Logo

Privacy Policy of the Habits app

This Privacy Policy applies to any collection and/or processing of personal data (hereinafter “Personal Data”) performed as a result of your use of the app Koa Habits (the “App”). All data collected by the App will only be processed as outlined in this policy.

The types of Personal Data that Koa may collect and/or process are described in Section 3 below. Note that this App might collect sensitive personal data that is health-related (hereinafter “Sensitive Data”).

If you do not agree with this Policy, you may not access or use the App or any services provided through or in conjunction with the App (“Services”).

Further, in order to register for and use the App and related Services you must be at least 18 years old. Therefore, by registering for and/or using the App you confirm that you meet this condition. We may contact you to confirm this. If you are not at least 18 years old, do not use the App and/or related Services, and do not provide any Personal Data to us. If you are a parent or guardian and believe that your child has used the App you may contact us at privacy@koahealth.com and we will respond promptly.

Contents

1. Who collects, controls and processes your personal data?

Koa Health Digital Solutions UK Ltd hereafter referred to as “Koa”, is a company registered in the UK (registered number 13298286) with registered address at 55 Baker Street, London WU1 7EU, UK. Koa is the Data Controller of all Personal Data collected through the App. When “we”, “us”, and “our” are used in this Privacy Policy, the terms refer to Koa.

Koa will not share your Personal Data without your consent with any other Data Controllers or with other third parties except as set forth in this Privacy Policy. Only Koa and its sub- processors, following Koa’s instructions, will have access to your Personal Data

You may be obtaining access to the App as part of a research study. In such cases a different and/or additional privacy policy may govern your use of the App. If a different and/or additional privacy policy is applicable, we will give you notice of that and an opportunity to review the different and/or additional policy. If we do not notify you that a different and/or additional privacy policy is applicable, the terms of this Privacy Policy will apply.

You can contact Koa at privacy@koahealth.com for any privacy related matter. The Data Protection Officer (Judith Vieberink) at Koa may be contacted at dpo@koahealth.com.

2. Why do we collect personal data about you and what do we do with it?

To link mobile phone data and health habits, to provide Services to you, to improve our products, to conduct research studies, and for other legitimate business and legal reasons

Capture and analyze sensory information:

The main objective of the App is to capture sensor information from mobile phones and generate models that can correlate this information with healthy habits, such as sleeping time or number of steps. The App will show you certain captured sensory data (including step count, activities and screentime), your voluntary responses to questionnaires, and other information, and to provide certain aggregated information regarding your activities (for example, number of steps or sleep time) to you so you can have insights into your own patterns.

We will also use location data to determine how much time you spend in or outside your home, using an anonymized position index. We use this data as a possible indicator of depression symptoms and to help you improve your mental health and physical fitness. Your precise coordinates never leave your phone, unless you are using Habits as part of a research study, in which case your precise location might be captured as indicated in the study’s Privacy Policy. You can stop location services at any point by navigating to your phone’s settings and withdrawing Habits permissions to access location services. However, removing location permissions will render some app features (such as tracking the time spent home) unusable

If you are using another Koa app (like Foundations) in conjunction with this App as part of a Koa research study, we may combine the data from both apps in order to help us perform more accurate research. The privacy policy for Foundations can be found here

We might use third-party tools such as Google Fit in Android and CoreMotion in iOS to capture some of the information needed for this purpose. To read more about which data we capture, please see Section 3 below.

Provision of basic App services:

We may also use your Personal Data in order to manage your account, provide you with other Services related to the App, and promote the safety and security of the App, the Services, our users, and other parties. This may include (without limitation) uses for technical notices, updates, alerts, support, billing, administrative messages, user authentication, protecting against fraud and abuse, conducting compliance audits, and enforcing our terms and policies.

We rely on your consent as a basis for the collection and process of Personal Data, including data collected through questionnaires. Some Personal Data collected for this purpose may be considered Sensitive Data. You can revoke your consent at any time by contacting us at privacy@koahealth.com.

Improving functionality and complying with legal obligations:

We may also use your Personal Data without your consent to comply with our legal obligations (including to enforce or defend any legal obligations or rights or to comply with applicable law, regulation, or government or court orders; and to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the App or Services or the safety of any person); and for our legitimate business interests (including to improve the App performance, usability and to provide a better service). We may also share your Personal Data during a corporate transaction like a merger, or sale of our assets, or as part of the due diligence for such contemplated transactions. If a corporate transaction occurs, we will provide notification of any changes to control of your Personal Data, as well as choices you may have at that time.

3. What personal data do we collect about you and how?

The App’s functionalities require the collection of Personal Data. Sometimes you provide us with data, sometimes data about you is collected or inferred through your use of the App or generated by us through analysis. We collect and process the minimum Personal Data necessary for each of the different purposes described below. Should the purposes of the Personal Data collected change, we will inform you beforehand and ask for your consent again where applicable before we process any Personal Data

Since our Service is focused on correlating mobile phone data and healthy habits, some of the Personal Data that you share or we collect from you might be related to health conditions, but the App will not ask you to provide direct information about your health conditions. The information and/or Services provided by the App are not intended to be used in the detection, diagnosis, prevention, monitoring, prediction, prognosis, therapy, treatment or alleviation of any condition, disease or vital physiological processes, or for the transmission of Sensitive Data.

When you use the App, we will generate a pseudonymous id, which we’ll use to classify all data collected under your name or device. If you are a participant in a research study, you can provide us your email address, which we will use to keep track of your progress during the study and link your activity tracking to the study participation. If you decide to use another Koa app in conjunction with the App, we will use your email address to match your data from both apps. Please do not provide your email address unless you’re part of a research study.

We will collect the following information in the Habits app:

We might use Google Fit in Android and CoreMotion in iOS to capture some of this data. We will only process this data, store it and protect it as indicated in this Privacy Policy. You can withdraw access to these services at any time, although it will affect the functionality of the app.

Some of this data can be processed to infer your current happiness and stress levels, which can be considered as health information.

4. Do we share personal data about you with others?

We do not share any of your Personal Data with any other Data Controllers or other third parties, except as set forth in this policy. If you are a study participant, and the study requires us to share some or all data collected via the App with third parties, we will only do so as defined in the study consent form.

We may share some of your Personal Data with third party service providers for specific activities such as hosting, providing customer support, analytics, or application functionality such as notifications. We use the following service providers:

We only share the minimum information needed for the service being provided, and only authorize our service providers to process your information following our instructions. Our contracts with our service providers impose obligations on them in line with those we undertake in this Privacy Policy with regard to the processing and retention of your Personal Data.

All of our service providers are located within the European Economic Area (“EEA”). We take the appropriate measures to require those providers comply with UK and/or EEA standards (as applicable) in every processing of Personal Data they perform on our behalf, by requiring our service providers to enter into adequate agreements such as Standard Contractual Clauses, as well as compliance with applicable privacy and data protection laws.

Koa may provide aggregated insights related to usage of the App to third-parties, so that they can understand its impact. These insights will never include your Personal Data and no one will be able to know your name, email address nor see any raw data we have captured from your use of the App. Internal Koa team members shall process your Personal Data following applicable professional responsibilities and contractual obligations only for the purposes established in this Privacy Policy. We take appropriate measures to mandate the fair and confidential use of all Personal Data by our employees.

5. How long do we keep your data?

We will stop processing and /or delete your Personal Data if you withdraw consent or require us to do so at any time, or when your right to use the App terminates (whichever is earlier), except where we are able or required to rely on any of the following: (i) to the extent the data has already been anonymized or de-identified in such a manner that is no longer reveals your identity; (ii) (where applicable) for our legitimate business interests ; or (iii) for legal reasons (including to enforce or defend any legal obligation or rights or to comply with applicable law or government or court orders).

Your data is automatically deleted after 12 months in our systems once we have stopped processing it.

6. What rights do you have related to your personal data and how can you use them?

The data protection laws give you a series of rights regarding the personal information that we manage about you. Specifically, the rights of access, rectification, erasure, limitation, objection, portability, as well as not being subject to automated decisions and to, to the extent applicable, remove your consent at any time.

You can exercise these rights by contacting us at privacy@koahealth.com, using if possible the same e-mail address with which you registered in the App and identifying the right you want to request. In the event that you decide to exercise one of these rights through a representative, it will be necessary to provide with the request, the documentation that proves this condition

We will respond to your requests with a maximum of 30 days. That period may be extended by an additional 30 days if necessary. In the event of such extension, we will notify you within 30 days of receipt of the request, together with the reasons for the delay.

If you feel your data privacy rights have been breached, you also have the right to file a complaint with a Data Protection Control Authority (e.g., the Information Commissioner’s Office).

You may have additional rights as specified in Section 9 (“Other Applicable Laws”) below.

7. How do we keep your data safe?

Koa is responsible for ensuring the security, integrity and confidentiality of your Personal Data. Therefore, as part of our commitment and in compliance with current legislation, we have adopted technical, physical, administrative and organizational security measures and technical means to prevent their loss, misuse or access without your authorization.

We protect all communications between the App and the servers in line with common practice by using TLS for encryption and server authentication. We use ISO 27001 certified systems in order to protect your registration information including email and password. We store your Personal Data in an encrypted database.

Also, we promise to act quickly and responsibly in the event that the security of your data may be in danger, and to inform you as required by applicable laws.

8. Other Applicable Laws

California Consumer Privacy Act

If you are a resident of the State of California in the United States, we comply with the California Consumer Privacy Act (“CCPA”) with regard to your Personal Data.

The CCPA gives California residents a right to know what kind of Personal Data Koa is collecting, how it is used, and how it is shared. All of this information is set forth above in this Privacy Policy.

The CCPA gives California residents a right to know whether their Personal Data is being sold. This includes sharing with a third party for monetary or other valuable consideration for a purpose that is not a “business purpose” as set forth in the CCPA. Koa does not sell your Personal Data. Since Koa does not sell your Personal Data, it does not provide a sales opt-out process.

As required by the CCPA, Koa does not discriminate in response to privacy rights requests.

The CCPA gives California residents the right to know what data is being collected about them, a right to access that data and obtain a copy of it, and the right to request deletion of such data. For requests or information related to these rights you can contact Koa at privacy@koahealth.com , and you may also exercise your rights as follows: You may designate an authorized agent to submit requests to exercise your data protection rights to Koa. Such authorized agent must be registered with the California Secretary of State and must submit proof that you have given the agent authorization to act on your behalf.

The CCPA requires that we indicate whether we honor “Do Not Track” or “DNT” settings in your browser concerning targeted advertising. Our Services do not currently respond to web browser “Do Not Track” signals or other mechanisms that provide a method to opt of the collection of information on the App.

Any disclosures we provide will only cover the 12 month period preceding request of a verifiable consumer request. Our response will explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a CCPA-compliant format to provide your Personal Data that should allow you to transmit the information from one entity to another without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Effective From: July 2023