Privacy Policy

Alula Technologies Group (“Alula”), headquartered in the United Kingdom comply with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), both UK and EU versions, and the Protection of Personal Information Act (POPIA), as well as additional Privacy Laws and Regulations, as required.

We value your privacy and are committed to protecting your personal information. This Privacy Statement explains how we collect, use, disclose, and safeguard your personal data, including sensitive or special categories of data (such as health and medical data.

Please read this Privacy Statement carefully to understand our views and practices regarding your personal data and how we will treat it.

Information We Collect

We collect and process personal data when you visit our website or interact with our services. The personal data we collect may include:

  • Personal Information: Such as your name, contact information (email address, phone number), and any other information you provide to us directly.
  • Health and Medical Information: We may collect sensitive health and medical information (Special Categories of Personal Data) if you are using our health-related services or products. This includes data such as medical records, treatment information, and other health-related details. We process such data in strict compliance with HIPAA (for US-based individuals) and the GDPR's special provisions for sensitive data, ensuring the highest level of protection.
  • Usage Data: Information about your visit to our website, including your IP address, browser type, device information, and browsing behaviour (e.g., pages visited, time spent on the site).
  • Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your usage patterns and enhance your experience on our website. You can manage your cookie preferences through your browser settings.

How We Use Your Data

We use your personal data, including sensitive health and medical data, for the following purposes:

  • To provide, maintain, and improve our services, particularly health-related services.
  • To communicate with you, respond to your inquiries, and provide customer support, including handling sensitive health-related queries.
  • To comply with legal and regulatory requirements, including but not limited to those under HIPAA, GDPR, POPIA, and other applicable laws regarding the processing of sensitive health information.
  • To analyse website usage and improve user experience.
  • For marketing purposes, where we have obtained your consent (and only for non-sensitive data unless we have specific consent for health-related information).
  • Handling of Sensitive Data: In instances where we process health and medical data, we ensure that we obtain explicit consent from you (where required), and we limit the use of such data to the specific purposes for which it was provided.

Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

  • Consent: Where you have given us your explicit consent to process your personal data, particularly for sensitive health and medical data.
  • Contractual Necessity: To fulfil a contract with you or take steps to enter into a contract, such as providing health-related services.
  • Legal Obligation: To comply with legal requirements, inclusive of but not limited to HIPAA, GDPR, or POPIA, especially for the processing of sensitive health and medical information.
  • Legitimate Interests: Where it is necessary for our legitimate interests, provided that your rights and freedoms are not overridden.
  • Special Categories of Data: We process health and medical data only where we have explicit consent or where processing is necessary for reasons of public interest in the area of public health, medical diagnosis, or the provision of healthcare.

Data Sharing and Disclosure

We do not share or disclose your personal data, including sensitive health data, to third parties except in the following circumstances:

  • Service Providers: We may share your personal data with trusted third-party service providers who assist us in operating our business, such as hosting providers, payment processors, customer support services, and healthcare professionals. These third parties are obligated to keep your data confidential and only use it in accordance with our instructions.
  • Legal Requirements: We may disclose your personal data if required by law, regulation, or legal process (e.g., to comply with a subpoena or court order).
  • Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your personal data, including sensitive health data, may be transferred as part of that transaction, subject to applicable laws.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

This includes implementing encryption, secure data storage, access controls, and privacy training for our staff. In particular, sensitive health and medical data is subject to additional security protocols, in compliance with HIPAA and GDPR requirements.

However, no method of transmission over the Internet or method of electronic storage is 100% secure, so while we strive to protect your personal data, we cannot guarantee its absolute security.

Your Rights

You have the following rights regarding your personal data, including sensitive health and medical information:

  • Right to Access: You can request a copy of the personal data we hold about you, including sensitive health information, in accordance with applicable law.
  • Right to Rectification: You can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: You can request the deletion of your personal data, including sensitive health data, subject to certain conditions (e.g., if it is no longer necessary for the purposes for which it was collected).
  • Right to Restriction of Processing: You can request the restriction of processing your personal data in certain circumstances, especially sensitive health data.
  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data, including sensitive health data, for specific purposes, such as direct marketing.
  • Right to Withdraw Consent: If we process your data based on consent (such as health data), you can withdraw your consent at any time.

To exercise these rights, please contact us using the details provided below.

International Transfers of Personal Data

If your personal data, including sensitive health and medical data, is transferred outside of the European Economic Area (EEA), South Africa, or the United States, we ensure that appropriate safeguards are in place, such as standard contractual clauses or other mechanisms, to protect your data in accordance with applicable laws.

Retention of Data

We will retain your personal data, including sensitive health and medical data, only for as long as necessary to fulfil the purposes outlined in this Privacy Statement, or as required by law or regulation. When your data is no longer needed, it will be securely deleted or anonymised in accordance with applicable data retention policies.

Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the updated Privacy Statement on our website.

Contact Information

You can contact Alula Technologies with questions, suggestions, or concerns about the policy or the use of your personal data by emailing dpo@alulatechnologies.com.

Should you wish to report misconduct, misuse of information, or unethical behaviour please visit: https://www.alulatechnologies.com/whistle-blower