Effective Date: Jan 2021
This Policy applies to anyone using the Heal2Heart App, including if you are providing independent services as a CAM Service Provider or receiving services as a Client (collectively, “users” or individually a “user”). This Policy describes how Heal2Heart processes personal data about you, including data collection, usage, disclosure, security, storage, etc., as well as your choices and rights over this data.
Heal2Heart provides the Services in the form of an e-commerce marketplace where Clients can purchase the services of independent CAM Service Providers. In order to facilitate the Services and connect users, we require certain personal data (also personal information) from you.
By using the Heal2Heart App and the Services, you hereby consent that you have read this Policy and that you agree to how we process your personal data. If you do not agree with the descriptions in this Policy, you may not use the Heal2Heart App.
- DEFINITION OF TERMS
The following terms have the definitions attached to them under this Policy.
- processing refers to any activity performed on your personal data by Heal2Heart, including, without limitation, collection, use, disclosure, security, marketing, storage, organisation, alteration, recording and retrieval.
- personal data, as defined under the GDPR (General Data Protection Regulation) that came into effect in May 2018, is any data or information related to an identified or identifiable natural person. Personal data is the same as personal information as used under the CCPA and privacy laws with similar language.
- Heal2Heart/us/we/our refers to Heal2Heart Sarl-s, a company registered in Luxembourg.
- user/you/your refers to anyone using the Heal2Heart App and the Services, including if you are a CAM Service Provider or a Client.
- CAM Service Provider refers to any user providing any complementary and alternative medicine independently on the Heal2Heart App to Clients. This user may be working individually or representing an organisation.
- Client refers to any user using the Heal2Heart App to purchase the services of a CAM Service Provider.
- Heal2Heart App refers to any platform operated by Heal2Heart in relation to the Services, including the Heal2Heart mobile application, associated website and social media channels.
- Services may include all features and tools provided to users in relation to the Heal2Heart App, including the marketing of CAM Service Providers to Clients, connecting Clients with the best CAM Service Providers, serving as an escrow between users when they interact and other features that make user interactions possible.
- CCPA (California Consumer Privacy Act) refers to the California privacy law intended to improve the privacy rights of California users who submit personal data to us.
- GDPR (General Data Protection Regulation) refers to the European Union privacy law of 2016, which came into effect in May 2018.
- DATA CONTROLLER
For the sake of this Policy, and as required under the GDPR law of 2016, Heal2Heart is your data controller. We decide all processing activities relating to your data. Heal2Heart is a company registered and operated from Luxembourg.
- DATA COLLECTION
In relation to your use of the Heal2Heart App and the Services, we may collect personal data under three categories. Personal data may be submitted by you via forms on the Heal2Heart App, and we may collect certain personal data automatically using specific tools and technologies. Likewise, we may collect personal data from third party sources, such as social media channels (for example, via Facebook plugin).
- The data you submit to us:
- Registration Data: To use the Services, and depending on the type of user account you wish to operate on the Heal2Heart App, we require you to submit certain registration data, which may include your name, address, email address, phone number, CAM company details and other personal details. We collect registration data to provide you with a user account and identify you from other users.
- Contact Data: We collect certain contact data from you, which may include your email address, phone number and other contact information. This data may be collected when you request a user account or when you contact us for complaints or enquiries. We collect your contact data or information in order to respond to your queries, complaints and enquiries, as well as to contact you regarding administrative messages (such as updates to this Policy), marketing and other messages we are meant to deliver to you.
- Payment Data: We may collect payment data, which is your payment method information in order to process your payments on the Heal2Heart App. While we process Clients’ payments for hiring CAM Service Providers, we also credit the earnings of all CAM Service Providers into their payment methods. In order to process any payments, we may need to obtain your payment method or billing information. We only collect payment method data to process payments; we do not use your payment method data for anything else.
- Verification Data: If you use the Services as a CAM Service Provider, we may require that you submit verifiable documents in order to verify you as a CAM Service Provider. Verification documents may include any government-issued ID Card and other licenses and data needed to verify you.
- Profile Data: When you create a user account on the Heal2Heart App, you will be required to submit personal data specific to the type of user account you operate. For example, a CAM Service Provider must update their profile with their image, language, area of CAM expertise, etc. This data is required to enable other users to make informed decisions and identify you.
You are not under any statutory obligation to provide us with the above personal data; however, be aware that failure to provide us with this data may render it impossible to provide you with the Services.
- The data we obtain automatically:
Like to other websites and apps, Heal2Heart may automatically collect certain personal data using certain third-party tools and technologies (such as Google Analytics). When you access the Heal2Heart App, we may automatically collect data about how you use the Heall2Heart App and details about your device or browser. The data collected may include, without limitation, your device IP Address, browser type, geolocation, as well as the part of the Heal2Heart App you are on, how long you browse in a particular session, the features you use or click and other analytical data and data about your transactions.
We obtain this data automatically for various reasons, such as gathering analytics about the Heal2Heart App usage and improving our marketing, remembering you when you come back to the Heal2Heart App and improving the features available on the Heal2Heart App.
- The data we obtain from third party sources:
We may also obtain personal data about from third party sources. For example, if you register a user account or sign in to the Heal2Heart App via any social media plugins (such as Facebook), we will obtain any applicable personal data available on the applicable social media account.
- COOKIES POLICY
Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. Cookies are majorly used to remember you and your stored preferences, either for a single session or multiple sessions of your visits.
To learn more about cookies in relation to your use of our website, please see our Cookies Policy document.
- DATA USES
In addition to the use of personal data as described under the section above, we may collect personal data for the following reasons:
- To provide you with a user account, verify your details and provide you with the Services;
- To contact you when necessary, including to reply to your complaints, questions, feedback and enquiries, as well as to market to you based on offers that we think might interest you;
- To process your earnings as a CAM Service Provider or process your payments (as a Client) for hiring and using the services of a CAM Service Provider;
- To facilitate the running of the Heal2Heart App and provide upgrades where necessary;
- To gather analytics and statistics about the Heal2Heart App usage and detect how to improve its features;
- To detect fraud and violations of our Client Terms and Conditions, Service provider Terms and Conditions, as well as to comply with any applicable law; and
- To process your data and actions within the Heal2Heart App.
Our legal bases for collecting the data above includes:
- To honour the contract we have with you;
- For our legitimate business interest; and
- To comply with our legal obligations.
- DATA SHARING AND DISCLOSURE
Heal2Heart does not engage in the sale or sharing of personal data about you to or with third parties for their marketing purposes. However, personal data about you may be disclosed or shared in the following circumstances:
- Sharing with third-party service providers (contractors): Heal2Heart uses the services of other third parties to carry out certain parts of the Services (for example, we use third parties to gather analytics, process payments, send email or SMS, maintain the Heal2Heart App, provide chat/video features and detect fraud). These third parties may have access to specific personal data about you in relation to the services they perform for us (for example, we may use Google Inc. to gather analytics and other automatic personal data through the Google Analytics tool). If we use the services of any third party, they will only use the data we share with them to perform their services on our behalf. They are under contractual obligations to not use personal data about you for anything else.
- Sharing within Heal2Heart: We may share personal data internally within the Heal2Heart group, including with any future subsidiaries, affiliates, employees or partner for business and operational purposes. If we share data within Heal2Heart, it will be on a need-to-know basis, and such a sharing will be protected by confidentiality.
- Sharing with other users: If you interact with another user on the Heal2Heart App, certain personal data about you may be shared with such a user. For example, in situations where a Client hires a CAM Service Provider for their services, both users will have access to their profile data, including any personal data shared through chat/sessions. Likewise, a CAM Service Provider’s profile data is public to all the Clients.
- Disclosure to the public: If you post content to any public area on the Heal2Heart App (for example, user comments, reviews, profile descriptions, etc.), any personal data, such as your name, image and other data attached to such content will be visible to anyone who navigates to that area. This may also include visitors who navigate to the Heal2Heart App via search engines.
- Sharing under the law: Heal2Heart may share data with government agencies as may be required under applicable law in response to lawful requests by public authorities, including to meet law enforcement requirements and, including without limitation, in connection with report earnings. We may disclose data about you to law enforcement or the government if we believe in our discretion that it is necessary to respond to legal processes or claims (including subpoenas, court orders and other summonses), or at the request of the government or third parties during an investigation where we believe such disclosure is necessary to protect our rights and property, including the rights and property of other users or third parties, or otherwise to prevent an activity that we determine to be fraudulent, illegal or unethical.
- Sharing under a business transfer: Heal2Heart may engage in a business transfer activity, including a sale of assets, merger, acquisition or consolidation with other companies. If we engage in any of these business transfer, we may share personal data, including customers’ list, with the companies involved. Any business transfer actions will be priorly communicated to you.
- DATA RETENTION
Heal2Heart does not retain personal data about you for longer than we need it. Unless you request the deletion of certain personal data or your user account, we will retain personal data about you in perpetuity. Your verification data will be retained for up to 10 years after submission unless you request the deletion of your user account.
We may not be able to delete certain data even if you request its deletion. This data may include data about your transactions with other users (which stays in our database for 10 years) and any data you post on public areas of the Heal2Heart App, including Client reviews and user comments. We may retain this data in order to comply with legal requirements, including to keep records.
- MARKETING EMAILS
We may send occasional marketing emails (not to be confused with administrative emails) to your account-associated email address, which may contain offers, promotions or bonuses about things we think may match your interest. You will automatically be added to our newsletter list upon your submission of your email address on the Heal2Heart App. However, one of your choices regarding how we process personal data about you is the ability to opt-out of newsletters (marketing emails). You may unsubscribe from receiving marketing emails from us by following the instructions for unsubscribing in any marketing email we send to you.
- DATA SECURITY
Heal2Heart cares about your privacy. We protect personal data about you from authorised access or use using commercially reasonable safeguards. We protect your payment method data, sessions and other relevant personal data physically and technologically.
Any personal data and materials shared between a Client and CAM Service Provider are strictly confidential with no access by us. We use the services of Stripe Inc. and PayPal to process all payments and earnings made by Clients and CAM Service Providers; therefore, your payment method is in safe hands, as our payment processors are industry giants with the best safeguards.
Also, we do not share personal data about you with third parties for their marketing purposes, and we only share personal data with employees to provide the needed support to our users.
However, we do not warrant that your data is 100% safe from unauthorised access or use, as new technologies are developed daily. We do not warrant that only those who are granted access will be able to view your data. Therefore, we will not be liable if your data is breached by unauthorised third parties unless it is due to our negligence.
In line with the requirements under the GDPR, we will communicate any data breach to you as required.
- INTERNATIONAL TRANSFERS OF DATA
Heal2Heart provides the Services from our base of operation in Luxembourg in accordance with the GDPR law. If you use the Services, be aware that you are transferring your data to us in the European Union (“EU”). Likewise, we use third-party service providers (contractors) within the EU and countries outside the EU, such as the United States (“US”). These third-party service providers may process your data in the EU and countries outside the EU. If we are to transfer personal data about you to countries outside the EU or European Economic Area (“EEA”), we will rely on approved data transfer mechanisms, such as (i) using standard contract clauses approved by the European Commission, (ii) transferring to countries that have been deemed by the European Commission as having adequate protection (or such company is part of the Privacy Shield in the US), or (iii) transferring when you explicitly give verifiable consent.
- YOUR DATA RIGHTS
Under the GDPR law and other applicable privacy laws, you have certain rights in relation to the personal data we have about you. These rights include:
- Right to be informed: We will honour this right by informing you about how we process your data through this Policy and providing changes when necessary.
- Right of access: Also known as “Subject Access Request”, this right allows you to request that we provide you with information about any data about you, including providing you with a copy in a reasonable format. You may send a message to us at firstname.lastname@example.org to exercise this right.
- Right of rectification: This right allows you to request that Heal2Heart rectify or correct any personal data you think needs updated. For example, you can request that an admin change your email address or profile title. You can exercise this right under your user account profile.
- Right of erasure: Also known as the “right to be forgotten”, this right allows you to request that we delete certain personal data about you. However, this right is limited in that we cannot grant it if your request conflicts with our legal obligations (for example, where we are required under applicable law to keep records of transactions or where the data helps us with analytics).
- Right to restrict processing: You may ask us to restrict processing your data in a particular way as an alternative to erasure. There are certain reasons why the restriction of data is possible, which are outlined under Article 18 of the GDPR. This may include, without limitation (i) if it is inaccurate; (ii) if it has been unlawfully used, but you do not want us to delete it; (iii) if it is not relevant anymore, but you want us to keep it for use in legal claims, and (iv) if you have already asked us to stop using it but you are waiting for us to tell you if we are allowed to keep using it.
- Right to data portability: You have the right to truly own your data. This right allows you to request a copy of your data and transfer it to another data processor without altering its usefulness.
- Right to object processing: You may request that we stop processing your data for certain reasons. This is specifically for situations where we send marketing emails to your email. You may object to such processing by unsubscribing from our newsletter.
- Right to automated decision making: In situations where we make decisions automatedly (where no human intervention is involved), and it affects you in a negative way, you may object to this.
You may exercise most of these rights above by reaching out to Heal2Heart via our customer care, email address (email@example.com), your user account profile area or by using the ‘contact us’ form on the Heal2Heart App.
If we fail to grant you the above rights or you believe that we are unlawfully processing personal data about you, you have the right to report us to any Data Protection Authority in any EU state of your location.
- CALIFORNIA PRIVACY RIGHTS
If you are using the Services from the State of California, US, you have the below rights over personal information, as provided under the CCPA law that came into effect on January 1, 2020.
- The right to know about personal information about you that we collected, disclosed or sold: This right applies to the categories of personal information Heal2Heart collected, used, shared or sold in the past 12 calendar months.
- The right to request the deletion of certain personal information about you: You may request the deletion of certain personal data about you. This excludes personal information we are required to retain under applicable law and personal information that exists with third-party service providers.
- The right to object to the sale of your personal information: Heal2Heart is not in the business of selling personal information to third parties for their direct marketing purposes.
- Right to non-discrimination: When you make any of the above requests, we will not discriminate against you regardless of your race, colour, sex, age, language, religion or background.
To exercise the rights above, please reach out to Heal2Heart via the Heal2Heart App using the ‘Contact Us’ section or directly sending us an email to firstname.lastname@example.org.
- CHILDREN POLICY
The Heal2Heart App is targeted at people who are 18 years of age or above (or the age of majority in your location). If you submit personal data to us, you represent to us Heal2Heart that you meet the required age of majority in whatever location you are using the Services from. However, you may use the Services if supervised by at least a parent or legal guardian if you do not meet the required age.
- COMPANY ACCOUNTS
If you provide personal data to us on behalf of a CAM organisation, you represent to us that you have the necessary permissions and the approval of the applicable CAM organisation to submit the data on its behalf.
- THIRD-PARTY LINKS
The Heal2Heart App may contain links embedded in articles, descriptions and information, which may lead to other websites and applications. Any third-party links available through the Heal2Heart App do not constitute our endorsement of such links and the privacy practices of the owners. By accessing any third-party links through the Heal2Heart App, you are doing so at your sole risk, and you hereby release Heal2Heart of any privacy you may lose from such links.
- CHANGES TO THIS POLICY
Certain parts of this Policy may be reviewed, updated or changed without notice or liability to you. We may change those parts for reasons, including without limitation, changes in applicable privacy laws (or law) or any features on the Heal2Heart App or the Services. Any such changes will be effective upon us posting it on this page and changing the Effective Date above. You are required to review this page frequently for possible changes. We reserve the right to communicate changes to this Policy via your email address, your account or any portion of the Heal2Heart App. Your continued use of the Heal2Heart App and the Services constitute your acceptance of any changes made to this Policy.
- CONTACT US
We welcome suggestions, complaints, reports, claims, enquiries or feedback regarding this Policy and the Services. If you wish to contact Heal2Heart regarding this Policy or how we process your data, please reach out to our admin via the Heal2Heart App or send a mail directly to us at email@example.com.