We  at Aasa Health AB, org. no. 559116-7936, with address Ola Hanssonsgatan 4, apt 1004, 112 52 Stockholm, Sweden. (“we”, “our” “us”,  “the Company”,  or  “Vitala”)  value your privacy and are committed to keeping your personal data confidential.

We provide the Vitala application ("App"), which you can download and use ("you" ; "User") in accordance with the Terms and Conditions and the Privacy Policy.

Please remember that Vitala does not provide medical services. If you have received an invitation, the Health Provider ("HP" ; "Health Provider") provides medical services to you. HP has access to your Personal Data through a Care Portal ("CP"), which is used by HP staff to manage data in order to provide health care services to you. Vitala only provides services related to the operation and operation of the App (“Services”), so please read the Privacy Policy below carefully.

BY ACCESSING AND/OR USING THE APP, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USING THE SERVICES AND CP.

This Privacy Policy applies to personal data processed through the App. The term "Personal Data" encompasses any information that can be used on its own or in combination with other information to identify an individual or contact a specific person.

Some Personal Data may be considered "health data" (i.e., data related to your physical or mental health), "protected health information" or "PHI" (i.e., information that relates to your past, present, or future physical or mental health or condition(s), the provision of healthcare to you, or past, present, or future payments for your healthcare), and/or medical records as defined by law.We take the protection of personal data seriously and comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR") and Swedish data protection regulations. 

Note regarding third-party sites: Our App may contain links to other sites that are not operated by Vitala. If you click a third-party link, you will be directed to that third  party’s  site.  We  strongly  advise  you  to  review  every  site  you  visit  for  the privacy policy(ies). Vitala has no control over and assumes no responsibility for the content,  privacy  policies,  or  practices  of  any  third-party  sites  or  services. This Privacy Policy does not apply to your use of or access to any third-party sites or services.

We may modify this Privacy Policy from time to time. We will notify you of significant changes by electronic way. The changes will take effect within 30 days. If you do not agree with the proposed changes, you should stop using the App before the change becomes effective. If you continue to use the App after the effective date, you will be bound by the updated Privacy Policy terms.

We would like to point out that the Privacy Policy is available in English and other languages. For other languages, we use machine translation from English. Machine translation may not be perfect, so in cases of dispute over interpretation, English (the source language of translation) shall prevail.

Please remember that we always prioritise the welfare of our users, and no provisions will be interpreted to the detriment of the consumer within the meaning of the law.

If you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us. We appreciate your feedback. You can contact us by email gdpr@vitala.health

For maximum transparency, we present a summary with respect to which Personal Data Vitala is a data controller or HP, and with respect to which Personal Data Vitala is a data processor. A detailed description of each type of Data can be found in section 7.

Vitala acts as the data controller in CP in relation to Support Data and Technology Data. We have appointed a Data Protection Officer, Mrs. Beata Marek (“DPO”). You can contact our DPO by email gdpr@vitala.health

We process different types of information from you. Each category of data is explained in depth below and the processing principles.‍

Behavioural Data: We may process data about how you behave and what your habits are based on information that you provide us directly or information that we download from an application that you integrate with our App (e.g. Google Fit or Health Connect). For example, if you allow us, we can track your walking/running activity and daily steps to then show this data in the App and include it in your prescriptions.

Legal basis for processing by the data controller: Article 6.1.b of the GDPR. You have the ability to decide to enable the feature and initiate data collection within the App. If you choose to do so, the data collected is in connection with the services provided to you by the Healthcare Provider. Vitala processes data based on a data processing agreement with the data controller.

Disabling this feature will stop further data collection. However, it does not mean that the data already collected will be deleted from the App. This data will remain visible, and your Healthcare Provider may have used or is using it to provide services to you, which is why it is not deleted. Deleting the Account in the Application will result in deletion of data within 30 days. 

‍Contact Data: We may send information to your email address and phone number that is related to the provision of services. This may also include notifications regarding the App. For example, you may receive an SMS with a confirmation code for your account. You may also receive system messages via email. We do not use your contact information for sending spam, and we do not sell this data.

Legal basis for processing by the data controller: Article 6.1.b of the GDPR. Communication occurs in connection with the proper functioning of the App and the provision of services by the Healthcare Provider. Vitala processes data based on a data processing agreement with the data controller.

You can change your phone number and email address in the App settings. The data prior to the change is stored in relation to records of SMS or email messages sent to you.

Deleting the Account in the Application will result in deletion of data within 30 days. 

‍Demographic Data: We may process demographic data which may include, but not   be limited to, your name, birth year, gender, height, weight, phone number, and e-mail   address. The collection of this demographic data is primarily used to create your Account and provision of services by the Healthcare Provider.

Legal basis for processing by the data controller: Article 6.1.b of the GDPR. Vitala processes data based on a data processing agreement with the data controller.

Deleting the Account in the Application will result in deletion of data within 30 days. 

‍Medical Data: We may process information   regarding   your   health   conditions,   including,   but   not   limited   to, images,   age,   gender,   weight,   height,   medical   history,   symptoms,   and communications between you and your Healthcare Provider who is providing Services to you via the App. We collect this information to provide you with the Services and to provide your Healthcare Provider with the information required to provide medical treatment through the App.

Legal basis for processing by the data controller: Article 6.1.b of the GDPR. Vitala processes data based on a data processing agreement with the data controller.

Deleting the Account in the Application will result in deletion of data within 30 days. 

‍Support Data: If you contact us for support or to lodge a complaint, we may collect your email address or telephone number and   technical   or   other   information   from   you   through   log   files   and   other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting and technical support in accordance with this Privacy Policy. You provide your data voluntarily.

Legal basis for processing by Vitala is article 6.1.f of the GDPR. The legitimate interest lies in providing you with assistance in connection with the operation of the App. Please remember that we do not provide support in any other scope than issues related to the operation/non-operation/problems with functionalities in the App.    

Data is obtained directly from you (your email address or phone number, or any other information you provide) or in connection with your actions in the App (related to actions you take to verify a problem). Remember, we never ask for your login credentials, financial, or medical information. Never provide such information.

Communication with the support department is recorded, meaning that, under the right of control, it can be verified by us in terms of how the consultant provided assistance. We do not offer telephone support.

From the moment you contact us until your issue is resolved, the data is processed for the primary purpose of providing you with support. After providing you with support, the data is processed for secondary purposes, such as archiving our actions to assist you. The data is stored for the purpose of verifying the quality of service provided to you and for establishing, investigating, or resolving legal claims. Please note that we do not retain data beyond 24 months (after this period, it is deleted). After this period, if you file claims with us regarding technical support, we will not be able to assist you.

The data is processed within the European Economic Area. We do not profile you. The recipients of the data can only be authorised employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in 9 point. 

‍Technology Data: We may process your   IP   address   (or   proxy   server),   device   and   application   identification numbers,   location,   browser   type,   Internet   service   provider   and/or   mobile carrier,   the   pages,   and   files   you   viewed,   your   searches,   your   operating system,   and   system   configuration   information,   and   date/time   stamps associated   with   your   usage.   This   information   is   used   to   analyse   overall trends and help to resolve technical issues.

We do not monitor the activity of a specific App user. We do not profile users. App improvement is based on statistical analysis. However, if you contact us for technical support, we may track your activity if necessary and related to providing you with support. We do not, however, interfere with any data you have entered. We can only check what action may have caused a specific error in the App. An IP address is considered Personal Data, so it is our duty to inform you that Vitala may collect additional information related to your use of the App in connection with your IP address. You provide your data voluntarily.

Legal basis for processing by Vitala is article 6.1.f of the GDPR. The legitimate interest lies in processing data that contains logs that can later be used to provide technical support and software development. Anonymous data is used for statistics and service improvement - it is not associated with any user or IP address. The statistics only consist in counting the number of total clicks in the App, loading time, etc. 

Data is obtained directly from you. We emphasize that statistical data does not contain personal information and cannot be linked to a specific individual. However, your actions in the App are recorded in the form of logs and are associated with your IP address.

The data is processed from the moment you have an Account in the App until you delete your Account.

The data is processed within the European Economic Area. We do not profile you. The data recipients can only be authorised employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in 9 point. 

‍Statistical Data: Vitala processes aggregate data on the use of the App by Users. However, this data does not count as Personal Data because we do not process any data that could link the readings we collect with you or any other User. Statistical Data allows us to analyze. On this basis, we create statistics that allow us to group information (not about specific natural persons) and use it for various purposes, such as creating publications, materials, App development, etc. We do not collect the IP address, name, surname, e-mail address, number personal data and no other data allowing association with a specific natural person. However, we process de-identified data and statistics relating to age, gender, diseases, completed training sessions, self-reported results and ratings.

Your rights include:

- The right to know who is processing personal data, for what purpose and why.

You've been informed in point 7 who processes your data in the App and how. We've specified in which cases we act as the data controller and in which cases as the data processor.

- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
‍We provide access to data through the App. You can also contact us to verify the specific data we process. Remember that Vitala is the data controller only for support data and technology data. In all other aspects, your Healthcare Provider is the data administrator, and you can seek support from them for access to data.

- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient. 
‍We do not send you any advertisements, and we do not process data based on your consent. Similarly, the data controller does not process your App data based on your consent and does not send any advertisements. If you receive an advertisement from your Healthcare Provider or inappropriate information through the App, please contact us. We emphasise that such actions are not allowed in the App. Please note that recommendations or prescriptions for medications, supplements, or other products provided by your Healthcare Provider do not constitute advertising.

- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. 
‍You can modify your data in the App at any time. Some data entered by your Healthcare Provider may not be changeable by you in the App. Contact your Healthcare Provider to change such data. Please remember that certain data may not be changed due to historical events and the obligation to maintain medical documentation. Your Healthcare Provider will inform you in detail if they refuse to change any data.

- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally. 
‍We have the right to refuse data deletion under Article 17.3.e of the GDPR. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims. Regarding data for which your Healthcare Provider is the administrator, you can find detailed information in the privacy policy of your Healthcare Provider.

- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”. 
‍Vitala does not process your data in the App as a data controller based on a contract or consent. However, we specify that Vitala acts as a data processor in relation to (i) behavioural data; (ii)  contact data; (iii) demographic data; (iv) medical data - in this case the processing process complies with Healthcare Provider privacy policy and data processing agreement.

- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
‍The relevant responsibility lies with the data controller. Vitala has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. In the case of data where we act as a processor, the data controller will be informed within the agreed-upon timeframe specified in the data processing agreement. Notification to the supervisory authority or data subjects may also occur if necessary. Regarding data for which Vitala is the data controller, appropriate actions will be taken after assessing the impact of the breach, including its severity.

- The right to lodge a complaint with the supervisory authority.
‍Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the GDPR.The supervisory authority, due to Vitala's registered office, is The Swedish Authority for Privacy Protection.

More information you can find here: https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/

We may share your personal information with the following categories of individuals/entities:

‍Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our Services are used.

Our Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer services, and payment processing.

‍Our Advisors:  We   may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively, “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.

‍Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.

‍Third Parties Pursuant to Business Transfers:  In the event  of  are organization,   merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.

‍Government and Law Enforcement Authorities: If reasonable and necessary, we may  share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or (iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.

Vitala does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request  that  these  individuals  not  provide  Personal  Data  to  us.  If  we  learn  that Personal Data from users under the age of 18 has been collected, we will deactivate the  User  Account  associated  with  that  data  and  take  reasonable  measures  to promptly delete such data from our records. If you are aware of a user under the age  of  18  accessing  the  Services  or  CP,  please  contact  us  at info@vitala.health

Deleting your Account in the App: Please remember that uninstalling the App does not delete your Account. If you no longer want to use the App and do not want your Personal Data assigned to your Account to be processed, delete your Account. You can do this by going to the appropriate settings in the App. After confirming the action, your Personal Data will be visible in CP for HP for another 30 days. Remember that HP is the data controller of your Personal Data and for the purposes of providing medical services to you, even if the data is deleted from CP, it may be processed by HP in another IT system or on paper. Information in this regard is provided by HP. 

‍Deleting your Account by HP: HP invites you to use the App and thereby creates your Account. If your Account is deleted by HP you will not be able to log in and access your results in the App. Please contact HP if you would like to access your data or obtain more information.

‍Deleting your Account and processing Personal Data by Vitala: Support Data and Technological Data is processed by Vitala as a data controller. Regardless of whether you delete your Account or HP deletes it, Vitala will process collected information related to Support Data and Technology Data for 10 years from the moment of deleting your Account for the purposes of establishing, pursuing or defending legal claims.

Vitala  understands  the  importance  of  data  confidentiality  and  security.  We  use  a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.While  Vitala  uses  reasonable  security  controls, WE  CANNOT  GUARANTEE  OR WARRANT  THAT  SUCH  TECHNIQUES  WILL  PREVENT  UNAUTHORIZED  ACCESS  TOYOUR  PERSONAL  DATA.  VITALA  IS  UNABLE  TO  GUARANTEE  THE  SECURITY  ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS.

‍YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE   OR   SOFTWARE   FAILURE,   AND   OTHER   FACTORS   MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.

Vitala stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access controls.

You are solely responsible for preventing unauthorised access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Vitala has no access to or control over your device’s security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use.

Please note that Vitala will never send you an email requesting confidential information, such as account numbers, usernames, passwords, Social Security Numbers, medical or financial data. If you receive a suspicious email from Vitala, please notify us at info@vitala.health.

Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Vitala immediately.

Vitala does not send any advertising messages via the App. Marketing of services or sending commercial information is only possible based on the consent granted by the natural person. This takes place outside of App channels.

No.

No.

This Privacy Policy is governed by and construed in accordance with the laws of Sweden. Any disputes or claims may be brought by the consumer and brought before the court having jurisdiction over the consumer's place of residence. A dispute may also be filed due to Vitala's registered office.

We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.

At the same time, we would like to remind you that you have the right to lodge a complaint with the supervisory authority if you believe that your rights have been violated or we are acting inconsistently with GDPR. We do not limit your rights in any way. The national law in which you reside or where you use the CP applies.

We make the content of the Privacy Policy available at the following URL: https://www.vitala.health/legal. By using the CP, you agree to Privacy Policy terms.

The Privacy Policy may also be made available in a different manner, upon individual request of a given person, if such a person encounters problems in displaying or reading the Privacy Policy.

To this end, they are requested to get in touch with us: info@vitala.health

‍This Privacy Policy applies to the CP. It does not apply to services that have a separate privacy policy that does not contain this Privacy Policy.