HealthNation Privacy Policy

§ 1 Data Confidentiality and Privacy Protection

Data Confidentiality and Privacy Protection: At Health Networks Sp. z o.o., we prioritize the confidentiality of data and the privacy of our Clients. To ensure the security of your data and in compliance with applicable law, we have established a policy that sets out the principles for how personal data is collected, processed, and used.

Definitions:

  • Personal Data: Information about an identified or identifiable natural person, in accordance with Art. 4(1) of the GDPR.

  • Processing: Operations performed on personal data, such as collection, storage, viewing, deletion, in accordance with Art. 4(2) of the GDPR.

  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data.

  • Controller: The entity that determines the purposes and means of the processing of personal data, in accordance with Art. 4(7) of the GDPR.

§ 2 Personal Data Controller

Controller: The controller of your personal data is Health Networks Sp. z o.o., ul. Kapelanka 12, 30-347 Kraków.

Contact with the Controller:

  • Correspondence address: Customer Service Department, Health Networks, ul. Kapelanka 12, 30-347 Kraków.

  • E-mail: kontakt@wellbeingpolska.pl

§ 3 Personal Data and the Legal Basis for Its Use

Purposes of processing personal data:

  • Performance of the contract for the provision of services by electronic means in accordance with the Terms and Conditions.

  • Provision of services described in the Terms and Conditions.

  • Handling inquiries and complaints.

  • Managing our social media profiles and promoting our services and products.

  • Sending promotional materials, including through the use of profiling.

  • Exercising your rights under the GDPR.

  • Archiving data in accordance with legal provisions.

Legal bases for data processing:

  • Performance of a contract (Art. 6(1)(b) GDPR).

  • Our legitimate interest (Art. 6(1)(f) GDPR).

  • Compliance with a legal obligation (Art. 6(1)(c) GDPR).

  • Your consent (Art. 6(1)(a) GDPR).

§ 4 Source of Data

Source of Data: We obtain personal data directly from you, but it may also be provided to us by your employer (or another entity) to enable you to use our services.

§ 5 Health Data (Health Connect)

  1. Scope of Data: The Application integrates with Google Health Connect and – solely with the User’s explicit consent – may access the following data:

    • Steps

    • Distance

    • Calories Burned (Total & Active)

    • Heart Rate

    • Speed

    • Elevation Gained

    • Exercise Routes

    • Activity Recognition

  2. Purpose of Use: The above data is used exclusively to provide the "Challenges" and "Workout Tracking" features, specifically for displaying User progress on leaderboards, visualizing workout routes on maps, and analyzing workout intensity.

  3. No Sharing or Selling: Data accessed via Health Connect is not shared with third parties, is not sold to data brokers, and is not used for advertising or marketing purposes (ad targeting).

  4. Limited Use Policy: The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.

§ 6 Profiling

Profiling: Your personal data may be processed to automatically assess certain personal factors in order to:

  • Appropriately select communication and promotional materials.

  • Provide services of the highest quality.

§ 7 Retention Period of Your Personal Data

Retention period:

  • 6 years – in connection with the establishment, exercise, or defense of legal claims.

  • 5 years – for accounting and tax purposes.

  • Until an objection is raised or consent for data processing is withdrawn.

§ 8 Recipients of Your Data

Data recipients: Your personal data may be transferred to:

  • Entities processing data on our behalf.

  • Public authorities.

  • Entities authorized by you.

§ 9 Your Rights

Rights related to data processing:

  • The right to object to the processing of data for marketing purposes.

  • The right to object to processing based on your particular situation.

  • The right to withdraw consent.

  • The right of access to personal data.

  • The right to request rectification, erasure, restriction of processing, and data portability.

  • The right to lodge a complaint with the President of the Personal Data Protection Office (UODO).

§ 10 Use of Cookies

Use of Cookies: Cookies are used for the purpose of providing and improving services, as well as for analytical, statistical, and marketing purposes.

§ 11 Significant Marketing Techniques

Marketing techniques: We use, among others, statistical analysis of traffic, remarketing, the Facebook Pixel, heat mapping and user behavior recording, and service automation.

§ 12 Changes to the Privacy Policy

Right to make changes: We reserve the right to make changes to the Privacy Policy. Changes become effective upon their publication in the Application.

Notification of changes: Users with an Account will be notified of any changes. Failure to agree to the amended Privacy Policy will require the deletion of the Account.

§ 13 Final Provisions

Entry into force: This Privacy Policy enters into force on September 1, 2024.