Grace Health Privacy policy
This Privacy Policy explains how your personal data are collected, processed and stored when using our Services. The Services are operated and maintained by GH Solutions AB, a limited liability company registered in Stockholm, Sweden. Our registered office is located in Banérgatan 81, 115 53 Stockholm, Sweden, Sweden.
Key Definitions
“Company”, "we", "our" and "us" refer to Grace Health.
"You". “your” and "user" refer to the person accessing, interacting or using Grace Health Services directly or indirectly.
“Portals” refer to website, app, phone or any digital medium the user interacts with Grace Health Services in addition to non-digital mediums such as offices, clinics or hospitals.
“Services” refer to the general or personalized services for installing, registering, discovering, contacting, consulting, using, interacting and accessing content and services, including all technologies, software, data, information, features and functionalities, recommendations and user interfaces made available by the Company or its licensors and partners including licensors’ and partners’ Portals as well as all associated content, software and services which can be accessed on certain Internet connected devices such as mobiles, computers and other devices (“Authorized Devices”), phone or in person.
Your Rights
Under the data protection legislations, you have the right to access, modify, correct, erase, and update your personal data by writing to us at support@grace.health. In certain data protection legislations, we are also required to inform you that your information may be collected, processed and stored outside your geographical location, countries of residencies, countries of citizenships or jurisdictions. If you have any questions about this Privacy Policy please contact dpo@grace.health.
If you accepted Terms of Service and Privacy Policy upon signing up to our Services, you will be entitled to withdraw your consent at any time. However, your choice to withdraw your consent may result in a limitation of your access to our Services and our ability to respond to your queries.
Please be advised that if you request to exercise your rights mentioned above, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Minors’ personal data
Please note that you must be 18 years of age or older or at the majority age of your jurisdictions to sign-up for our Services and become a user. While individuals under the aforementioned age may utilize our Services, they may do so only with the supervision, consent and approval of a parent or legal guardian.
Where may your personal data be transferred, stored and processed
Please be advised that based on your country of citizenship, residence or jurisdiction, we need to disclose that your personal information may be collected, stored and processed outside the aforementioned.
We rely on third party infrastructure for the collection, transfer, storage, processing and fulfillment of our Services such as Amazon Web Services and Google Cloud Platform. Grace Health third party providers data centers - where data are transferred, stored and processed - are currently located in the EU and the US.
Data Security, Access and Sharing
We have implemented appropriate technical and organizational security measures designed to protect your personal data from corruption, loss, theft, misuse or unauthorized access and processing.
Your personal data are solely used to enhance the Services we provide and offer to you and with the exception specified in this Privacy Policy, we will not share, rent or sell your personal data to third parties such as advertising platforms or other businesses and organizations.
For the aforementioned purpose, we shall grant access to your personal data to authorized Grace Health employees who are in charge of data management and data processing and for those who have a need-to-know. The level of access is granted to those employees per role and need basis. Those employees are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. We impose strict liability on our employees for any disclosures, unauthorized accesses or misuses of your personal data.
Additionally, we may need to transfer or allow access to authorized third parties such as suppliers, services providers and technical infrastructure providers that we engage with to collect, store and process personal data or perform services on our behalf (based on our instructions and in compliance with our Privacy Notice and other appropriate confidentiality and security measures). We rely on third party services and technical infrastructure to carry out and fulfill our Services we provide to you and hence we might share your personal data for the strict purpose of Company Services fulfillment.
We impose contractual liability on third parties and explicit legal contractual terms for misuse, disclosure or unauthorized access of such data. Third party service providers are obliged to promptly inform us of any misuse, loss, breach, unauthorized access or theft of the Company data and to provide details on such incidents if they occur. We are obliged to inform you of any data security incidents and provide details on such incidents and correction measures where applicable.
If we know or have reason to believe that your personal data were compromised or a security incident occurred, we will immediately notify affected users of a such incidents and corrective measures where applicable and in accordance with applicable laws.
We may share personal data with successors in title to our business - We transfer information about you if GH Solutions AB is acquired by or merged with another company. In this event, GH Solutions AB will notify you before information about you is transferred and becomes subject to a different privacy policy.
We may aggregate, anonymize or de-identify your Personal Data so that it cannot reasonably be used to identify you. Such data is no longer Personal Data. We may share such data with our partners or research institutions or use for other purposes that is within our legal basis of legitimate interest.
Please note however that no data transmission over the internet can be guaranteed to be secure from intrusion. You as a users should also take appropriate measures to safeguard your personal data, in particular by keeping your password secure and confidential. If you know or have reason to believe or suspect that your account credentials have been lost, stolen, misused, compromised or subject to unauthorized use or access of your account and personal date, please contact us.
Data We Collect
Personal data is any information relating to natural persons who can be identified, directly or indirectly. We may collect personal data directly, indirectly or automatically when you interact with our Services. We may access, use, analyze, store, process and transfer personal data.
Direct Data you provide to us may include:
Identity Data: such as First name, Last name, age, date of birth, gender.
Third Party Identity Data: such as Facebook ID, payment providers.
Contact Details: such as address, email address, telephone number.
Health and Bio-metric Data: such as weight, height, menstrual cycle, symptoms, health issues and health data.
Behavioral Data: such as goals for using our services, interests.
Location Data: such as country, region, city.
Marketing and Communication Data: user’s preferences in relation to receiving information about our Services in combination with/without preferences such as push notifications and emails.
Views and opinions: any views and opinions that you choose to send to us, provide us or publicly post about us on our platforms or other platforms.
Indirect Data we may collect may include:
Online identifiers: such as internet protocol addresses and cookie identifiers and other information collected when you visit our Services’ portals.
Third party services such as Apple HealthKit and Google Fit if you allow us to connect to such services.
Automatically Collected Data may include:
Device information: such as device ID, advertisers identifiers, device specifications (such as display, model, version, operating system), connectivity (such as mobile operator, wifi networks).
Location data: such as IP, time zone, mobile service provider, location.
Services interaction data: such as frequency of use, access to features and functionalities.
How we use your personal data
We use your personal data to fulfill the contract with you to provide you our Services per your request and consent prior to entering in the contract when signing up for our Services.
Your Personal Data will:
Allow us to provide you with the services you request from us.
Allow you to sign up for certain services, such as newsletters or to create an account in which case, we will ask for Personal Data, such as your name, email address, or telephone number.
Allow you to share information and take full advantage of the sharing features that we offer if you choose to.
Allow us to carry out payment transactions, payment providers transaction history and to make sure that your subscription to our services has been paid where applicable and to comply with legal or regulatory obligation in this respect.
Allow us when it is necessary for the purposes of the legitimate interests of our business to:
Maintain and improve our services.
Understand how you use our Services.
Develop and implement new Services and offers.
Tailor the Services to your needs and interests.
Provide you with tailored content – such as relevant ads and services.
Allow us to know you better to give you more of what you want – more information, more features and functionalities and a better user experience.
Communicate with you and to allow you to contact us.
Inform you about our services, such as letting you know about upcoming enhancements and features or improvements to our Services.
Create and maintain a trusted and safer environment; investigating, detecting, preventing, or reporting fraud, misrepresentations, security breaches or incidents, or other potentially prohibited or illegal activities.
Enforce our Terms of Service or other applicable agreements or policies in general or when it is necessary for the protection of your vital interests or of another natural person.
Comply when it is necessary with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process.
Fulfill any other purpose disclosed to you in connection with our services.
Contact you when deemed necessary such as informing you about security breaches, provide your assistance with our services.