Version: 001 2023
This privacy policy (as amended from time to time, the “Privacy Policy“) describes our policies and procedures on the collection, use, and disclosure of your personal data obtained through your access to and use of the services available on the mobile applications and the website (the “App“) operated by bEHR Health Systems, Inc., 909 S. Norman C. Francis Pkwy (“bEHR Health“). The use of the App is governed by the Terms (hyperlink). bEHR Healthprepared this Privacy Policy to demonstrate our commitment to privacy and security of your personal data in accordance with our obligations under the applicable laws, rules, and regulations.
By accessing the App or using our services, you agree to accept and be bound by the current version of this Privacy Policy. In case you do not agree to the current version of this Privacy Policy, you are not authorized to continue accessing the App or using our services.
The App may contain links to websites or materials that are not operated by bEHR Health and are not subject to this Privacy Policy, for example the share functionality to social networks. We recommend that you read their policies to protect your personal data.
We may revise this Privacy Policy from time to time. The most current version is always available on our App. The revised Privacy Policy shall become effective from the date of publication on the App. Should these changes be substantialand where required by applicable law, we will provide you with notice (by email or by publication on the App) and/orobtain your consent.
What data we collect and for what purpose:
bEHR Health collects the following personal data for product and service-related purposes:
• In order to create or reconfigure your account, you are askedto provide initial personal data, such as your name, username, password, personal contact details (address, zip code, phone number, location, and email address), date of birth, gender, height, and weight.• In order to enable bEHR Health to provide you with the Health Score and various other information about your health, including advice on how to improve your lifestyle and develop awareness (collectively the “Information“),you are asked to provide further personal data, such details about any of your previous health concerns or clinical issues, details about your family history, especially relating to health concerns or clinical issues, details about your lifestyle and activities (including underlying GPS data), clinical information and similar personal data.• In order to provide you with information about our products and services you either requested or we think you might like, we may do so via your personal identification information such as name, email address, etc. If you no longer wish to be contacted for marketing purposes, please click here (hyperlink).
bEHR Health receives, reviews, and stores technical data (including crash reports) retrieved from the devices you are using to access the App.
How your data is collected
bEHR Health collects your personal data either directly or indirectly as follows:
• Directly through the App (e.g., you register online or place an order for any of our products or services, you voluntarily complete a customer survey or provide feedback on any of our message boards or via email, you use or view our website via your browser’s cookies etc.)• Indirectly through third-party devices or apps you connect with your account on bEHR Health and where you explicitly opt-in to do so (e.g., connection of a smartwatch)or through your interactions within the App as part of our continuous effort to improve the user experience.
How we protect your data
We restrict access to your personal data to those bEHR Healthemployees or other parties who need access to such data in order to provide the services. We maintain appropriate physical, electronic and procedural safeguards to protect your personal data, including firewalls, individual passwords, and encryption, and take all other necessary and adequate administrative, organizational, technical, personal, and physical measures to safeguard the same against unauthorized or unlawful processing and use, accidental loss or destruction or damage, theft, disclosure, or modification and to ensure its integrity.
Please note, however, that bEHR Health has no control over the network infrastructure outside of bEHR Health, and datatransported over an open network, such as the internet or email, may be accessed by third parties (including, for example, a person standing behind you, or the local authorities under certain conditions). We cannot guarantee, and are not responsible for, the confidentiality of any communication or information transmitted via such open networks. When disclosing any data via an open network, you should consider that despite all measures in place such asencryption during transport, it is potentially accessible to others, and consequently, may be collected and used by others without your consent. Your personal data and Information may also be lost during transmission. bEHR Health will not accept any liability for direct or indirect losses as regards the security of your personal data and information out of its control, including during its transfer via Internet.
bEHR Health uses encryption software that may be subject to export control regulations and territorial restrictions.
How your data is shared and data we might receive
To process your personal data, bEHR Health might require the services of sub-contractors, which need to access directly or indirectly your personal data, our “Processors”, e.g., data hosting providers. We ensure that, when working with Processors, these entities commit to an adequate level of protection and commit not to use your personal dataunlawfully. From our side, we will share only the personal data our Processors need to proceed, and nothing more. We are currently working with the following main (Sub-) Processors:
(Sub-) Processor
(Sub-) Processing Activity
(Sub-) Processor Location
dacadoo AG
Othmarstrasse 8
8008 Zurich
Switzerland
(“dacadoo”)
SaaS, Digital Health Engagement Platform (DHEP), running surveys with registered users (e.g., NPS) to obtain feedback related to its services
Switzerland: Service Delivery / Support, Software Engineering, SRE / DevOps, Data Engineering, Data Science;
Australia: Service Delivery / Support (no data processing)
Japan: Service Delivery / Support (no data processing)
USA: email campaign (no data processing)
Canada: Sales (no data processing)
Denmark: Sales (no data processing)
Singapore: Service Delivery (no dataprocessing)
Microsoft Schweiz GmbH
The Circle, Postfach
8058 Zürich, Switzerland
Cloud Infrastructure Provider
Microsoft Azure cloud region: Netherlands
MongoDB Ltd.
Building Two, Number ne, Ballsbridge,
Dublin 4, Ireland
Database SaaS Provider
(MongoDB Atlas)
Microsoft Azure cloud region: Netherlands
Datadog Inc.
Neue Rothofstraße 13-19
Frankfurt am Main, 60313 Germany
Centralized Logging
Monitoring and Alerting Solution Provider
Google cloud region: Germany
Atlassian Pty Ltd.
L 6 341 George St
2000 Sydney, Australia
Monitoring and Alerting Solution Provider (OpsGenie)
Ticketing System Provider (JIRA)
EU (Germany, Ireland)
Synchronit GmbH
Blegistrasse 5
6340 Baar, Switzerland
Quality Assurance, Software Development, SRE (Infrastructure Operations), Application Support
EU, Uruguay, Lebanon, Argentina, Canada
Arobs Transilvania Software SA
Str. Donath Nr.11
BL.M4 SC. 2 ET. 3 AP 28
Cluj-Napoca, Romania
Quality Assurance, Software Development, SRE (Infrastructure Operations), Application Support
EU
Vietnam
Ciklum SA
Lavaterstrasse 66
8002 Zurich, Switzerland
Quality Assurance, Software Development, SRE (Infrastructure Operations), Application Support
EU
Ukraine (no data processing)
India (no data processing)
MessageBird B.V.
Trompenburgstraat 2-C, 1079 TX Amsterdam, The Netherlands
SMS Gateway (for mobile number verification and transactional SMS)
Netherlands
Huanga IT Solutions AG
Sägereistrasse 21, 8152 Opfikon
Switzerland
SMTP Relay
Switzerland
Amazon Web Services, Inc.
Cloud Infrastructure Provider
Cloud region: EU
Cloudflare
Cloud SASE, CASB
USA
Google Cloud Platform
Cloud Infrastructure Provider (e.g., Google Vision AI, Firebase Cloud Messaging, Google reCAPTCHA)
USA
Tresorit AG
Franklinstrasse 27
8050 Zurich
Switzerland
Encrypted Secure Data Exchange
Switzerland
HubSpot Germany GmbH
HubSpot Ireland Limited
HubSpot House,
One Sir John Rogerson's Quay
Dublin 2, Ireland
Marketing, sales, customer service
EU (Germany)
Your personal data may be shared with our partners, which could send us personal data about you in return. For example,when you participate in a challenge organized by a partner, we will need to receive some Information to create the right teams in the challenge, and we will need to share Information, like your ranking, with the organizer of the challenge. While bEHR Health uses best efforts to ensure our partners are informing you about their privacy policies, bEHR Health does not carry responsibility for the data processing of our partners.Your ranking (including last name and first name) may also be used for communications purposes (e.g., in-App messages or emails) during or after a challenge.
The concept of the App includes the disclosure of your personal data provided by you and accessible via the App to other users or third parties. Please note that all registered users of bEHR Health are displayed with their name and profile picture. For all other personal data, you control and decide yourself which personal data shall be accessible to others. You can change the privacy settings of your account at any time and thereby determine who will be able to see which personal data. The types of personal data which may be distinguished are the following: Health Score, workouts including pictures (workout, profile, and profile background pictures) and achievements gained. Sensitive personal data such as weight or blood pressure, are not accessible to other registered users.The following types of sharing options are available:
• Public: All users registered on bEHR Health will be able to see your Health Score, your workouts (including potentiallocation data), and your achievements. • Groups: If you are part of a corporate health program, you will be allocated to a specific company group, which will contain fellow employees with whom you are friends on bEHR Health, and other employees with whom you are not yet friends on bEHR Health. If you select the group option, all group members, friends or not, will be able to see your Health Score, your workouts, and your achievements. • Friends: Your friends will be able to see your Health Score, your workouts, and your achievements. • None: Only you as the user of your account will be able to see your personal data. According to our default settings, all your friends will be able to see all the above-mentioned data. You can change the privacy settings of your account at any time after your registration. • Please note that due to the linking option to other social networks, such as Facebook, your data may be made available to other persons through your friends. Nevertheless, you are always in control of the content you decide to share on social networks, no personal data is automatically shared.
bEHR Health will not sell, rent, or otherwise make available any personal data submitted by users to any third parties without the user’s consent, unless as permitted under this Privacy Policy or required by law. bEHR Health may use personal data to contact users with respect to all matters related to the user’s activity on the App, including but not limited to sending motivational e-mails and reminders.
Cookies and similar technologies
The web app to our App uses cookies and similar technologies. Please see our Cookie Notice (hyperlink) for more information.
How long your data is stored
We store your personal data for as long as you have an account with bEHR Health. bEHR Health can delete your account at any time for any reason with reasonable notice. You can delete your account at any time as well. If you follow the instructions available on the App, your account will be deactivated and then deleted. As a courtesy, we keep your account for up to 30 days, as such it is still possible for you to recover your account if it was deactivated by mistake. After 30 days, we begin the process of deleting your account permanently from our systems and your account becomes non-recoverable. You acknowledge that any content posted by you on the App cannot be recovered after the deletion of your account. We reserve the right to keep data to the extent we reasonably believe it is necessary to satisfy any applicable law or regulation, and/or according to security and privacy industry practices.
Where your data is stored
Your personal data is stored on servers located in a professionally managed, secure data storage facility in Switzerland or EEA (Economic European Area) through a secure cloud provider which means that your Information is processed in accordance with Swiss Federal Act on Data Protection and GDPR (General Data Protection Regulation) principles. If you access the App from a computer located outside the territory of hosting, you accessing the App will be considered as your consent to us transferring your data outside Switzerland or EEA in order to reach you.
If, for any reason, bEHR Health will need to transfer any of your personal data to any country without adequate level of data protection as decided by the European Commission, bEHR Health will procure that appropriate contractual obligations apply in line with relevant data protection laws(such as EU standard contractual clauses).
Legal basis for data processing
bEHR Health relies on the following legal basis for processing your personal data:
• Consent (or explicit consent, where applicable), which means that you have given your (explicit) consent for processing your personal data for one or more specific purposes. • Performance of a contract, which means that processing your personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof. • Legal obligations, which means that processing your personal data is necessary for compliance with bEHR Health’s legal obligation. • Vital interests, which means that processing your personal data is necessary to protect your vital interests or the vital interests of another natural person. • Public interests, which means that processing your personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in bEHR Health.• Legitimate interests, which means that processing your personal data is necessary for the purposes of the legitimate interests pursued by bEHR Health.
Your data protection rights
bEHR Health would like to make sure you are fully aware of all of your data protection rights as follows:
• The right to access, which means you have the right to request bEHR Health for copies of your personal data. (We may charge you a small fee for this service.) • The right to rectification, which means you have the right to request that bEHR Health correct any Information you believe is inaccurate and/or to complete the Information you believe is incomplete.• The right to erasure, which means you have the right to request that bEHR Health erase your personal data, under certain conditions.• The right to restrict processing, which means you have the right to request that bEHR Health restrict the processing of your personal data, under certain conditions.• The right to object to processing, which means you have the right to object to bEHR Health’s processing of your personal data, under certain conditions.• The right to data portability, which means you have the right to request that bEHR Health transfer the data that we have collected to another organization, or directly to you, if technically feasible and under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via email at: info@behrhs.com
Disclosure of data
We reserve the right to disclose your data to the extent we reasonably believe it is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigations of a potential violation thereof, (iii) detect, prevent or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or to (v) protect the rights, property or safety of bEHR Health, its users and the public.
How to contact bEHR Health or the appropriate authority
If you have any questions about bEHR Health’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate tocontact us at:
bEHR Health Systems, Inc.
909 S. Norman C. Francis Pkwy
New Orleans, Louisiana, 70125
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.