation ID and session ID.

**Health data:** any type of health data you share when using our Symptom Checker.

**Technical information:** installed app version, IP address at the time of usage, Your.MD’s unique identifiers (profile ID, conversation ID, session ID), records of events with Technical information and your interaction with our service. For example logs on your usage of the service, which include chat information.

**Analytical information:** hashed IP address, hashed profile ID, hashed conversation ID, analytics provider’s unique ID (Firebase ID), various information on how you use our service: selected symptoms, duration, rejected symptoms, questions and answers to clarify symptoms, factors that affect the diagnosis (age and gender), other information about our service you may voluntarily provide, symptom checker’s results.

---

## WHO HAS ACCESS TO YOUR DATA

We cannot provide all service necessary for the successful operation of our service by ourselves. We therefore share collected information with third-party providers for the purpose of offering and improving our service. The information we share will not identify you personally, and the providers will only use the data to offer service to us. However, we will use your email to answer your queries. For privacy-related requests, see section 6 of this Policy or send an email to [privacy@your.md](mailto:privacy@your.md), subject: Vhi Health Assistant App.

### THIRD PARTY TECHNOLOGY PROVIDERS

**Zendesk.** We use Zendesk® (Zendesk, Inc.) as a support ticketing system which enables Your.MD employees who respond to your emails to streamline communications in a single ticket, all within an organised workflow. This allows individual requests to be dealt with more quickly. Any information you share with us via email will be received by a Your.MD support employee who will have access to information you share. This includes statistics such as when you last requested support, the nature of the issue, how it was resolved, and how long you had to wait for a resolution. Please refer to the [Zendesk Privacy Policy](https://www.zendesk.com/company/customers-partners/privacy-policy/), [Zendesk Ticketing System](https://www.zendesk.com/help-desk-software/features/ticketing-system/), [Zendesk EU Data Protection]() and [How Zendesk Protects Personal Data](https://help.zendesk.com/hc/en-us/articles/229138227-Privacy-and-Data-Protection-How-Zendesk-Protects-Personal-Data-?_ga=2.267538446.1019750681.1528789576-842600331.1528789576) for more information.

### ANALYTICS PROVIDERS

With the help of analytics providers, we collect analytical information to help us improve our service for you. We chose our providers carefully and set the most restrictive controls available to ensure they do not use your data for any purpose other than providing service to us.

**Google Analytics** 
Google Analytics (“GA”) allows us to collect data on how you use our Symptom Checker, as described under 'Analytical information' in section 3 of this policy. When you install the VHI app and then click on Symptom Checker within the Vhi App, GA send information on how you use our Symptom Checker. We use your information only for the purposes of our internal analytics to improve our services. Google can share your information only in limited situations where a) it concludes that it is required by law or has a good faith belief that access, preservation or disclosure of customer data is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or b) in certain limited circumstances when third parties carry out tasks on Google's behalf (e.g., data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google. For more information, please read [How Google uses cookies](https://policies.google.com/technologies/cookies). Google has an EU [Privacy Shield certificate](https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and uses [Standard ISO 27001 security measures](https://www.iso.org/isoiec-27001-information-security.html). For more information on operational security and disaster recovery, please visit: [How Google analytics secures your web traffic](https://support.google.com/analytics/answer/6385009) and [Safeguarding your data](https://support.google.com/analytics/answer/6004245). For general information, please read the following: [How Google uses information from sites or apps that use their services](https://www.google.com/policies/privacy/partners), [Safeguarding your data](https://support.google.com/analytics/answer/6004245?hl=en) and the [Google Privacy Policy](https://www.google.com/policies/privacy/).

### LAWFUL PURPOSES

Your data will be disclosed only when necessary for lawful purposes, our legal obligations and rights as stated herein, and will be limited to such purposes: a) if required by law, for example to comply with a court order, subpoena, regulation, legal process or other governmental request b) to exercise or protect the rights, property or personal safety of our company, our users or others c) to enforce this privacy statement, including investigation of potential violations d) upon fulfilling legal requirements of local legislation to supply certain service a third-party might legally request from us e) to detect, prevent, or otherwise address fraud, security, or technical issues f) if we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified of any change in ownership or uses of your data g) to respond to claims that any content published within our Service or our Service violate any right of a third-party.

---

## HOW LONG DO WE KEEP YOUR DATA

We follow generally accepted industry standards and internal procedures to protect the data submitted to us during transmission, storing, and processing. The session ID that enable us to recognise users that come from Vhi, as well as the profile and conversation ID are new for each session you make and get deleted after the conversation ends. This means that we are not able to attribute the data you share with us to you personally. 

We store data and analytics ID that cannot be tracked back to you for internal analytics purpose. When the data is no longer needed, we delete it using reasonable measures to protect the information from unauthorised access or use. 

Any information you send to [care@your.md](mailto:care@your.md) and/or [privacy@your.md](mailto:privacy@your.md) will be deleted as soon as we respond to your enquiry and/or the information is no longer needed.

---

## YOUR RIGHTS

You can exercise your rights: 

* to object and to restriction of data processing, by sending an email to [privacy@your.md](mailto:privacy@your.md?subject= Vhi Health Assistant App).

We will process your request **within 30 days** of receiving it. 

We may decline to process requests that are unreasonably repetitive, require disproportionate technical effort, jeopardise the privacy of others, are impractical, or if we are required to retain such information by law or for legitimate business purposes. In the event of a suspicious request made in bad faith or accompanying unlawful behavior, we reserve the right to deny any request you make. We will not respond to any enquiry emails which we do not understand, where the request is not clearly specified, or pertains to health questions as we do not offer case-specific advice. We reserve the right to delete your data  after a long period of inactivity. 

You should be aware that we are not able to accommodate your **request for the deletion/access/copy of your data** because we delete all data that could indirectly personally identify you after finishing the consultation.

### OPTING OUT

**Zendesk.** Correcting, updating and removing your information. If you seek to exercise your data protection rights in respect of personal information stored or processed by Zendesk on our behalf (including to seek access to, or to correct, amend, delete or restrict processing of such personal information) you should direct your query to us by sending an email to [privacy@your.md](mailto:privacy@your.md). We will then instruct Zendesk to remove the personal information and they will respond within 30 days. They will retain personal information which they process and store on our behalf for as long as is needed to provide service to us.

---

## STORING OF INFORMATION, SECURITY AND DATA TRANSFERS

We follow generally accepted industry standards and internal procedures to protect Information submitted to us.

### STORING

We store identifiable personal data and health data in separate databases. This means that whatever you enter our chatbot, it is not connected to data that could personally identify you. We normally process your data with the help of identifiers, namely profile ID, consultation/ conversation ID, Vhi ID and analytic identifiers to avoid personal identification. 

We store your information for as long as needed to provide our service. We delete all identifiers after each consultation. We may store the information longer, but only in a way that it cannot be tracked back to you. 

We use **AWS** and **Google Cloud Platform** for storing of information.

**AWS.** AWS has multiple security certificates <https://aws.amazon.com/security/>.The data we collect from you may be transferred to, and stored at, a destination outside and inside of the European Economic Area (EEA), namely the AWS regions in the US and EU. It may also be processed by staff operating outside the EEA who work for us, or for one of our Providers. Your data will still be safe - we have entered into the AWS data processing addendum to make sure your personal information (IP address) is safe, namely:
a) that the AWS will use the data only to provide its storing service
b) that it will not disclose data to any third-party
c) that the AWS restricts its personnel to process your data without their authorisation
d) that we stay in control of correcting, blocking, deleting, retrieving your data
e) that AWS is responsible for implementing and maintaining the technical and organisational measures
f) that AWS is certified under ISO 27001 and agrees to maintain an information security program for the service that complies with the ISO 27001 standards or such other alternative standards as are substantially equivalent to ISO 27001 for the establishment, implementation, control, and improvement of the AWS Security Standards
g) that AWS may use subcontractors, but will restrict their access only for the purposes of offering AWS service. By using and downloading our Service, you agree to the transfer, storing and processing, as stated herein. We will take all the reasonably necessary steps to ensure that your data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

**Google Cloud Platform.** We store all analytical data on Google Cloud Platform (GCP). We control the stored data while Google is the processor. This means that Google processes the data only for the purposes of providing GCP service and technical support to us, in accordance with data processing and security terms <https://cloud.google.com/terms/data-processing-terms>. We control what happens to the data and can access it at any time. We have chosen to store the data in the US. Google stores data in a multi-tenant environment on Google-owned servers. The data and file system architecture are replicated in multiple geographically dispersed data centres. Google also logically isolates stored data. We have control over specific data sharing policies. Those policies, in accordance with the functionality of the Service, enable us to determine the product sharing settings applicable to this privacy policy. We may choose to make use of certain logging capability that Google may make available via the service. Google complies with legal frameworks relating to the transfer of data such as EU-US and Swiss-US Privacy Shield. Get more information on Google Cloud Platform and the terms: <https://cloud.google.com/product-terms>.

### SECURITY

To guarantee your privacy, we securely encrypt, limit, and restrict access to your personal details.

We encrypt all your data at rest and any directly identifiable personal information is double encrypted with two keys at both the infrastructure and application level. We have restricted access to production environments and monitoring of your activities. The information is encrypted and key protected, and we have integrated commercially reasonable efforts to make sure your information remains secure when processed by us. However, please be aware that no security measures are impenetrable. If you have any concerns about the security of our service, please contact us at [privacy@your.md](mailto:privacy@your.md).

### TRANSFERS

**EU Territory** We delete logs we keep of the IP address within six months. We store your personally identifiable data for the duration of the provision of our Service or up to 30 days after your deletion request. This section shall not prevent any technical storage or access to information for the sole purpose of carrying out the transmission of a communication, or as strictly necessary for us to provide the Service you requested. We reserve the right to delete your profile after an extended period of inactivity.

**US Territory** We will retain collected information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by applicable legislation. We reserve the right to delete your profile after an extended period of inactivity.
Storing might be different depending on which territory is collecting the information and the applicable legislation, but we always strive to store the information only if it is needed for the purposes of providing, improving or personalising our Service.

---

## GENERAL

Should you have any privacy-related questions, please contact us at [privacy@your.md](mailto:privacy@your.md). If we are not able to help, we will forward your enquiry to our external **Data Protection Officer (DPO)**, ePrivacy GmbH, represented by Prof. Dr. Christoph Bauer, Große Bleichen 21, 20354 Hamburg. Should you have any concerns or complaints that our DPO is not able to resolve, you have the right to lodge a complaint with our supervisory authority Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Prof. Dr. Johannes Caspar, Kurt-Schumacher-Allee 4, 20097 Hamburg. If you are a UK customer, you can lodge a complaint with the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

**CHANGES TO THIS PRIVACY POLICY**. We may update this privacy policy to reflect the changes in our data processing practices. Because we are constantly adding new service and features, we might not make an immediate upgrade of the privacy policy, unless in case of material changes to our data processing practices. The most current version of this privacy policy will govern our use of the data we collect from you and it is available at [Your.MD Symptom Checker Privacy Policy for Vhi](https://www.your.md/vhi-privacy). Because we do not create your profile account you will need to consent to the most recent version each time you use the service.  

Your.MD,
Matteo Berlucchi, CEO 

VHI Privacy Policy for Your.MD Symptom Checker