Privacy Policy

Statement of Confidentiality and Non-Disclosure

The information contained in this document should be treated as confidential, provided only for the purpose of evaluation by the Recipient. This document, whether printed or in machine readable form, constitutes confidential, proprietary information and trade secrets which are the property of Alula Technologies. All disclosure and/or reproduction of this document, for tender purposes or verbally, is prohibited without express permission in writing by Alula Technologies.

This document contains proprietary and confidential information. All data submitted to RECEIVING PARTY is provided in reliance upon its consent not to use or disclose any information contained herein except in the context of its business dealings with Alula Technologies. The recipient of this document agrees to inform present and future employees of Alula Technologies, and the RECEIVING PARTY, who view or have access to its content of its confidential nature.

The recipient agrees to instruct each employee that they must not disclose any information concerning this document to others except to the extent that such matters are generally known to, and are available for use, by the public. The recipient also agrees not to duplicate or distribute, or permit others to duplicate or distribute, any material contained herein without Alula Technologies’ express written consent.

Alula Technologies retains all title, ownership, and intellectual property rights to the material and trademarks contained herein, including all supporting documentation, files, marketing material, and multimedia. This does not extend to any items belonging to our partners and/or clients.

BY ACCEPTANCE OF THIS DOCUMENT, THE RECIPIENT AGREES TO BE BOUND BY THE AFOREMENTIONED STATEMENT.

Our Principles

At Alula, we are committed to empowering you with a complete view of all your health data in a private account that you control.

Control. You are in control of the personal information you provide to us, which includes sharing, use, and retention.

Access. We empower you with access to your data as provided so that you are able to take charge of your health.

Transparency. We are committed to transparent collection, storage, sharing, and processing of your personal information and providing services to help you explore and understand your health.

Protection. The privacy and protection of your personal information is of the utmost importance to us. We are committed to strong security measures and providing you with information regarding collection, processing, and storage of your personal information.

Introduction

Alula Technologies Limited (“we, “us”, “our” or “Alula”) operates the http://alulatechnologies.com/ , http://alulahealth.com and websites (“Sites”) and related services (together “Alula HealthCloud”). At Alula, our goal is to empower you with control and sharing of your health information. To this end, we collect, process, use and store the personal information that you provide to us from your mobile applications, provider portals, activity trackers, devices, and services.

Our Privacy Policy outlines:

  • how we may process this information
  • what information we collect
  • how we may use this information; and
  • choices about accessing and updating information.

    • This Privacy Policy applies to our Sites as well as to the API services and applications we provide, and related products and services, collectively known as the “Services.” In addition, our Cookie Policy explains our use of browser cookies and other similar tracking technologies, which are part of this Privacy Policy.

    Contact Details

    If you have any questions about this Privacy Policy or our privacy practices, we can be contacted in the following ways:

    Full name of legal entity: Alula Technologies Limited

    Postal address: 1 Mayfair Place, Devonshire House, London W1J 8AJ, England

    Email address: dpo@alulatechnologies.com or info@alulatechnologies.com

    Consenting to use of Personal Information

    By accepting our End User Terms of Service , you consent to the collection, use, storage, and disclosure of personally identifiable information as outlined in the End User Terms of Service and in this Privacy Policy.

    Connecting your Personal Information to our Services

    We handle your personal information, including protected health information (PHI), in compliance with relevant healthcare privacy and security regulations and our contractual commitments to our clients. Currently we serve as a conduit between:

  • Entities responsible for collecting and storing health data
  • Organisational clients utilising our services to gather data from consumers
  • Consumers like yourself

    • Through our service, you have the option to grant us authorisation to access, collect, use, store, and disclose your personal information, which may include sensitive data related to HIV, sexually transmitted diseases, mental health conditions and treatment, substance abuse conditions and treatment, and other relevant information, for the duration of your use of our services.

    Important Definitions

    The following definitions are provided to assist with understanding our Privacy Policy.

    Service or Services. Our Sites as well as the API services and applications we provide, and related products and services, as accessed by a user whether a user has an account or not.

    Personal Information. Personal Information is information that can identify you, either alone or in combination with other information. This includes Protected Health Information that is identified under Protection of Personal Information Act (POPIA) in South Africa, General Data Protection Regulation (GDPR) in the European Union, the UK General Data Protection Regulation (UK GDPR) in the UK, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States of America. Please review the section “Information We Collect from You” for more details.

    Anonymised (or De-identified) Information. De-identified or anonymised information does not identify you based on individual pieces of information or combinations of information. Your direct information (e.g., name) and indirect information (e.g., Device ID) are removed, such that you cannot be reasonably re- identified as an individual. This includes de-identified demographic information, de-identified location information, information about the computer or device from which you access the Alula HealthCloud or other online services, or other analyses we create.

    Aggregate Information. Your individual information is combined and compiled with other individuals’ information for the purpose of analysis. The aggregation process involves de-identification of personal information such that you and other individuals cannot be reasonably re-identified as specific individuals.

    Customers. Customers are business partners of Alula that may incorporate our Services as a component or feature of the Customer’s products (e.g., a chronic condition management platform that uses data from Alula HealthCloud to measure your activity levels) or may deliver features within our Services (e.g., a pharmacy that provides your prescription history).

    Information we may process

    Whenever you access or use our Services, we may process (e.g., collect, use, store, transfer, etc.) different kinds of Personal Data about you, depending on which Alula Technologies service you use: (a) the VitalScore/VitalScore Lite (mobile/web) app, or (b) the Alula Technologies Websites, or (c) AlulaHealth Website. References to VitalScore/ VitalScore Lite refers to your personal wellness data score and measurements based on the use of rPPG technology that processes video clips generated by your camera of your mobile device when taking a 30-second video selfie to assess your general wellness which is intended for Investigational Use Only.

    Our Services are not medical advice and should not be a used as a substitute for clinical judgment by a health care professional.

    Our Service is intended to improve your awareness of your general wellness and is not intended to diagnose, treat, mitigate, or prevent any disease, symptom, disorder, or abnormal physical condition.

    You must consult with a health care professional or emergency services if you believe you may have a medical issue and need medical attention. We will process the relevant personal data about you in accordance with this Privacy Policy, and as follows:

  • Identification and Contact Data from Alula Technologies/ Alula Health Websites: IP Address, and users may optionally provide contact details such as, First name, Last name, Email, Phone number, Company name, Country/Region, and a free form Message.
  • Application Analytics from VitalScore app (mobile/web): App name/bundle- identifier/version – as reported by VitalScore/ VitalScore Lite. Device OS Type (iOS, Android, Windows, Linux, MacOS, Browser) – as reported by VitalScore/ Score Lite. Collected and processed at point of application registration/initiation of service use.
  • Identification and Contact Data from VitalScore/ VitalScore Lite app (mobile/web): IP address, Email address, Device token, Location data. Collected and processed at point of application registration/ initiation of service use and measurement requests. App users may optionally register for access to the VitalScore portal. If they do, an email address or username is collected associated with VitalScore registration for app access, verification, and password resets.
  • Personal Demographics from VitalScore/ VitalScore Lite app (mobile/web): To achieve more accurate measurement results, the processing and analysis may also require or involve additional Personal Data including, but not limited to, the following which is provided by you – Age, Weight, Height, Gender at birth. An encrypted payload containing relevant data is generated and transmitted to Alula HealthCloud.
  • Images and Videos from VitalScore/ VitalScore Lite app (mobile/web): When the service is in use, your device will capture, but will not store or transmit to Alula Technologies or Alula HealthCloud, images, and video through supported mobile device cameras for the purpose of extracting and analysing Facial blood flow and Facial landmarks and features. An encrypted payload containing relevant data, but not picture or video images, is generated and transmitted to Alula HealthCloud.
  • Wellness Data and Measurements from VitalScore/ VitalScore Lite app (mobile/web): Images and videos (see row above) are used to provide Body Mass Index, General Wellness Score, Heart Rate Variability, Mental Score, Physical Score, Mental Stress Index, Waist-to-Height Ratio, Vitals Score, Facial Skin Age, Breathing Rate, Pulse Rate, Irregular Heartbeat Count, Physiological Score, or other similar derived data. This data is the output data generated from providing the Services as opposed to what is collected.
  • Log Data from VitalScore/ VitalSCore Lite app (mobile/web): When VitalScore/VitalScore Lite is used, our servers automatically capture certain information about how a person uses VitalScore, whether by log files, and scripts, including without limitation IP address, configuration information, information about interaction with our Services, device information, and the date, time and/or location that a measurement was taken.

    • Information we collect from you

    We gather personal information as part of providing services to all our users. Upon becoming a user of our services, we will only gather information that you voluntarily authorise for submission. Personal information may include data you report about yourself and/or information collected from devices or third parties. We strongly believe in maintaining the confidentiality of all personally identifiable information that identifies an individual, including your past, present, or future physical or mental health condition, and your Digital Health Check data.

    Account Information: We may collect personal information, including but not limited to, identifying data such as name, email address, password, and address information to set up and manage your account. If our services are provided by your employer or their service provider, your personal information may be forwarded to set up our services for your use. Depending on the services used and your location, we may also collect your South African Identity number, passport number, National Insurance number, Social Security number, date of birth, current benefit coverage, and other official identifiers, such as a driver's license number.

    Health Information: We may collect information such as personal activities, health and wellness data, medications, tests, medical records, and health issues submitted through the services. We will only use this information for the purposes to which you expressly consent.

    Sensitive Information: Certain information you provide is considered sensitive information and may include genetic information, HIV testing or status, mental health, race, ethnicity, and sexual orientation. This information may be recorded in information shared with us by a third party such as a doctor. We will only use this information for the purposes to which you expressly consent.

    Device Information: We may collect device identifiers such as serial number, device type, IP address, browser type, language preferences, and location, operating system, date and time of your access, internet service provider, or mobile carrier, internet domain and host name, and referral URL.

    Cookies and Similar Technologies: We use cookies and similar technologies as described in our Cookie Policy. We recommend that you review that policy to learn about our practices and the controls available to you.

    Profile Information: We collect the information that you voluntarily enter into a user profile. This may include pictures, nicknames, and other personal details. This information is available to third parties that you consent to sharing your personal information through our services.

    Research and Studies Information: Your personal information is collected when you voluntarily participate in research and studies through our services.

    Information from Your Use of Services: We collect information related to your use of our services, such as which healthcare provider you use, which menus you use, pages you view, or search results you click on. You may interact with our support team during the use of our services, in which case, we would collect information about your communications.

    If you visit the site, whether or not you become a user of our services, please note that we will maintain web logs to record data about all visitors and customers who use this site and interact with the services, and we will store this information. These logs may contain IP address information, types of operating systems you use, the date and time you visited the site, and, if you are a user of our services, information about the type of any personal tracker or other device or service you connect to the services and information about the data uploaded from any such device or service.

    All web logs are stored securely and have restricted access by a very limited number of employees who must adhere to strict guidelines regarding user data security and privacy.

    How we use your information

    We utilise your personal information to provide you with our Services, employing various methods.

    Here is how we use your information:

  • Verifying your identity and granting access to the Services, enabling you to share your personal information with selected third parties.
  • Ensuring restricted access to your personal information.
  • Gathering personal data provided by you, imported by you (e.g., from devices), or authorised by you (e.g., lab test results).
  • Storing Digital Health Check data with the aim of calculating a Health Score, empowering users to monitor their health over time. This data is retained for 24 months, in accordance with Alula Technologies Data Retention and Destruction Policy.
  • Transmitting information to third parties authorised by you to receive your personal information through our Services.
  • Generating exports of your personal information as per your authorisation.
  • Sending account notifications and updates about your Services.
  • Developing new Services and enhancing existing ones.
  • Conducting scientific and statistical research and studies.
  • Addressing technical issues with our Services or enforcing our Terms of Service.
  • Identifying and safeguarding against errors, fraudulent activities, malicious behaviour or other suspicious or criminal actions.

    • Alula Services: If you choose to create an Alula account, we may use your personal information to inform you about or present products or services that we believe may interest you.

  • We will not provide your personal information to any third party for their or any other third party’s direct communications without your express consent.
  • You can opt out of receiving these communications by following the instructions contained in each email we send you.
  • Additionally, you can inform us at any time at dpo@alulatechnologies.com if you no longer consent to these communications.
  • If you unsubscribe, you will no longer receive these communications, but we will continue to contact you regarding our Services and respond to your other requests.

    • Non-Personal Data Use

    We may also use non-personal information to analyse data into useful information. This process of data analysis is done using Anonymised and Aggregate Information, is non-personal, and allows us to find correlations and patterns in the data.

    How we share your information

    We prioritise the protection of your personal information and uphold strict standards regarding its sharing. This is how we handle your data:

  • No Sale of Information: We do not sell, lease, or rent your individual-level information to any third party, including our customers, without your explicit consent.
  • Sharing with Vendors and Service Providers: In order to support our business operations and provide certain services, we may share personal information with vendors and service providers. These parties, including hosting services, cloud services, email communication software, and web analytics services, will access, process, or store personal information solely for the purpose of fulfilling their obligations to us. Each vendor and service provider is required to enter into a Data Privacy Agreement with us.
  • Business Transfers: In the event of a merger, acquisition, or other business transfer, your personal information may be shared during the due diligence process and transferred to a successor or affiliate as part of that transaction.
  • Legal Requirements: We may disclose personally identifiable information as required or permitted by law, including compliance with legal processes and law enforcement agencies. We reserve the right to report unlawful activities to law enforcement agencies and may disclose information to protect our rights or property.
  • Information Sharing with Others: You can share your information with others through our Services, such as exporting personal information or sending it to authorised recipients. Your consent is required for sharing personal information with third parties, such as healthcare professionals. You may also participate in research or clinical studies by providing express consent.
  • Automated Decision Making: With your explicit consent, we may use information provided by you, such as health data from wearable devices, to continuously update your account. This allows for real-time updates, such as updating your health score automatically based on data from sources like Apple Watch.
  • Anonymised Data Sharing: We may use and share anonymised or aggregated information for various purposes, including service improvements, public health, research, and analytics, while ensuring legal compliance.
  • Transfer of Data Overseas: Personal Identifiable Data (PID) collected from you is processed, stored, and hosted in the United Kingdom. De-identified data may be transferred outside of the United Kingdom.

    • Your privacy and consent are paramount, and we adhere to stringent protocols to safeguard your personal information.

    Personal Information Security

    The protection of your data is our top priority. We implement rigorous security measures to safeguard your personal information and ensure its confidentiality and integrity.

    This is how we protect your data:

  • Technical, Physical, and Administrative Controls: We employ all reasonable technical, physical, and administrative controls to prevent unauthorised access or disclosure of your personal information and to ensure its proper use. These measures include robust access controls, stringent access management policies, and comprehensive information security policies.
  • Data Storage in the United Kingdom: Your Personal Identifiable data is securely stored in the United Kingdom, adhering to stringent data protection regulations.
  • Data Protection Safeguards: We maintain a high level of data protection through various safeguards, including regular data backups, stringent audit controls, access controls, and data encryption protocols.
  • Secure Transmission: Our Site and Services utilise Secure Socket Layer (SSL) technology to encrypt all connections to and from our platform. This ensures the security of electronic data transmissions, safeguarding your information during transit.
  • Continuous Monitoring: We continuously monitor our systems for any potential security threats or vulnerabilities. Our dedicated team employs advanced security measures to detect and mitigate risks promptly.

    • Despite our comprehensive security measures, it is important to note that no data transmission or storage system is entirely infallible. If you have any concerns about the security of your interactions with our Site or Services or suspect unauthorised access to your account, please contact us immediately at dpo@alulatechnologies.com. We take all reports of potential security breaches seriously and will investigate and address them promptly to ensure the ongoing protection of your data.

    Your access and choices

    As the owner of your health data, you have full control over how it is managed within our Services. Here is a user-friendly guide outlining how you can access, modify, or delete your personal information:

  • Review Your Information: You can easily review the personal information stored in our Services at any time. Simply log in to your account and navigate to the designated section where your information is stored.
  • Control Authorisation: You have the power to authorise which personal information is stored within our Services. This means you can choose which data points are shared and stored, giving you control over who has access to your information.
  • Manage Export Options: You also have the option to export your personal information from our Services. This allows you to maintain a copy of your data for your records or for use with other healthcare providers or services.
  • Make Changes: Should you need to make changes to your personal information, such as updating contact details or modifying health data, you can easily do so within your account settings. Simply navigate to the relevant section and make the necessary adjustments.
  • Request Deletion: If you wish to delete certain personal information stored within our Services, you have the right to do so. Simply contact our support team or access the designated deletion tools within your account settings to initiate the deletion process.

    • By following these steps, you can effectively manage, modify, and control your personal information within our Services, ensuring that your data is handled according to your preferences and needs.

    Your Personal Information with our Services

    You authorise the personal information that is collected, stored, maintained, processed, and used within our Services.

    Deleting or De-authorising Your Data

    We will delete your data as soon as we have no further need for it. For sensitive personal data, in most cases this will be within 48 (forty-eight) hours. For other non- account data, it will be within 6 (six) months.

    You may request to delete any personal information and to de-authorise the collection, use, storage, and disclosure of personal information in the future by sending us an email at dpo@alulatechnologies.com . Any such deletion or de- authorisation will have no effect on sharing of personal information before we receive and are able to act upon such a request.

    During the use of our Services, you may authorise us to send your personal information to customers or third parties who are providing you value. You will have full transparency regarding whom within the ecosystem you previously sent your personal information. To delete a copy of your records from these entities, you will need to follow their policies and procedures for data deletion.

    Exporting a copy of your data

    You can export a copy of your personal information that is stored within our Services. If you have questions about exporting Personal Information from our Services, please contact dpo@alulatechnologies.com.

    Changes to Your Personal Information

    We work with multiple medical and wellness providers to enable you to obtain and hold copies of your personal information. We may also provide tools for you to manually enter health data or collect data from devices. While we strive to collect complete and accurate information from the sources provided to us, we do not have control over the accuracy, completeness, or quality of information entered or sent to us. For example, you may identify incorrect, incomplete, or outdated information from a third-party provider. If you have questions or find issues with your personal information, it is your responsibility to identify issues and ensure corrections are made to the original source of information.

  • For manually entered information, you are responsible for reviewing information and making corrections.
  • For a device, you should contact the device’s manufacturer.
  • For a care provider, you should contact the provider who controls your original information.

    • Your Responsibility to Protect Your Personal Information

    You are responsible for the handling, sharing, re-sharing, and distribution of your personal information. We disclaim any responsibility or liability for any consequences arising from your disclosure of personal information. Furthermore, if you transmit personal information electronically to another person, whether on or off our Site or Services, we shall not be held accountable for any harm or consequences resulting from third-party use or re-sharing of your information. We strongly advise sharing personal information only with individuals and third parties whom you trust.

    Additionally, we emphasise the importance of safeguarding the integrity of your data. It is your responsibility to ensure that your personal accounts and login credentials are kept secure and inaccessible to unauthorised individuals. When using public or shared devices, such as those in libraries or internet cafes, always remember to log out of our Site or Services.

    If you access our Site or Services via your employer's network or through public internet connections, such usage is undertaken at your own risk. It is incumbent upon you to verify the privacy and security policies of the company regarding internet usage.

    Please note that we cannot verify the identity of any non-employee individuals you may encounter while using our Site or Services, nor can we vouch for the authenticity of any information provided by others.

    Third-Party Sites and Trusted Relationships

    When using our Site, you may encounter links to other websites. It is important to understand how your privacy and security may be affected when navigating these third-party sites. Below are a few guidelines for navigating Third-Party Sites liked from Alula Technologies:

  • Our Approach: We prioritise the protection of your personal information. We do not share your data with third-party sites unless it is authorised under the End User Terms of Service or with your explicit consent, where required.
  • Understanding Privacy Policies: Each third-party website may have its own privacy policies and procedures. We encourage you to familiarise yourself with these policies before interacting with these sites. Look for information about how they collect, use, and protect your personal data.
  • Trusted Partners: We strive to collaborate with trusted partners and organisations that uphold similar privacy and ethical standards to ours. While we cannot guarantee the practices of every linked site, we make efforts to work with reputable entities that prioritise user privacy and security.
  • Exercise Caution: Exercise caution when clicking on links that redirect you to external sites. Be mindful of sharing sensitive information and consider the potential risks associated with interacting on third-party platforms.
  • Consent and Authorisation: Your consent plays a crucial role in data sharing with third-party sites. Before providing any personal information or authorising data transfer, ensure that you understand how your data will be used and whether you are comfortable with the terms outlined by the third party.

    • By staying informed about privacy policies, exercising caution, and being mindful of consent, you can navigate third-party sites linked from our platforms while safeguarding your privacy and security. If you have any concerns or questions regarding data sharing practices, feel free to reach out to us for assistance.

    Please refer to our End User Terms of Service for further details on data sharing and your rights and responsibilities as a user.

    Account closure

    To close your account and ensure the deletion of your personal information, please follow these steps:

  • Send a closure request: Simply email your request to close your account to dpo@alulatechnologies.com.
  • Account closure process: Upon receiving your request, we will promptly initiate the closure process for your account. Your account and all associated personal information will be deleted within 30 (thirty) days from the receipt of your request.
  • Implications of account closure: Please be aware that the deletion of personal information within our Services does not extend to any data previously shared with third parties through our platform or any participation in research studies to which you provided consent. For such cases, you must directly contact the respective third parties to manage your information.
  • Handling of personal data post-closure: Rest assured that even after your account is closed, we adhere to stringent protocols to safeguard your personal data. We may retain certain information in accordance with legal requirements or contractual obligations with third parties. This includes retaining de- identified personal information and limited account registration details necessary for accounting, audit, and compliance purposes.

    • By following these steps, you can effectively close your account while ensuring that your personal information is handled responsibly and in compliance with applicable laws and regulations. If you have any further questions or concerns, please do not hesitate to reach out to us at dpo@alulatechnologies.com . Your privacy and data security are our top priorities.

    Other important information

    We are committed to keeping you informed about any changes or events that may affect your personal information.

    Notifications: You will be notified in the event of a data breach impacting your personal information, as required by law. We will provide instructions on any further actions you may need to take. You will also be notified if there is a Business Transfer involving your personal information, and if the recipient intends to use your information differently from what is outlined in this Privacy Policy. In such cases, you have the option to delete or export your personal information as described above, or to close your account.

    Data Retention: We ensure that identifiable information about you is retained only for as long as necessary to fulfil our business purposes or to meet legal requirements. This information is held for no longer than 24 (twenty-four) months.

    Children: We do not permit individuals under the age of 13 (thirteen) yeas old to create accounts that grant access to our secure Site unless they obtain prior consent from a parent or guardian.

    Changes to this Privacy Policy: Our Privacy Policy may be updated in the future. If changes are made, we will notify you by posting updates on our Site and other relevant platforms. Each update will be accompanied by an effective date. If you disagree with any changes, you have the option to delete your account by contacting us at dpo@alulatechnologies.com .

    Concerns or Questions

    Your feedback is valuable to us. If you have any questions or suggestions on how we can enhance our privacy policy regarding personal information, please feel free to email us at dpo@alulatechnologies.com . We are here to address any concerns you may have and continuously improve our practices to better protect your data.

    Last update date: 10 April 2024

    Privacy Policy | Terms & Conditions | Cookie Policy