Privacy Policy – Elevyo Healthfinder

1. Introduction & Scope

This Privacy Policy describes how Elevyo Health AB ('we', 'our', 'us') collects, uses, stores, and protects personal data in connection with the Elevyo Healthfinder application and related services. We are committed to safeguarding your privacy in compliance with the General Data Protection Regulation (EU 2016/679) ('GDPR'), the ePrivacy Directive (2002/58/EC), and applicable Swedish data protection laws. This Policy applies to all users of our application and services, including healthcare providers ('HCPs'), clinics, and end-users (patients or clients).

2. Definitions

For the purposes of this Privacy Policy:
- 'Personal Data' means any information relating to an identified or identifiable natural person.
- 'Processing' means any operation performed on personal data, whether automated or not.
- 'Controller' means the entity that determines the purposes and means of processing personal data.
- 'Processor' means the entity that processes personal data on behalf of the controller.

3. Controller & Contact Details

Controller: Elevyo Health AB, Amerikagatan 3, 414 63 Göteborg, Sweden.
Email: privacy@elevyohealth.com
If you have questions about this Policy or our processing of personal data, you can contact our Data Protection Officer at the above address.

4. What Personal Data We Collect

We only collect and process personal data necessary to provide our services, fulfil legal obligations, or with your explicit consent. This may include:
- Account data: email, username, password.
- Demographic data: age, gender, optional profile details.
- Health profiling data: self-reported lifestyle information, validated questionnaires, optional physical test results.
- Communication data: messages, support requests.
- Technical data: IP address, browser type, operating system, device identifiers.
- Marketing data: newsletter subscriptions, preferences.

5. Purposes & Legal Bases for Processing

We process personal data under the following legal bases:
- Contractual necessity: to provide our services and fulfil our agreements with you.
- Consent: for specific purposes such as marketing, research, or certain types of profiling.
- Legal obligation: to comply with applicable laws, such as health or tax regulations.
- Legitimate interests: to improve our services, ensure security, and prevent misuse.

Consent
Use of the Healthfinder service requires your explicit consent to process personal and health data for the purpose of generating a health profile and related insights. Without this consent, the service cannot be provided.

You may also choose to provide additional consents, such as:

  • Allowing your identifiable data to be used to improve our services.

  • Allowing your anonymised data to be used in aggregated analysis and research to contribute to the field of proactive care.

These consents are entirely voluntary and will not affect your access to the core Healthfinder service.

You may withdraw your consent at any time by contacting your healthcare provider or Elevyo Health AB at privacy@elevyohealth.com. Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

 

6. How We Collect Data

We collect data directly from you when your profile is set up by the healthcare provider, complete health assessments, communicate with us, or subscribe to our newsletters. We may also receive information from your healthcare provider when they use Elevyo Healthfinder with you.

7. Sharing & Disclosure

We do not sell your personal data. We share it only with:
- Your healthcare provider, as part of delivering the health profile report.
- Authorized organisational administrators, in aggregated or pseudonymized form.
- Our processors, such as hosting providers, under strict Data Processing Agreements (DPAs).
- Authorities, if required by law.

8. International Transfers & Subprocessors

We primarily process and store personal data within the EU/EEA. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission. A current list of our subprocessors is available on our website and updated as needed.

9. Data Retention

We retain personal data only for as long as necessary for the purposes stated in this Policy:
- Account data: retained until the account is closed or deletion is requested.
- Support data: up to 12 months after ticket resolution.
- Health profiling data: retained as long as your account is active.
- Research data: anonymized and retained indefinitely.
Deletion requests will be honoured within 90 days.

Personal data is retained only for as long as necessary to fulfil the purposes of processing or as required by law. When an end-user exercises the right to erasure, identifiable personal data will be deleted or irreversibly anonymised within 90 days. Certain metadata and system logs may be retained in anonymised form for security and audit purposes.

If a healthcare professional or an organisation deletes their account, Elevyo Health will deactivate the account and anonymise or delete associated personal data in accordance with this Policy. Where organisational accounts are closed, end-user profiles may be anonymised and retained for research and statistical purposes only.

 

10. Security Measures

We apply appropriate technical and organisational measures to protect personal data, including:
- Encryption in transit and at rest.
- Access controls and authentication.
- Regular security audits.
- Backup and disaster recovery protocols.

11. Your Rights under GDPR

You have the right to:
- Access your personal data.
- Correct inaccurate or incomplete data.
- Request deletion of your data.
- Restrict or object to processing.
- Withdraw consent at any time.
- Data portability.
To exercise your rights, contact us using the details above. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

12. Cookies & Tracking Technologies

We use cookies to improve user experience and application security. You can disable cookies in your browser settings, but this may affect functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on our website with the updated effective date.

14. Contact & Complaints

If you have any questions, concerns, or complaints regarding this Policy or our data practices, please contact us at:
Elevyo Health AB
Amerikagatan 3, 414 63 Göteborg, Sweden
Email: privacy@elevyohealth.com