20th October 2020
16th January 2021
9th May 2021
2nd revision (This is the latest update & is effective since 9th May 2021)
Let’s begin with 2 important things at the outset that would help you, if you know.
This Privacy Statement covers the information practices of HealthySpan Wellness (www.healthyspan.in). The Website may contain links to other websites. The information practices or the content of such other websites is governed by the privacy statements of such other websites. We encourage you to review the privacy statements of other websites to understand their information practices.
Just like we mentioned in an earlier paragraph, when we interact with you – we collect, store, share and use your personal data. This is something we need to do to provide you a better experience when you interact with us and to help you experience better quality service when you enroll into our Programs. Let’s get into details of what data we may collect or data we may have access to whether or not we use it; and also, why and how we use this data.
What data we may collect or data we may have access to whether or not we use it
How and why we use this collected data
Most popular browsers have default setting that allows acceptance of cookies until browser settings are changed to disallow it. In case, you choose to edit the settings and our cookies are no longer accepted, our Website may stop properly functioning for you.
JUST TO ENSURE IT IS CLEAR BEYOND ANY DOUBT, WE WOULD LIKE TO STATE THAT WHEN WE PERFORM ANONYMIZATION, WHICH IS ‘THE ACT OF PERMANENTLY AND COMPLETELY REMOVING PERSONAL IDENTIFIERS FROM DATA COLLECTED FROM YOU’, SUCH AS CONVERTING PERSONALLY IDENTIFIABLE INFORMATION (PII) INTO AGGREGATED DATA. IN SUCH A SCENARIO, WE WILL BE ENTITLED TO USE SUCH ANONYMIZED DATA FREELY, WITHOUT ANY RESTRICTIONS OTHER THAN THOSE SET OUT UNDER APPLICABLE LAW. WE WOULD LIKE TO ADD THAT ONCE THIS DATA IS STRIPPED OF PERSONALLY IDENTIFYING ELEMENTS, THOSE ELEMENTS CAN NEVER BE RE-ASSOCIATED WITH YOUR PERSONAL DATA AS THE UNDERLYING INDIVIDUAL.
European Union’s (EU for short) General Data Protection Regulation (GDPR) gives certain rights to you as an EU data subject, in relation to your personal data. Data subject refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity.
Though the rights of data subjects under GDPR are not absolute, however, there are rights conferred on you that can be summarized using 8 bullet points. So, here is the list of rights afforded to you subject to the GDPR and applicable law’s limitations,
Right to Access Personal Data
Under GDPR, as EU data subject, you have the right to access the data pertaining to you, collected by us as a data controller. As the data controller, we shall respond to that request within a period of 30 days from the date of such a request from you.
Right to Erasure
As EU data subject, you have a right to request us to delete your personal data that we might have collected. We will oblige to such a request as soon as practically possible after receiving such a request.
Right to Rectification
As an EU data subject, you have the right to request modification of your data, including the correction or errors and the updating of incomplete information.
Right to Restrict Data Processing
As EU data subject, under certain circumstances, you have the right to request that all processing of your personal data be stopped and we will oblige.
Right to Data Portability
As EU data subject, you have a right to request us to provide you with a copy of your personal data in electronic format and you can transmit that personal data to a 3rd party.
Right to be Notified
As EU data subject, you must be informed by us about the uses of your personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded. And we are obliged to keep you informed of any rectification or erasure of your personal data.
Right to Reject Automated Individual Decision-Making
As EU data subject, you have the right to refuse the automated processing of your personal data to make decisions about you if that significantly affects you in any manner, for example, when your data is used for profiling and you object to it, we shall oblige and refrain from using your data in such manner.
Right to Object
As EU data subject, you have the right to request us to stop data processing by us as a data controller if you do not agree with the manner in which we are doing so. For example, if you do not want us to use your data for directly reaching out to you with an intention of selling another product or service, we shall oblige.
In case you want to exercise the rights set out above you can contact our Grievance SPOC whose details are shared in Section 16 that follows.
The data provided by you as a Visitor, or when you sign up as a Registered User for our Services will be processed by us for the purpose of rendering Services to you or in order to take steps prior to rendering such Services, at your request. Where such data is not being used by us to render Services to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time by writing to us at email@example.com. Additionally, we may process your data to serve legitimate interests.
Accordingly, the grounds on which we can engage in processing are as follows:
Account Registration Data
Special Categories of Personal Data
Service Usage Data
Data for Marketing our Services
If you believe your personal data was used by us in violation of the rights depicted above or we have not responded to objections you raised, you may lodge a complaint with your local supervisory authority.
Published content includes creating, editing, processing content and uploading in to the Website, updating the Website, and posting blogs on the Website. The published content may include text, images, videos, and other types of media. Any success stories, comments, messages, blogs, notes, reviews etc. uploaded or posted or conveyed or communicated by you on the public sections of the Website becomes published content – for example, the “Leave a Comment” sections below testimonials or articles or weblog posts. We may publish such published content on our Website, of course, subject to your consent. In case we ever a request from you that such published content be taken down at any time and we shall remove such published content as soon as practically possible on our part. However, we are not responsible for any actions taken by 3rd party individuals or firms with respect to such published content.
We will store any personal data we collect from you as long as it is required by us with an objective of facilitating better service delivery experience for you and for other related legitimate purposes and purposes essential for our business including but not limited to – our efforts to improve our Services, tackling technical issues that affect you and our business, and dealing with disputes in the event that they arise in due course of time.
The mode of storage of your personal data will primarily be in electronic form. We may enter into agreement with third parties, e.g., hosting providers, server collocation services, data security providers to collect, store, process your personal data but under full compliance with applicable laws. In the event, you have any telephonic, video-over-data, voice-over-data interactions with our customer representatives or consultants with commercial roles, the call data is recorded and stored securely for training and quality purposes.
Sometimes there may be a need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our obligations under the applicable laws, disputes resolution and enforcing our agreements & our contracts, as the case may be.
If you are a Registered User, you may need to know that after you terminate your usage of our Services, we may, unless legally prohibited, delete all data provided or collected by you from our data storage facilities such as our own servers, servers from 3rd parties and other in-house hard-drives in computers and workstations etc.
We may receive data about you from other sources i.e., surveys and such data may be added to our Website from time to time. Such data may include your behavior toward content posted on our Website from other sources. We use the data collected from other sources to prepare a specific diet plan and training regimen for you. We also use this data for testing, providing, enhancing, or recommending our existing and new Services.
Neither do we knowingly collect nor store nor use any personal data of any individuals under the age of 13; nor do we deliberately target our Services or promotional campaigns towards individuals under the age of 13. Such individuals must seek the consent of their parents or legal guardians when they intend to provide personal information on our Website. In the absence of such exclusive consent from their parents or legal guardians, if it comes to our knowledge, we shall delete such content as soon as it is practically possible for us.
When we have your specific consent, we may share the data we collect from cookies or web beacons with our partners – 3rd party individuals or firms – to track your visits to our Website, establish your non-personal identity and present you with targeted advertisements and other promotional campaigns such as occasional offers and discounts on our Services – new or existing.
In the ordinary course of business, we may take help from 3rd party firms or individuals to assist us in our Services delivery, e.g., for data analytics assistance, sales and marketing work, record keeping work, payments processing, and providing voice-over-data, video-over-data or telephonic, chat-based or email-based customer service, in compliance with the provisions of this Policy. And this may necessitate that we share your personal data with such 3rd parties.
In the event where some of the said 3rd party individuals or firms are not situated in countries deemed ‘adequate’ by the European Commission or are not registered under the EU-US Privacy Shield framework, we shall enter into appropriate data protection addendums with the said parties with the sole objective of thoroughly protecting your data. We shall also put in place acceptable technical and organizational measures such as, including industry-standard data handling policies, to ensure that we are compliant with provisions of the applicable laws in this respect.
Our Website may contain links to third-party websites or applications for running promotional campaigns, for advertisements or for providing you with content appropriate for you. We will not be responsible for such third-party websites or applications if you access them by your own choice. If you provide any data to such website or application, please ensure you read their policies given that you will no longer be bound by this Policy in doing so.
Whenever you visit a 3rd party link through our Website, we may access data which includes the date and time of your visit to the 3rd party website, the URL, technical information about the IP address, browser and the operating system you use and your user name if you are logged into our Website.
Advertisements by 3rd party websites such as Google when placed on our Website are based on their respective Advertising Principles. These advertisements are placed in order to provide a positive experience for you. HealthySpan Wellness may use Google AdSense Advertising on our Website.
HealthySpan Wellness may implement Demographics and Interests reporting and Re-marketing with Google AdSense. We use first-party cookies (Google Analytics Cookies) and third-party cookies (Double-click Cookies) along with other third-party cookies to collect data regarding ad impressions, user experience and other ad-related services pertaining to our Website.
Using the Google Ad Setting page, you can change your Google Ad preferences. Alternatively, you can download the Google Analytics Opt-Out browser to stop your data from being used by Google Analytics or can opt-out by visiting the Network Advertising Initiative ‘opt-out’ page.
We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction or disclosure. When we collect particularly sensitive data, it is encrypted using industry-standard cryptographic techniques. The collection, storage, usage, and sharing of your data by the Company shall be in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other applicable laws.
Your password is your first line of defense once you set up a HealthySpan account; we recommend that you set a strong password which you never share with anyone.
We have taken appropriate steps for the security and protection of all our digital platforms including internal applications, however, we shall not be responsible for any breach of security or the disclosure of personal data for reasons outside our control, such as hacking, social engineering, cyber terrorism, espionage by third parties, or any events by way of force majeure such as sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, pandemic situations, enforced lock-downs or acts of government.
If you are not an EU data subject, you may request access, correction or update, and deletion of the data by contacting firstname.lastname@example.org. You may note that deletion of certain data or withdrawal of consent may lead to cancellation of your registration with us or your access to our Services. Please be advised that sometimes there may be a need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our obligations under the applicable laws, disputes resolution and enforcing our agreements & our contracts, as the case may be.
Based on technical feasibility, we will provide you with access to all your personal and sensitive personal data that we maintain about you. We will perform verification before providing you access to this data.
You may opt out of our marketing emails by clicking on the ‘opt-out’ link provided in the emails. However, we may still send you non-marketing emails about your accounts or any other transactions with you.
#327/102/127, Doddathogur, Electronic City, Bengaluru, The State of Karnataka, PIN Code 560100 INDIA