HealthQB Technologies Inc.

PRIVACY POLICY

LAST UPDATE: July 25, 2023

1. WHY DOES THIS MATTER?

At HealthQB Technologies Inc. (“HealthQb”), we take data protection seriously. Our goal is to generate insights into your autonomic nervous system and broader biopsychosocial state to enable you and your healthcare providers to better treat and manage your health challenges and concerns. We appreciate and respect your privacy, your right to control your personal information, and how your personal information is treated. Safety of your information is of paramount importance to us. We therefore hope that you take a moment to review this policy.

Please note that certain measurement data collected via the apps and device may be regarded as health related data under data protection laws in certain jurisdictions.

2. ABOUT THIS POLICY

This Privacy Policy has been put together to provide our users (“Users” or “you”) with transparent information about the privacy of the devices and apps we use to provide our products. This Privacy Policy aims to answer the following questions:

  • What personal data we collect when you use HealthQb products and services

  • How we store and process your data

  • Your legal rights and how to exercise them

Please note that this Privacy Policy only applies to the processing of personal data carried out by HealthQb as a data controller. Additional terms and conditions imposed by third-party device manufacturers (for example, Biostrap USA, LLC, Ōura Health Oy) will apply.

This Privacy Policy may be updated from time to time. We will not make substantial changes without prior notice. You can determine when this Privacy Policy was last revised by referring to the “LAST UPDATE” date at the top of this page.

3. OUR CONTACT INFORMATION

HealthQB Technologies Inc.

Address: Suite 1, 2230 Cornwall Ave, Vancouver, BC V6K 1B5

E-mail address: weloveyou@yourhealthqb.com

Website: www.yourhealthqb.com

Data Protection Officer: Privacy Officer, weloveyou@yourhealthqb.com

4. HOW DO THE DEVICE AND APPS WORK?

When worn, the device automatically collects data of your body responses during your sleep. That biometric data is uploaded wirelessly to your mobile phone via the mobile app. The app also prompts you to provide information regarding your subjective state. The device and the apps are connected to your computer/phone and a cloud service and your data can be made available to you and/or your health care provider there.

5. WHAT PERSONAL DATA DO WE PROCESS?

When registering for an account or during your use of it, we may process the following general account data as inserted by you, including the following:

  • E-mail address

  • Telephone number

  • Address

  • Gender

  • Birth date and year

  • Height and weight

  • Activities

  • Notes and tags

  • Billing information

The device automatically tracks and collects biometric data, including the following:

  • Heart rate

  • Heart rate variability

  • Movement data

  • Duration of sleep

  • Sleep phases (deep, light, REM, awake)

  • Activity levels throughout the day

The app will collect information from you, including the following:

  • emotional state

  • health routines

  • lifestyle factors

  • mental state

  • mood

  • social state

  • pain level

We also may track and generate certain usage related and technical data, including the following:

  • IP address and high-level location

  • User ID (anonymized and randomly generated eg, Amazing Human #39)

  • Log and Device Information

  • Cookies and Tracking Information

  • Metadata regarding app use

If you enroll in our program(s), we may record sessions between you and the HealthQb team (for example, sessions to review the Baseline Assessment results, or coaching sessions facilitated by health coaches employed by HealthQb) to receive:

  • Audio recording of the coaching session (conditional on client’s consent)

  • Transcription of the coaching session

Based on your submitted data and measurement data, the device and apps may calculate a variety of parameters, including the following:

  • Duration of sleep

  • Sleep phases (deep, light, REM, awake)

  • Activity levels throughout the day

  • Average subjective state

  • Time and frequency of coaching sessions

The foregoing information is used to produce evaluation data regarding the health of your autonomic nervous system, your psychophysiological states, social state, quality of your sleep, level of your nocturnal recovery, and daily strain on your nervous system.

6. DATA SOURCES

Some of the information are received directly from you in connection with your registration, which is anticipated just to be basic contact information. Measurement data is collected automatically by the tracking functions of the device and survey information you submit which is collected via the subjective capture app. Data is also produced by combining the data listed above. If you participate in Health Coaching or Baseline Assessment reviews provided by HealthQb, your sessions may be audio-recorded, with your permission, and stored in encrypted and password-protected virtual storage and removed from the Coach or Practitioner’s computer. The recordings will be transcribed by computer software, will be de-identified (meaning no names nor other identifying information will be used in the file name, nor will your face be recorded) and may be used for the development of future product improvements.

7. PURPOSES AND LEGITIMATE GROUNDS FOR COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

Purposes of collection, use and processing

To provide you our services we collect, use and process personal data in the first place to be able to offer the apps and our services to our Users in accordance with their applicable user agreement.

For communication

We may process and use personal data for the purpose of communicating with Users. If you contact our support team with questions regarding your app data, we will use the provided information to answer your questions and for solving any issues you may have. Or if we need to get a hold of you to help better provide our services we may do so via email, SMS or phone call.

For analytics and service improvements

We may process aggregated information regarding the use of our services to improve our app quality.

When possible, we will do this using only aggregated, non-personally identifiable data.

Legal grounds for processing

We process personal data on the basis of a user agreement, which is formed in connection with the creation of an account and acceptance of our terms and conditions. We may also process certain information to comply with legal obligations, such as consumer protection legislation.

Furthermore, we process the personal data to pursue our legitimate use for aggregated analytics and trend detection. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

Measurement data or any data derived from measurement data is used for advertising only subject to your explicit consent.

8. SHARING YOUR PERSONAL DATA

We may, where necessary for the purposes of this Privacy Policy, share data with our group companies and group subsidiaries. Otherwise we do not share personal data with third parties outside of our organization unless one of the following circumstances applies:

It is necessary for the purposes set out in this Privacy Policy

To the extent that third parties need access to personal data to enable the offering of our services, HealthQb has taken appropriate contractual and organizational measures to ensure that personal data is processed exclusively for the purposes specified in this Privacy Policy and in accordance with all applicable laws and regulations.

For legal reasons

We may share personal data with third parties outside HealthQb’s organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of HealthQb or our Users in accordance with the law. Where possible, we will inform Users about such transfer and processing.

To our authorized service providers

We may share personal data to authorized service providers who perform services for us (including data storage, sales, marketing and other support function services). Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy. Please bear in mind that if you provide personal data directly to a third party, such as through signing up with our device provider or payment processor, or through a link on our website, the processing will be based on their policies and standards.

For other legitimate reasons

If HealthQb is involved in a merger, acquisition or asset sale, we may transfer personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all Users concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.

With your explicit consent

We may share personal data with third parties outside HealthQb’s organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.

9. ANONYMIZED DATA

We may aggregate and anonymize data collected via the application, Zoom application, session recording software or otherwise. Once anonymized such data will not be able to be connected to an individual User, and therefore no longer be considered personal information. We may use this type of aggregated, anonymized data for analytics, statistics, research, communications and PR purposes as well as for trend detection and for benchmark data. The aggregated and anonymized data may be used to write a scientific report. Your privacy will be protected in any scientific publication or presentation of it.

10. HOW LONG DO WE KEEP YOUR DATA?

HealthQb does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the duration of an account lifecycle, unless data has been deleted upon request. Backups are deleted as soon as reasonably possible, we expect this will typically be within 12 months. HealthQb may keep aggregated and anonymized data for longer periods.

11. YOUR RIGHTS

Right to access

You have the right to access your personal data processed by us. You may contact us and we will inform you what personal data we have collected and processed regarding you.

Right to withdraw consent

In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our products or services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to correct

Users have the right to have incorrect or incomplete personal data we have stored about the User corrected or completed. You can correct or update some of your personal data through your user account with HealthQb.

Right to erasure

Users may also ask us to erase the User’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data or unless data has been aggregated and anonymized.

Right to object

Users may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the performance of our products or services to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.

Right to restriction of processing

Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our products or services.

Right to data portability

Users have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.

How to use the rights

The above-mentioned rights may be used by sending a letter or a secured e-mail to us on the addresses set out above, including the following information: the full name, name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User.

12. DIRECT MARKETING AND PUSH NOTIFICATIONS

Notwithstanding any consent granted beforehand for the purposes of direct marketing you may have given, you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us or by using the unsubscribe possibility offered in connection with our newsletter.

We will ask your explicit consent if we wish to send you push notifications or to use any health-related data for marketing purposes.

13. DATA OF CHILDREN

We do not knowingly process data of children under the age of 18 without parental consent.

Please note that according to our terms and conditions we reserve the right to delete accounts of children, in particular if no proof of parental consent is provided.

14. SAFEGUARDING YOUR DATA

We do our best to keep your data safe and secure.

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test our products and services, systems, and other assets for security vulnerabilities.

We will take all reasonable precautions to ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.

Should, despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.

15. SOCIAL MEDIA AND PUBLIC FORUMS

The application may enable you to publish certain information from your application related to your HealthQb experience or biometric or subjective state data on social media sites such as LinkedIn, Facebook, Instagram and Twitter, online blogs and forums.

If that feature is available to you, please think carefully before deciding what information you share, in connection with your User Content. Please note that we do not control who will have access to the information that you choose to make public in such forums, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure.

We are not responsible for the privacy or security of any information that you make publicly available on social media, online blogs or public forums – or what others do with information you share.

16. LODGING A COMPLAINT

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the applicable data protection supervisory authority, which in British Columbia, Canada is the Office of the Information and Privacy Commissioner.