Last updated: 22 Feb 2022
PLEASE READ THIS POLICY CAREFULLY BEFORE USING ANY OF SORCOVA HEALTH SERVICES.
By visiting the website at https://www.sorcovahealth.com (the “Website”) and/or our application (“App”), collectively named our “Services” you are accepting and consenting to the practices described in this Privacy Policy (“Privacy”).
IF YOU DO NOT CONSENT, PLEASE DO NOT SUBMIT ANY PERSONAL DATA TO US.
You must be 18 years or older to use our services (Sorcova Health website and application). By using our website and agreeing to our Terms, you warrant that you are at least 18 years of age.
Sorcova Health GmbH (“Sorcova Health”,“Sorcova’,“We”,“Us”, “Our”) administer the website https://www.sorcovahealth.com (the “Website”) and the Sorcova Health mobile application (our “App”); they are collectively named our “Services”.
We are committed to protecting and respecting your privacy and it is crucial for us that you feel safe while you’re using our services.
This Privacy Policy (“Privacy”), together with our Terms & Conditions Policy (“Terms”) , our Cookies Policy (“Cookies”) and any other document referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed.
Therefore, by carefully reading this Privacy Policy you will understand the types of data we collect from you, how we manage your data, including the circumstances we will share it with third parties (as for example the laboratory that analyses your samples), your rights relative to the personal data you provide us etc.
We are complying with Data Protection Laws and General Data Protection Regulation including the 'Directive 96/46/EC' but not limited to (“GDPR”) and all the other regulatory legislations relative to data protection effective in Europe and the UK..
Sorcova Health GmbH is a company incorporated in Germany, our company number registration is HRB 228060 B and our registered address is: 78/79 Pappelallee, 10437, Berlin, Germany.
We have in place a comprehensive Company data protection policy, procedures and practices to meet the standards of high quality data protection (GDPR). Our Data Protection Officer is Lavinia Ionita (lavinia@sorcovahealth.com).
We need to collect and process your data in order to provide you with a personalised stress management programme and to improve your mental and overall well being (the scope of our services).
Before starting using our some of our Services, you’ll be asked to provide us with relevant information like (but not limited to):
This data will be used to identify you and/or to allow further communications with you, in particular when:
You can opt out at any moment for any external communication such as phone calls, text messages, chat, emails including Newsletters, marketing or promotional campaigns about our services.
When you register to our Services, we may collect lifestyle and health data (“Health Data”) from you in order to provide you with a personalised report regarding stress and mental well-being and with an ongoing follow up to evaluate progress against your health goals.
We will collect information about your general health, mental health and your sex life. You’ll be asked for example information about your current symptoms, medical history, habits and behaviours etc. You can opt out if you don’t want us to process a particular subset of information, like for example ‘sex life’ data but certain information is mandatory.
We may use your Health Data to fulfil our obligations and commitments towards you for a high quality service, therefore we may need use of appropriate information for our internal procedures and practices, which includes healthcare, operations, administration, planning.
We keep records for all your health information, including lifestyle, and behaviours, as well as for all interactions we may have with you to ensure a high quality of care and support. In order to monitor and improve our service quality and user experience, we may retain records of all our interactions regarding your demands, suggestions, greetings or complaints you could have about our services regarding your health and mental wellness.
In order to have access to your personalised wellbeing programme you’ll need to make a payment for our Services. The payment processing is done through third-party services (e.g. payment processors) that are receiving the information directly from you (we will not store or collect your payment card details, we will only retain basic details of the transaction).
Our payment processor is compliant with the Payment Card Industry Data Security Standards (PCI DSS) and adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
We may collect technical information about the devices you use to access our Services and also analytical information on your visit on our website and/or app. Therefore, while you’re visiting our Services, your browser is sending us information about your device such as (but not limited to) the IP address, the operating system, the browser type, the pages you visit, the date and time, how much time you’ve spent on the website, etc.
This information is kept anonymous as much as possible and we will not use this data to identify you, but merely to improve the user experience of our Services, to improve our offers, to assist communication, etc.
We may use cookies (small file text) and similar tracking technologies (beacons, tags, etc.) in order to improve your user experience with our Services (we use the term “cookies” for all of them).
When you first visit our website, cookies are sent to your browser and stored on your computer or mobile device. For example, in this way, we may recognise your device next time you’re visiting our Services, storing data about your preferences etc. that will allow us to improve your experience.
Data collected in this manner is pseudonymized, and is not stored together with other personal data of the user.
You are free to decide whether you’re willing or not to accept cookies on your device by changing the settings of your browser (you can decide to refuse all cookies). However, if you choose this option you may not benefit from the integrality of our Services.
We do have policies, procedures and other operating systems in place in order to take reasonable steps to limit the use or disclosure of your personal data (i.e. we restrict access to your personal data to dedicated persons for a specific task following the principle of minimum necessary access to identifiable health information).
Sorcova Health doesn’t share any of your personal information with any third parties without your explicit consent (you can change and/or remove your consent at any time; see below in “Your rights” how to withdraw consent).
We may use providers and subcontractors (third parties) to support our Service, perform Service-related services or assist us in analysing how our Service is used.
In case we need to share your personal data for the purposes for which data was initially collected (i.e. having your samples processed by an external laboratory), the sharing of your personal information will always be done with your consent and following strict rules of security and confidentiality. These third parties will only legally be able to use your data for the purpose of providing a service to us and are obliged not to disclose or use it for any other purpose. We request that these service provider contractors (third parties) have in place solid privacy and security measures for data protection.
The third parties we may use include but not limited to:
In order to meet the highest quality and safety standards and minimise the risks, we may use pseudonymised data wherever applicable.
We may share aggregate statistics from anonymised data (non-identifiable data) to our partners, for research and to contribute to the innovation in the healthcare and mental wellness areas (i.e., x% of your group of 50 individuals present high levels of stress). This type of data is irreversibly anonymised.
Under certain exceptional circumstances, we may disclose your information in good faith as a legal obligation in order to comply with a regulation, legal process or governmental request:
We will hold the above data for as long as is necessary for the purposes set out in this Privacy Policy, in order to provide you with our Services, manage any specific issues that may arise or, otherwise, as it is required by law or by any relevant regulatory body.
In accordance with current legislation, we will retain health data for 10 years.
When you use our website, your data is removed after 14 days, unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant threat has been fully eliminated and solved.
When you use our app and you request deletion of your account or when you delete your account in the App, your data is deleted or irreversibly anonymised (and cannot be associated with a specific natural person). If your account is inactive for more than 24 months, we will contact you to check whether you wish to continue using our Services. If you then leave your user account unused for another 12 months, we will delete your account and anonymise your data (in a way that it cannot be associated with a specific natural person).
We may retain personal data for reasonable business needs (i.e. for the purpose of the internal analysis) and when your personal data is no longer needed it is either irreversibly anonymised (and the anonymised data may be retained) or securely destroyed.
If you are located outside Germany and choose to use our Services and provide information to us, we may transfer the data, including Personal Data, from where you are located to Germany and process it here. Therefore, your information, including Personal Data, may be transferred to/ maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Germany.
By consenting to this Privacy Policy, the submission of such information represents your agreement to that transfer.
If it is necessary, any data transfer will be done on the same principles set out by this Privacy Policy following the highest standards of security and privacy. No transfer of your Personal Data will take place to an organisation or a country unless there are necessary controls in place for ensuring the security of this process.
We store the personal data we collect from you on AWS located in Europe (Cloud Servers of Amazon Web Services EMEA S.A.R.L. (“AWS”) in Luxembourg) and on the Cloud Servers of Google Commerce Limited ("GCL"), a company incorporated under the laws of Ireland, with its offices at Gordon House, Barrow Street, Dublin 4, Ireland.AWS have implemented an information systems security policy, and meet the requirements for several standards and certifications: PCI DSS, ISO/ IEC 27001 certification, SOC 1 type 2 and SOC 2 type 2 attestations, etc. They also have an accreditation for hosting healthcare data (HDS).
We send personal data to AWS servers in an encrypted form. The information transferred between your browser and our website is also encrypted using Transport Layer Security (“TLS”). All passwords are stored in encrypted form and all traffic is transmitted securely via “SSL” by default. When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
The security of your data is of crucial importance to us and we do our best to mitigate the risks, but remember there is no “risk zero” in the digital world (there is no method of transmission over the Internet or method of electronic storage that is 100% secure, therefore we cannot guarantee the absolute security of your personal data).
According to General Data Protection Regulation (GDPR), you have several rights regarding your personal data as a resident of the European Economic Area (EEA) as following:
- processing for direct marketing purpose, including profiling
- processing for statistical purposes
Once you object to the processing of your personal data by us, we will no longer process your data.
For any of these requests listed above, you need to contact us at: dpo@sorcovahealth.com and/or at our registered office address (78/79 Pappelallee, 10437, Berlin). Asking us to stop processing your personal data or deleting your personal data will mean that you are no longer able to use our Services or part of the Services related to the processing of the types of personal data you have asked us to delete. This may remove your access and the use of our Services.
Our Service may contain links to other sites that are not operated by us. We strongly advise you to carefully read the Privacy Policy of every external website you visit from our website (we are not responsible for their privacy and security policies).
You must be 18 years or older to use our “Services” (Sorcova Health website and application). By using our website and agreeing to our Terms, you warrant that you are at least 18 years of age.
We reserve the right to revise, change and update our Privacy Policy, with changes being effective from the date published on this document. You’ll be notified by email prior to any change and update, but we encourage you to regularly read our Policies.
“Cookies”: are small text files managed by your internal browser of your device (computer, tablet or mobile device).
