At Alula, we are committed to empowering you with a complete view of all your health data in a private account that you control.
Control. You are in control of the personal information you provide to us, which includes sharing, use, and retention.
Access. We empower you with access to your data as provided so that you are able to take charge of your health.
Transparency. We are committed to transparent collection, storage, sharing, and processing of your personal information and providing services to help you explore and understand your health.
Protection. The privacy and protection of your personal information is of the utmost importance to us. We are committed to strong security measures and providing you with information regarding collection, processing and storage of your personal information.
Alula Technologies Limited (“we, “us”, “our” or “Alula”) operates the https://alulatechnologies.com/ , http://alulahealth.com and https://facescan.alulahealth.com/ websites (“Sites”) and related services (together “Alula HealthCloud”). At Alula, our goal is to empower you with control and sharing of your health information. To this end, we collect, process, use and store the personal information that you provide to us from your mobile applications, provider portals, activity trackers, devices, and services.
Our Privacy Policy outlines:
This Privacy Policy applies to our Sites as well as to the API services and applications we provide, and related products and services, collectively known as the “Services.” In addition, our Cookie Policy explains our use of browser cookies and other similar tracking technologies, which are part of this Privacy Policy
If you have any questions about this Privacy Policy or our privacy practices, we can be contacted in the following ways:
Full name of legal entity: Alula Technologies Limited
Postal address: 1 Mayfair Place, Devonshire House, London W1J 8AJ, England
Email address: dpo@alulatechnologies.com or info@alulatechnologies.com
By accepting our End User Terms of Service, you consent to the collection, use, storage, and disclosure of personally identifiable information as outlined in the End User Terms of Service and in this Privacy Policy.
We maintain your personal Information, and in particular protected health information, in compliance with applicable health care privacy and security rules and our contractual obligations with our customers. Currently we act as a conduit between (a) entities that collect and store health data (b) organisational customers that use our Services to collect data from consumers, and (c) consumers such as yourself.
Through the Service, you can authorise us to access, collect, use, store, and disclose your personal information, including sensitive information that may relate to HIV and/ or other sexually-transmitted diseases, mental and behavioural health conditions and treatment, substance abuse conditions and treatment, and other data, throughout the term of your use of the Services.
The following definitions are provided to assist with understanding our Privacy Policy.
Service or Services. Our Sites as well as the API services and applications we provide, and related products and services, as accessed by a user whether a user has an account or not.
Personal Information. Personal Information is information that can identify you, either alone or in combination with other information. This includes Protected Health Information that is identified under Protection of Personal Information Act (POPIA) in South Africa, General Data Protection Regulation (GDPR) in the European Union, the UK General Data Protection Regulation (UK GDPR) in the UK, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States of America. Please review the section “Information We Collect from You” for more details.
Anonymised. or De-identified) Information. De-identified or anonymised information does not identify you based on individual pieces of information or combinations of information. Your direct information (e.g., name) and indirect information (e.g., Device ID) are removed, such that you cannot be reasonably re-identified as an individual. This includes de-identified demographic information, de-identified location information, information about the computer or device from which you access the Alula HealthCloud or other online services, or other analyses we create.
Aggregate Information. Your individual information is combined and compiled with other individuals’ information for the purpose of analysis. The aggregation process involves de-identification of personal information such that you and other individuals cannot be reasonably re-identified as specific individuals.
Customers. Customers are business partners of Alula that may incorporate our Services as a component or feature of the Customer’s products (e.g., a chronic condition management platform that uses data from Alula HealthCloud to measure your activity levels) or may deliver features within our Services (e.g., a pharmacy that provides your prescription history).
We collect personal information as part of providing Services to all of our users. Upon becoming a user of our Services, we will only collect information that you voluntarily authorise for submission. Personal Information may include information you report about yourself and/ or information collected from devices or third parties. We vigorously believe in keeping confidential all personally identifiable information that identifies an individual, including your past, present, or future physical or mental health condition.
Account Information. We may collect personal information that includes, but is not limited to, identifying data such as name, email address, password, and address information in order to set up and manage your account. If our Services are provided by your employer or your employer’s service provider, your personal information may be forwarded to set up our Services for your use. Depending on the Services used, and your location, we may also collect your South African Identity number, passport number, National Insurance number, Social Security number, date of birth, current benefit coverage, and other official identifiers, such as a driver license number.
Health Information. We may collect information such as personal activities, health and wellness data, medications, tests, medical records, and health issues submitted through the Services. We will only use this information for the purposes to which you expressly consent.
Sensitive Information. Certain information you provide is considered sensitive information and may include genetic information, HIV testing or status, mental health, race, ethnicity, and sexual orientation. This information may be recorded in information shared with us by a third party such as a doctor. We will only use this information for the purposes to which you expressly consent.
Device Information. We may collect device identifiers such as serial number, device type, IP address and browser type, language preferences and location, operating system, date and time of your access, internet service provider or mobile carrier, internet domain and host name, and referral URL. Cookies and Similar Technologies. We use cookies and similar technologies as described in our Cookie Policy. We recommend that you review that policy to learn about our practices and the controls available to you.
Profile Information. We collect the information that you voluntarily enter into a user profile. This may include pictures, nicknames, and other personal details. This information is available to third parties that you consent to sharing your personal information through our Services.
Research and Studies Information. Your personal information is collected when you voluntarily participate in research and studies through our Services.
We collect information related to your use of our Services, such as which healthcare provider you use, which menus you use, pages you view, or search results you click on. You may interact with our support team during the use of our Services, in which case, we would collect information about your communications.
If you visit the Site, whether or not you become a user of our Services, be advised that we will maintain web logs to record data about all visitors and customers who use this Site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and, if you are a user of our Services, information about the type of any personal tracker or other device or service you connect to the Services and information about the data uploaded from any such device or service.
All web logs are stored securely and have restricted access by a very limited number of employees that have to adhere to strict guidelines regarding user data security and privacy.
We use your personal information to provide Services to you. Examples of how we use your information include:
If you elect to create an Alula account, we may use your personal information to tell you about or present to you products or services that we believe may be of interest to you.
We may also use non-personal information to analyse data into useful information. This process of data analysis is done using Anonymised and Aggregate Information, is non-personal, and allows us to find correlations and patterns in the data.
We do not sell, lease, or rent your individual-level information to any third party, including our customers, without your consent. In certain circumstances we may share your personal information with third parties without further notice to you, as set forth below:
Automated Decision Making. For some Services that we provide, and only in cases where you have provided your explicit consent, we will continuously update your account in almost real-time using information you provide to us from various t sources. As an example, if you have consented to us using health information from your Apple Watch, we will use this to automatically and continually update your health score on our app.
Anonymised Data Sharing. Alula may use and share your anonymized or aggregated information for services improvements, public health, research, analytics and other legally permissible purposes.
Transfer of data overseas. Date collected from you is stored and hosted in the United Kingdom. No transfer of your data will take place overseas.
The protection of that data is of the utmost importance to us. We use all reasonable technical, physical, and administrative controls to protect your personal information from unauthorised access or disclosure and to ensure the appropriate use of information. We store your data in the United Kingdom. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption. Our Site and Services use Secure Socket Layer (SSL) technology to encrypt all connections to and from our Site and Services to enhance security of electronic data transmissions. However, no data transmission or storage system is guaranteed to be 100% secure. If you have questions about security or possible reason to believe that your interaction with our Site or Services is no longer secure (e.g., you feel that your account’s security may be compromised), please contact us immediately at dpo@alulatechnologies.com.
You are the owner of your health data. We help you move your data throughout the healthcare ecosystem, but you have the ultimate control over who has access to which information.
You can review your personal information that is stored and available within our Services at any time. You also have choices concerning the personal information you authorise to be stored within our Services and the export of your personal information. Please review the following options you have to control the management, use, change, and deletion of your personal information that is stored within our Services.
You authorise the personal information that is collected, stored, processed and used within our Services.
We will delete your data as soon as we have no further need for it. For sensitive personal data, in most cases this will be within 48 (forty-eight) hours. For other non-account data, it will be within 6 (six) months.
You may request to delete any personal information and to de-authorise the collection, use, storage, and disclosure of personal information in the future by sending us an email at dpo@alulatechnologies.com. Any such deletion or de-authorisation will have no effect on sharing of personal information before we receive and are able to act upon such a request.
During the use of our Services, you may authorise us to send your personal information to customers or third parties who are providing you value. You will have full transparency regarding whom within the ecosystem you previously sent your personal information. To delete a copy of your records from these entities, you will need to follow their policies and procedures for data deletion.
You can export a copy of your personal information that is stored within our Services. If you have questions about exporting Personal Information from our Services, please contact dpo@alulatechnologies.com.
We work with multiple medical and wellness providers to enable you to obtain and hold copies of your personal information. We may also provide tools for you to manually enter health data or collect data from devices. While we strive to collect complete and accurate information from the sources provided to us, we do not have control over the accuracy, completeness, or quality of information entered or sent to us. For example, you may identify incorrect, incomplete, or outdated information from a third-party provider. If you have questions or find issues with your personal information, it is your responsibility to identify issues and ensure corrections are made to the original source of information.
You are responsible for your handling, sharing, re-sharing and/ or distribution of your personal information. We will have no responsibility or liability for any consequences that may result from your disclosure of your personal information. Moreover, if you forward personal information electronically to another person on or off the Site or Services, we are not responsible for any harm or other consequences from third party use or re-sharing of your information. We recommend sharing personal information only with individuals and other third parties that you know and trust.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal accounts and login username and password information. If you use a public computer, such as the library or a university, or a shared device, always remember to log out of the Site or Services.
If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand with the company’s privacy and security policy with respect to Internet use.
We cannot guarantee the identity of any other non-employee person with whom you may interact in the course of using the Site or Services, or the authenticity of any information that others may provide.
Our Site contains links to other sites. We do not share your personal information with those sites except as authorised under the End User Terms of Service and with your consent where required and are not responsible for their privacy policies and procedures. We encourage you to learn their particular privacy policies, but we seek to work with trusted partners and organisations that will adhere to similar privacy and ethical standards to ours.
You may close your account by sending a request to dpo@alulatechnologies.com . We will close your account and delete the personal information within your account within 30 (thirty) days of our receipt of your request. Please note that deletion of personal information within our Services does not include any information that you previously provided to a third party through our Services or research that you consented to participate in. You must contact third parties separately regarding controls and choices for the personal information that you shared. We cannot remove personal information from ongoing or completed studies that use this information.
As stated in our Terms of Service, we may retain your personal information in backup copies as required by law or contractual obligations with third parties. We may also retain de-identified personal information, and limited account registration information needed for accounting, audit, and compliance purposes.
We will notify you:
Identifiable information about you is held no longer than necessary for our business purposes or to meet legal requirements and in any event no longer than 6 (six) months.
We do not knowingly allow individual Customers under the age 13 (thirteen) to create accounts that allow access to our secure Site, without them obtaining the prior consent of a parent or guardian.
We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate. We will post an effective date when an update is published. If you object to any changes, you may delete your account by contacting us at dpo@alulatechnologies.com .
If you have any questions or suggestions on ways we can improve our privacy policy with respect to personal information, please email us at dpo@alulatechnologies.com .
This Privacy Policy was last updated on 2 November 2022.