This Privacy Policy (hereinafter referred to as the "Privacy Policy") applies to all users of the website https://www.vitala.health (hereinafter referred to as the "Website"). Using the Website constitutes acceptance of the terms of the Privacy Policy. If you do not agree to the terms, please stop using the Website.

This notice describes how we process the data in Vitala. Please review it carefully. If you need information about how your data is processed in Care Portal, please read the Care Portal Privacy Policy. If you want to learn how your data is processed in the Application, please read the Application's Privacy Policy. In this document you will find a description of the general principles on which Vitala operates.

The Vitala Group (hereinafter referred to as "the Vitala Group") consists of the following companies: (a) Aasa Health AB, org. no. 559116-7936, with address Ola Hanssonsgatan 4, apt 1004, 112 52 Stockholm, Sweden (hereinafter referred to as “Vitala Europe”); (b) Vitala Health Inc.  located at 16192 Coastal Highway, Lewes, Delaware 19958, EIN 38-4243867, info@vitala.health  (hereinafter referred to as “Vitala US”).

The Vitala Group is represented by Vitala Europe in case representation of the Vitala Group is necessary. Vitala Europe is the representative of Vitala US in Europe.For obligations and representation before the client or user, the company from the Vitala Group that incurred the obligations or on which obligations rest is responsible.

The Vitala Group is part of a group of companies that have a legitimate interest in transmitting personal data within their own group of companies for internal administrative purposes, including the processing of personal data of clients and employees (data is transferred within the Vitala Group to a company domiciled in a third country within the meaning of the GDPR - Vitala US).

The Website is operated by Vitala Europe.

Email address for general inquiries: info@vitala.health 

Email address for reporting illegal content: info@vitala.health 

Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health 

Email address of the Privacy Officer in Vitala US: privacy@vitala.health 

‍Management of Vitala Europe: Petter Aasa, CEO
‍
Management of Vitala US: Petter Aasa, CEO

Brands managed by Vitala Europe: Vitala

Data controller refers to the entity or person that determines the purposes, conditions, and means of the processing of personal data.

Important notice: For CP and App users in the United States of America, the data controller is Vitala US. Detailed information can be found in the relevant Privacy Policy. For other CP and App users, Vitala Europe is the data controller. Detailed information can be found in the relevant Privacy Policy.

If you have any questions or concerns after reading this document please do not hesitate to contact us.

We appreciate your feedback. 
‍
Email address of the Data Protection Officer in Vitala Europe: gdpr@vitala.health 
Email address of the Privacy Officer in Vitala US: privacy@vitala.health

Vitala Europe has appointed a Data Protection Officer, Mrs. Beata Marek (“DPO”).
You can contact our DPO by email gdpr@vitala.health

For a more understandable message, we assume that the data subject will be referred to as "you". We assume that for easier communication to you, we will continue to write "we" when it comes to the data controller.

Important notice: The table below presents information that does not include data processed within the Care Portal and data processed within the Application. Information about the method of processing can be found in the privacy policy that applies to a specific solution.

Consent is voluntary. You can withdraw your consent at any time. Please note that if you withdraw your consent, we will no longer process the data associated with further processing, but we have the right to retain information for the purpose of establishing, investigating, or defending legal claims, based on the consent provided, including when you granted and subsequently withdrew your consent.

If you are a US resident, we apply the appropriate regulations. Your request must be responded to within 45 days. Vitala's response to such a request must be made within 45 days of receipt (with a possible 45-day delay upon request). If Vitala as data controller rejects the request, the consumer retains the right to appeal this decision, and Vitala must provide instructions on how to continue the appeal process. We have 60 days to respond to such appeals.

Your rights include:

- The right to know who is processing personal data, for what purpose and why.
You've been informed in point 1-5 above.

- The right to access the personal data held by an organisation free of charge, and to receive a copy in an accessible format.
‍We provide access to data within the limits and possibilities permitted by law. You can also contact us to verify what specific data we process.

- The right to object to an organisation processing personal data without consent, unless there is a higher priority public interest. The right to object at any time to direct advertising, i.e. advertising sent directly to the recipient. 
‍Advertisements and offers from Vitala Group or one of the group companies are directed only to people who have given their consent.

- The right to have data corrected if they are incorrect, incomplete, or untrue when they are processed by an organisation. You can check and ask us what data we process at any time. We encourage you to update your information.

- The right to have data deleted, which is also referred to as the right to be forgotten. This right is applicable if a person’s data is no longer needed or is being processed illegally. 
‍We have the right to refuse data deletion if we need this data to defend claims and disputes. We have provided detailed descriptions of the cases and the duration for which we process data for the purpose of establishing, investigating, or defending legal claims.

- The right to move data relates to when personal data is being used by a company following consent or agreement. In that case, the data can be returned or transferred to another company at the individual’s request. This is referred to as the right to “data portability”. 
‍Within the limits permitted by law and technical possibilities, we will try to help. We reserve that in some cases it may not be possible to transfer data - e.g. if you would like the consent given to us together with the information we have collected (e.g. from a survey) to be transferred to another entity etc.

- The right to be informed of the loss of personal data means that an organisation that holds personal data must inform the Authority for Privacy Protection and/or Data Protection Authority (depending on the registered office) about any personal data breaches that entail a risk to the privacy of an individual. If the breach poses a high risk to an individual, the individual must also be informed in person.
‍Vitala Group has implemented a process for handling data breaches or privacy violations, including assessing the impact of such breaches, in accordance with ENISA guidelines. This allows us to determine whether a data breach is of high, medium, or low severity. We also investigate privacy violations. We take part in appropriate actions will be taken after assessing the impact of the breach, including its severity.

- The right to lodge a complaint with the supervisory authority.
‍If you are a resident of Europe, GDPR applies to you. Additionally, if you want to make a complaint about the actions of Vitala Europe, to which we transfer Personal Data as we indicated in point 8, you can do so. Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them violates the  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter referred to as "GDPR"). The supervisory authority, due to Aasa Health AB, is the Swedish Authority for Privacy Protection. More information you can find here: https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/

We may share your personal information with the following categories of individuals/entities:

‍Business Partners and Vendors: We share Personal Data with a limited number of partners, service providers, and other persons/entities who help run our business (“Business Partners”). Specifically, we may employ third-party companies and individuals to facilitate our Services, provide Serviceson our behalf, perform Service-related functions, or assist us in analyzing how our   Services   are   used.   Our   Business   Partners   are   contractually   bound   to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but isnot   limited   to,   the   provision   of   services   such   as   data   hosting,   IT   services, customer services, and payment processing.

‍Our Advisors:  We may share your Personal Data with third parties that provide advisory services to Vitala, including, but not limited to, our lawyers, auditors, accountants, and banks (collectively,   “Advisors”). Personal Data will only be shared with Advisors if Vitala has a legitimate business interest in the sharing of such data.

‍Third Parties Upon Your Direction or Consent: You may direct Vitala to share your Personal Data with third parties. Upon your request and consent, we may share such Personal Data with those third parties that you identify.

‍Third Parties Pursuant to Business Transfers:  In   the   event   of   are organization,   merger,   sale,   joint   venture,   assignment,   transfer,   or   other disposition of all or any portion of Vitala’s corporate entity, assets, or stock(including in connection with any bankruptcy or similar proceedings), we may share your Personal Data with a third party.

‍Government   and   Law   Enforcement   Authorities: If  reasonable  and necessary,  we  may  share  your  Personal  Data  to  (i)  comply  with  legal processes or enforceable governmental requests, or as otherwise required bylaw; (ii) cooperate with third parties in investigating acts or omissions that violate this Privacy Policy or the Terms and Conditions; or(iii) bring legal action against someone who may be violating the Terms and Conditions or who may be causing intentional or unintentional injury or interference to the rights or property of Vitala or any third party, including other users of our Services.

We do not profile personal data. We do not use automated programs.

The transfer of data to third countries takes place on the basis of the agreements we have signed. According to the provisions of the GDPR, each case of transferring personal data to a third country (outside the EEA) must be based on the appropriate legal basis for data processing. One of the mechanisms through which companies transfer personal data outside the EEA is the article 45 of GDPR. The European Commission has the power to determine, on the basis of article 45 of GDPR whether a country outside the EU offers an adequate level of data protection. The second way is the article 46.2.c of GDPR, so-called Standard Contractual Clauses (SCC). SCCs are template contracts that the European Commission has approved for use and permitted their application by issuing relevant decisions in this regard. Below are the entities we cooperate with and the appropriate legal basis for data transfer:

No one of company from Vitala Group does not process personal data in violation of state or federal laws prohibiting unlawful discrimination against consumers. Vitala does not discriminate against consumers for exercising their rights under the law, such as by denying services or benefits.

No one of company from Vitala Group does not sale your personal Data. With respect to the transfer of personal data as part of a group, we declare that access to personal data may be limited to a team from Vitala Europe to Vitala US.We inform you that we use the RB2B script, the purpose of which is to help increase the efficiency of using the Website. The service is limited to users from the territory of the USA (based on IP address verification). You can read in detail about how the script works here: https://support.rb2b.com/en/articles/8891294-how-does-rb2b-work.

You have the right not to agree to the script function. You can visit: https://app.retention.com/optout All US residents may exercise their right to opt-out by sending an email to support[at]retention.com withdrawing their consent to resell their personal information to third parties. They may authorize other persons to act on their behalf solely for the purposes of exercising their right to opt-out. The content of the email should include the email address of the person exercising the right to opt-out. Any personal information provided in the email in connection with the submission of the opt-out request will be used solely for the purposes of complying with the request.

We generally do not collect sensitive personal information required by law or resulting from contracts or the provision of services.

We only collect and use data that is adequate, relevant and limited to what is reasonably necessary to achieve the stated purpose.

Please be advised that Vitala does not process personal data for purposes that are not reasonably necessary or compatible with the specific purposes for which the Personal Data are processed. Personal Data is not processed for any additional purposes other than those indicated in the Privacy Policy (applies to Vitala activities). 

Important notice: For CP and App users in the United States of America, the data controller is Vitala US. Detailed information can be found in the relevant Privacy Policy. For other CP and App users, Vitala Europe is the data controller. Detailed information can be found in the relevant Privacy Policy.

Vitala Group has established reasonable administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of Personal Data.  We take reasonable measures to protect Personal Data from unauthorized access.  Vitala Group conducts periodic assessments of data processing activities.

Vitala Group understands  the  importance  of  data  confidentiality  and  security.  We  use  a combination of reasonable physical, technical, and administrative security controls to (i) maintain the security and integrity of your personal data; (ii) protect against any threats or hazards to the security or integrity of your personal data; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.

While  Vitala Group uses  reasonable  security  controls, WE  CANNOT  GUARANTEE  OR WARRANT  THAT  SUCH  TECHNIQUES  WILL  PREVENT  UNAUTHORIZED  ACCESS  TOYOUR  PERSONAL  DATA.  VITALA  IS  UNABLE  TO  GUARANTEE  THE  SECURITY  ORINTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE ISNO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED,ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. YOU ASSUME THE RISK THAT UNAUTHORISED ENTRY OR USE, HARDWARE   OR   SOFTWARE   FAILURE,   AND   OTHER   FACTORS   MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME. WE MAKE EVERY EFFORT TO ENSURE SUCH SITUATIONS DO NOT OCCUR.

Expressing consent is free and voluntary. You can withdraw your consent at any time. You can contact us and your consent will be withdrawn. Attention. Withdrawal of consent does not mean that your data will be deleted. We have described that we have the right to process data for the purposes of establishing, pursuing or defending legal claims (e.g. to be able to prove when and what you have agreed to).

California: If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as CCPA. 

‍Colorado: If you are a Colorado resident, the Colorado Privacy Act (CPA) applies. 

‍Connecticut: If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) applies. 

‍Delaware: If you are a Delaware resident, the Delaware Personal Data Privacy Act (DPDPA) applies.

‍Florida: If you are a Florida resident, the  Florida Digital Bill of Rights (FDBR) applies.

‍Indiana: We do not process Personal Data of 100,000 Indiana residents. If so, the regulations will apply to the Indiana Consumer Data Protection Act (ICDPA).

‍Iowa: We do not process Personal Data of 100,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.

‍Minnesota: We do not process Personal Data of 100,000 Minnesota residents. If so, the Minnesota Consumer Data Privacy Act (HF 4757 / SF 4782) will apply.

‍Montana:  We do not process Personal Data of 50,000 Iowa residents. If so, the Iowa Consumer Data Protection Act (ICDPA) will apply.

‍New Hampshire: We do not process Personal Data of 35,000 New Hampshire residents. If so, the SB255 will apply.

‍New Jersey: We do not process Personal Data of 100,000 New Jersey residents. If so, the SB332 will apply.

‍Oregon: We do not process Personal Data of 100,000 Oregon residents. If so, the Oregon Consumer Privacy Act will apply.

‍Tennessee: Tenn. Code § 47-18-2107: If a security incident occurs that threatens the security, confidentiality or integrity of Personal Data, which includes name, surname, social security number, Vitala as a data processor takes appropriate steps to inform the data controller as soon as possible, no longer than 45 days . This situation will occur, for example, when the data encryption key is obtained, disclosed or used without permission. Notice to a consumer by HP as a data controller may not be enforced if HP is subject to the Gramm-Leach-Bliley Act (GLBA) or the Health Information Portability and Accountability Act (HIPAA). The regulations are applied appropriately.  We do not process Personal Data of 175,000 Tennessee  residents. If so, the Tennessee Information Protection Act (TIPA) will apply.

‍Texas: If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act (TDPSA).

‍Utah: We do not process Personal Data of 100,000 Utah residents. If so, the Utah Consumer Privacy Act (UCPA) will apply.

‍Virginia: We do not process Personal Data of 100,000 Virginia residents. If so, the Virginia Consumer Data Protection Act (VCDPA) will apply.

You can manage your consent to cookies through the settings in the tool on the Website.

You can read about which specific cookies are attached to the RB2B script here: https://support.rb2b.com/en/articles/9307610-what-cookies-does-rb2b-store-on-a-visitor-s-device

We may modify this Privacy Policy from time to time. The document displayed on the Website applies. If you do not agree with the proposed changes, you should stop using the Website. We have no obligation to send you notices regarding changes to the Website. If you use the Website after the effective date, you will be bound by the updated terms of the Privacy Policy.

We would like to point out that the Privacy Policy is available in English and other languages. For other languages, we use machine translation from English. Machine translation may not be perfect, so in cases of dispute over interpretation, English (the source language of translation) shall prevail. Please remember that we always prioritise the welfare of our users, and no provisions will be interpreted to the detriment of the consumer within the meaning of the law.

The content and materials contained on the Website are prepared with care. However, none of the companies within the Vitala Group can guarantee the correctness, completeness, and timeliness of the content and materials on the Website.

None of the companies within the Vitala Group are responsible, in particular, for content and materials that are not their property.In the case of services provided by companies within the Vitala Group that may involve storing customer data (hosting services), none of the companies within the Vitala Group supervise the transmitted data or stored information, nor do they investigate circumstances indicating unlawful activity.

However, this does not affect the obligations of the companies within the Vitala Group regarding the acceptance of reports of illegal information, removal, or blocking of the use of such information in accordance with legal regulations, especially the DSA. In the event of knowledge of legal violations, illegal information will be promptly removed, and none of the companies within the Vitala Group shall be liable for this.

The Website may contain hyperlinks leading to third-party websites. We do not control the information found there as we do not update these websites and are not responsible for them. The providers of these websites are always responsible for the content of the pages to which the links lead.

Vitala Europe makes efforts to check the content of links added to the Website. However, without specific indications of legal violations, we cannot be expected to constantly monitor the content of the pages to which the Website refers. If you notice a violation, please inform us.

Each of the Vitala Group companies is not liable for damages or lost profits related to the use of the Website within the limits permitted by law to the fullest extent possible. In cases where such liability is provided, the amount of this liability shall be 1 EUR unless the limitation cannot be applied.

In no event is the Website directed at consumers and is solely directed at adult individuals who, in connection with their business or profession, may be capable of making business decisions.In the event that one of company from Vitala Group liability cannot be completely limited, each of the Vitala Group companies shall be liable only for actual damages incurred in connection with the use of the Website (it is not liable for lost profits).

Each of the Vitala Group companies is under no obligation to pay any compensation for incidental or consequential damages, exemplary damages, damages for moral losses and secondary damages, damages for loss of profits, or damages resulting from loss of data or disruption of operations arising from the use or inability to use the Website, whether claims are based on warranty, contract, tort law, or other legal theory, and regardless of whether each of any Vitala Group companies has been informed of the possibility of such damages.

If you use the Website, you may not engage in actions contrary to law and good customs, including (a) concealing information about trademarks; (b) infringing copyrights; (c) concealing the origin of information; (d) generating excessive burden on the Website; (d) injecting malicious code; (e) scanning Website vulnerabilities without informing Vitala Europe; (f) circumventing security; (g) making any copies of the Website or its parts; (h) posting false or misleading information about the Website or on the Website; (i) transmitting or attempting to transmit malicious software such as viruses, trojans, worms, time bombs, or other computer programming routines whose purpose is to destroy, disrupt, capture, or appropriate any Information, system, Website or infringe intellectual property rights or others; (j) using automated systems to collect or search for information on the Website.

You may not use the Website in a manner that may adversely affect the performance or operation of the Website or hinder access to the Website.

This Privacy Policy is governed by and construed in accordance with the laws of Sweden. Any disputes or claims may be brought by the consumer and brought before the court having jurisdiction over the consumer's place of residence. A dispute may also be filed due to Vitala's Europe registered office.

We are open to all the needs of users and our customers. Therefore, please contact us first before you decide to take legal action. We believe that we will be able to find an amicable solution to the situation.