We at Vitala Health Inc. located at 16192 Coastal Highway, Lewes, Delaware 19958, EIN
38-4243867, info@vitala.health (“we”, “our” “us”, “the Company”, or “Vitala”) value your privacy and are committed to keeping your personal data confidential.

We provide the Care Portal ("CP") for your use ("you"; "User") in accordance with the Terms and Conditions and Privacy Policy. Please note that Vitala does not provide medical services. In specific cases, the Healthcare Provider, which may be you ("HP"; "Healthcare Provider"), provides medical services to patients.

As an HP, you have access to the Personal Data of Application ("App") users, which you can add and delete through the CP. Vitala only provides services related to the maintenance and technical operation of the CP ("Services"), so please read the following Privacy Policy carefully.

BY ACCESSING AND/OR USING THE APP, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE USING THE SERVICES AND CP.

This Privacy Policy applies to personal data processed through the App. The term "Personal Data" encompasses any information that can be used on its own or in combination with other information to identify an individual or contact a specific person. Some Personal Data may be considered "health data" (i.e., data related to your physical or mental health), "protected health information" or "PHI" (i.e., information that relates to your past, present, or future physical or mental health or condition(s), the provision of healthcare to you, or past, present, or future payments for your healthcare), and/or medical records as defined by law.

We take the protection of personal data seriously and comply with regulations.  Furthermore, we comply with the requirements of the California Consumer Privacy Act of 2018 (“CCPA”) and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Note regarding third-party sites:  CP may contain links to other sites that are not operated by Vitala. If you click a third-party link, you will be directed to that third   party’s   site.   We   strongly   advise   you   to   review   every   site   you   visit   for   the privacy policy(ies). Vitala has no control over and assumes no responsibility for the content,   privacy   policies,   or   practices   of   any   third-party   sites   or   services.   This Privacy Policy does not apply to your use of or access to any third-party sites or services.

We may modify this Privacy Policy from time to time. We will notify you of significant changes by email. The changes will take effect within 30 days. If you do not agree with the proposed changes, you should stop using the CP before the change becomes effective. If you continue to use the CP after the effective date, you will be bound by the updated Privacy Policy terms.

We would like to point out that the Privacy Policy is available in English.

If you have any questions or concerns after reading this Privacy Policy, please do not  hesitate to contact us. We appreciate your feedback. You can contact us by email privacy@vitala.health

For maximum transparency, we present a summary with respect to which Personal Data Vitala is a data controller or HP, and with respect to which Personal Data Vitala is a data processor. A detailed description of each type of Data can be found in section 7.

Vitala acts as the data controller in App in relation to Support Data and Technology Data. We have appointed a Privacy Officer, Mrs. Beata Marek (“PO”). You can contact our PO by email privacy@vitala.health.

We process different types of information from you. Each category of data is explained in depth below and the processing principles.

‍Behavioural Data: We may process data about how you behave and what your habits are based on information that you provide us directly or information that we download from an application that you integrate with our App (e.g., Google Fit or Health Connect). For example, if you allow us, we can track your walking/running activity and daily steps to then show this data in the App and include it in your prescriptions.

You have the ability to decide to enable the feature and initiate data collection within the App. If you choose to do so, the data collected is in connection with the services provided to you by the Healthcare Provider. Vitala processes data based on a data processing agreement with the data controller.Disabling this feature will stop further data collection. However, it does not mean that the data already collected will be deleted from the App. This data will remain visible, and your Healthcare Provider may have used or is using it to provide services to you, which is why it is not deleted. Deleting the Account in the Application will result in deletion of data within 30 days.

‍Contact Data: We may send information to your email address and phone number that is related to the provision of services. This may also include notifications regarding the App. For example, you may receive an SMS with a confirmation code for your account. You may also receive system messages via email. We do not use your contact information for sending spam, and we do not sell this data.

Communication occurs in connection with the proper functioning of the App and the provision of services by the Healthcare Provider. Vitala processes data based on a data processing agreement with the data controller.

You can change your phone number and email address in the App settings. The data prior to the change is stored in relation to records of SMS or email messages sent to you. Deleting the Account in the Application will result in deletion of data within 30 days.

‍Demographic Data: We may process demographic data which may include, but not be limited to, your name, birth year, gender, height, weight, phone number, and email address. The collection of this demographic data is primarily used to create your Account and provision of services by the Healthcare Provider. Vitala processes data based on a data processing agreement with the data controller. Deleting the Account in the Application will result in deletion of data within 30 days.

‍Medical Data: We may process information regarding your health conditions, including, but not limited to, images, age, gender, weight, height, medical history, symptoms, and communications between you and your Healthcare Provider who is providing Services to you via the App. We collect this information to provide you with the Services and to provide your Healthcare Provider with the information required to provide medical treatment through the App.Vitala processes data based on a data processing agreement with the data controller. Deleting the Account in the Application will result in deletion of data within 30 days.

‍Support Data: If you contact us for support or to lodge a complaint, we may collect your email address or telephone number and technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (e.g., IP address). Such information will be used for the purposes of troubleshooting and technical support in accordance with this Privacy Policy. You provide your data voluntarily.

The legal basis for processing by Vitala is the legitimate interest of the data controller related to the proper provision of access and handling of complaints related to the operation of the App. Please remember that we do not provide support in any other scope than issues related to the operation/non-operation/problems with functionalities in the App.

Data is obtained directly from you (your email address or phone number, or any other information you provide) or in connection with your actions in the App (related to actions you take to verify a problem). Remember, we never ask for your login credentials, financial, or medical information. Never provide such information.

Communication with the support department is recorded, meaning that, under the right of control, it can be verified by us in terms of how the consultant provided assistance. We do not offer telephone support.

From the moment you contact us until your issue is resolved, the data is processed for the primary purpose of providing you with support. After providing you with support, the data is processed for secondary purposes, such as archiving our actions to assist you. The data is stored for the purpose of verifying the quality of service provided to you and for establishing, investigating, or resolving legal claims. Please note that we do not retain data beyond 24 months (after this period, it is deleted). After this period, if you file claims with us regarding technical support, we will not be able to assist you.The data will be transferred outside the US to the European Economic Area. Vitala is part of the group and its counterpart in Europe, Aasa Health AB, will have access to data and the right to support the handling of complaints and support processes. We do not profile you. The recipients of the data can only be authorized employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in section 9.

‍Technology Data: We may process your IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages, and files you viewed, your searches, your operating system, and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends and help to resolve technical issues.We do not monitor the activity of a specific App user. We do not profile users.

App improvement is based on statistical analysis. However, if you contact us for technical support, we may track your activity if necessary and related to providing you with support. We do not, however, interfere with any data you have entered. We can only check what action may have caused a specific error in the App. An IP address is considered Personal Data, so it is our duty to inform you that Vitala may collect additional information related to your use of the App in connection with your IP address. You provide your data voluntarily.

Legitimate interest of the data controller related to the proper provision of access and development of the App as well as verification of logs and User activity for the purposes of considering claims and disputes. Anonymous data is used for statistics and service improvement - it is not associated with any user or IP address. The statistics only consist of counting the number of total clicks in the App, loading time, etc.

Data is obtained directly from you. We emphasize that statistical data does not contain personal information and cannot be linked to a specific individual. However, your actions in the App are recorded in the form of logs and are associated with your IP address.

The data is processed from the moment you have an Account in the App until you delete your Account.

The data will be transferred outside the US to the European Economic Area. Vitala is part of the group and its counterpart in Europe, Aasa Health AB, will have access to data and the right to support the handling of complaints and support processes. We do not profile you. The recipients of the data can only be authorized employees or contractors who provide services for us, especially IT solution providers and technical support representatives. More information can be found in section 9.

‍Statistical Data: Vitala processes aggregate data on the use of the App by Users. However, this data does not count as Personal Data because we do not process any data that could link the readings we collect with you or any other User. Statistical Data allows us to analyze. On this basis, we create statistics that allow us to group information (not about specific natural persons) and use it for various purposes, such as creating publications, materials, App development, etc. We do not collect the IP address, name, surname, email address, number personal data and no other data allowing association with a specific natural person. However, we process de-identified data and statistics relating to age, gender, diseases, completed training sessions, self-reported results and ratings.

If you are a US resident, we apply the appropriate regulations. Your request must be responded to within 45 days. Vitala's response to such a request must be made within 45 days of receipt (with a possible 45-day delay upon request).

If Vitala as data controller rejects the request, the consumer retains the right to appeal this decision, and Vitala must provide instructions on how to continue the appeal process. We have 60 days to respond to such appeals.

Your rights include:

- The right to know who is processing personal data, for what purpose and why.

You've been informed in point 7 who processes your data in the App and how. We've specified in which cases we act as the data controller and in which cases as the data processor.

- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
‍We provide access to data through the App. You can also contact us to verify the specific data we process. Remember that Vitala is the data controller only for support data and technology data. In all other aspects, your Healthcare Provider is the data administrator, and you can seek support from them for access to data.

- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient. 
‍We do not send you any advertisements, and we do not process data based on your consent. Similarly, the data controller does not process your App data based on your consent and does not send any advertisements. If you receive an advertisement from your Healthcare Provider or inappropriate information through the App, please contact us. We emphasise that such actions are not allowed in the App. Please note that recommendations or prescriptions for medications, supplements, or other products provided by your Healthcare Provider do not constitute advertising.

- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. 
‍You can modify your data in the App at any time. Some data entered by your Healthcare Provider may not be changeable by you in the App. Contact your Healthcare Provider to change such data. Please remember that certain data may not be changed due to historical events and the obligation to maintain medical documentation. Your Healthcare Provider will inform you in detail if they refuse to change any data.

- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally. 
‍We have the right to refuse data deletion if we need this data to defend claims and disputes. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims. Regarding data for which your Healthcare Provider is the data controller, you can find detailed information in the privacy policy of your Healthcare Provider.

- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”. 
‍Vitala does not process your data in the App as a data controller based on a contract or consent. However, we specify that Vitala acts as a data processor in relation to (i) behavioural data; (ii)  contact data; (iii) demographic data; (iv) medical data - in this case the processing process complies with Healthcare Provider privacy policy and data processing agreement.

- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform the Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
‍The relevant responsibility lies with the data controller. Vitala has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. In the case of data where we act as a processor, the data controller will be informed within the agreed-upon timeframe specified in the data processing agreement. Notification to the supervisory authority or data subjects may also occur if necessary. Regarding data for which Vitala is the data controller, appropriate actions will be taken after assessing the impact of the breach, including its severity.

- The right to lodge a complaint with the supervisory authority.
‍If you are a resident of Europe, GDPR applies to you. Additionally, if you want to make a complaint about the actions of Aasa Health AB, to which we transfer Personal Data as we indicated in point 8, you can do so. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"). The supervisory authority, due to Aasa Health AB, is the Swedish Authority for Privacy Protection. More information you can find here:
‍https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/

We may share your personal information with the following categories of individuals/entities:

‍Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our Services are used.

Our   Business   Partners   are   contractually   bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision   of   services   such   as   data hosting, IT services, customer services, and payment processing.

‍Our Advisors:  We   may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively,   “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.

‍Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.

‍Third Parties Pursuant to Business Transfers:  In the event  of  are organization,   merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.

‍Government and Law Enforcement Authorities: If reasonable and necessary, we may  share your Personal Data to (i) comply with legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or(iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.

Vitala does not process Personal Data in violation of state or federal laws prohibiting unlawful discrimination against consumers. Vitala does not discriminate against consumers for exercising their rights under the law, such as by denying services or benefits.

Vitala does not use cookies in the CP to advertising. We do not sell your Personal Data. With respect to the transfer of Personal Data as part of a group, we declare that access to Personal Data may be limited to a team from Aasa Health AB, of which we are a business partner in the United States of America.

We generally do not collect Sensitive Personal Information outside of the situations described in section 7 and 8. We process this data because it is necessary to perform service by HP. Vitala acts as a data processor.

We only collect and use data that is adequate, relevant and limited to what is reasonably necessary to achieve the stated purpose. We would like to inform you that when acting as a data processor on data for which HP is the data controller, we do not verify the principle of data minimization and HP is responsible for this. If you have any doubts whether your Personal Data is processed in accordance with the principle of minimization and concerns data other than Support Data and Technology Data, please contact us or your employer.

Please be advised that Vitala does not process personal data for purposes that are not reasonably necessary or compatible with the specific purposes for which the Personal Data are processed. Personal Data is not processed for any additional purposes other than those indicated in the Privacy Policy (applies to Vitala activities).

Vitala has established reasonable administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of Personal Data.  We take reasonable measures to protect Personal Data from unauthorized access.  Vitala conducts periodic assessments of data processing activities.

Vitala  understands  the  importance  of  data  confidentiality  and  security.  We  use  a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your Personal Data; (ii) protect against any threats or hazards to the security or integrity of your Personal Data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.

While  Vitala  uses  reasonable  security  controls, WE  CANNOT  GUARANTEE  OR WARRANT  THAT  SUCH  TECHNIQUES  WILL  PREVENT  UNAUTHORIZED  ACCESS  TOYOUR  PERSONAL  DATA. VITALA  IS  UNABLE  TO  GUARANTEE  THE  SECURITY  ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS.

‍YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE OR   SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.

We do not collect user consent in the App for processing PHI/health data. HP, as the data controller, is responsible for obtaining appropriate consent or having legal authorization to process this data. If the App user can give consent in the App, they can just as easily withdraw it through the App.

Vitala does not knowingly collect Personal Data from individuals under the age of 18. Additionally, our Services are not directed to individuals under the age of 18. We request that these individuals not provide Personal Data to us. If we learn that Personal Data from users under the age of 18 has been collected, we will deactivate the User Account associated with that data and take reasonable measures to promptly delete such data from our records. If you are aware of a user under the age of 18 accessing the Services or Platform, please contact us at info@vitala.health.

Deleting your Account in the CP: The Account can only be deleted by the administrator. Please contact the administrator or your employer for more information.

‍Deleting user App Account by HP: You can delete the patient account in the view after logging in.

‍Deleting your Account and processing Personal Data by Vitala: Support Data and Technological Data is processed by Vitala as a data controller. Regardless of whether you delete your Account or HP deletes it, Vitala will process collected information related to Support Data and Technology Data for 5 years from the moment of deleting your Account for the purposes of establishing, pursuing or defending legal claims.

Vitala stores Personal Data on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, and access controls. More information you can find in HIPAA section.

You are solely responsible for preventing unauthorised access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Vitala has no access to or control over your device’s security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use.

Please note that Vitala will never send you an email requesting confidential information, such as account numbers, usernames, passwords, Social Security Numbers, medical or financial data. If you receive a suspicious email from Vitala, please notify us at info@vitala.health.

Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Vitala immediately.

Vitala does not send any advertising messages via the CP. Marketing of services or sending commercial information is only possible based on the consent granted by the natural person. This takes place outside of App channels.

No.

No.

California: If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as CCPA.

‍Colorado: If you are a Colorado resident, the Colorado Privacy Act (CPA) applies.

‍Connecticut: If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) applies.

‍Delaware: If you are a Delaware resident, the Delaware Personal Data Privacy Act (DPDPA) applies.

‍Florida: If you are a Florida resident, the Florida Digital Bill of Rights (FDBR) applies.

‍Indiana: We do not process Personal Data of 100,000 Indiana residents. If so, the regulations will apply to the Indiana Consumer Data Protection Act (ICDPA).Iowa: We do not process Personal Data of 100,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.

‍Minnesota: We do not process Personal Data of 100,000 Minnesota residents. If so, the Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) will apply.

‍Montana: We do not process Personal Data of 50,000 Montana residents. If so, the Montana Consumer Data Protection Act (ICDPA) will apply.

‍New Hampshire: We do not process Personal Data of 35,000 New Hampshire residents. If so, the SB255 will apply.

‍New Jersey: We do not process Personal Data of 100,000 New Jersey residents. If so, the SB332 will apply.

‍Oregon: We do not process Personal Data of 100,000 Oregon residents. If so, the Oregon Consumer Privacy Act will apply.

‍Tennessee: Tenn. Code § 47-18-2107: If a security incident occurs that threatens the security, confidentiality or integrity of Personal Data, which includes name, surname, social security number, Vitala as a data processor takes appropriate steps to inform the data controller as soon as possible, no longer than 45 days. This situation will occur, for example, when the data encryption key is obtained, disclosed or used without permission. Notice to a consumer by HP as a data controller may not be enforced if HP is subject to the Gramm-Leach-Bliley Act (GLBA) or the Health Information Portability and Accountability Act (HIPAA). The regulations are applied appropriately. We do not process Personal Data of 175,000 Tennessee residents. If so, the Tennessee Information Protection Act (TIPA) will apply.

‍Texas: If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA).

‍Utah: We do not process Personal Data of 100,000 Utah residents. If so, the Utah Consumer Privacy Act (UCPA) will apply.

‍Virginia: We do not process Personal Data of 100,000 Virginia residents. If so, the Virginia Consumer Data Protection Act (VCDPA) will apply.

This Privacy Policy is governed by and construed in accordance with the laws of Delaware. Any disputes or claims may be brought by the consumer and brought before the court having jurisdiction over the consumer's place of residence. A dispute may also be filed due to Vitala's registered office.

We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.

At the same time, we would like to remind you that you have the right to lodge a complaint with the supervisory authority if you believe that your rights have been violated or we are acting inconsistently with law.

We make the content of the Privacy Policy available when you download the App and first launch the App. You can read it at any time on our website at the following URL: https://www.vitala.health/legal, Privacy Policy App tab and in App.

By using the App, you agree to Privacy Policy terms.The Privacy Policy may also be made available in a different manner, upon individual request of a given person, if such a person encounters problems in displaying or reading the Privacy Policy. 

To this end, they are requested to get in touch with us: info@vitala.health

‍This Privacy Policy applies to the App. It does not apply to services that have a separate privacy policy that does not contain this Privacy Policy.