Privacy Policy

It is our policy to respect your privacy regarding any information we may collect. Accordingly, we have developed a privacy policy in order for you to understand how we collect, use, communicate, disclose and otherwise make use of personal information.

By installing our mobile application or by accessing our services in other way, you accept this Privacy Policy and the processing of your personal data.


Personal data controller

For the purpose of data protection legislation including the EU General Data Protection Regulation (‘GDPR’), the data controller of your personal data is:
2Hearts IT-Solutions GmbH
Seeböckstr. 3
3390 Melk
Austria

Email: support[at]cora.health


Principles of data collection

Data collection at 2Hearts IT-Solutions GmbH is based on the following principles:

  • We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
  • Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
  • We will collect and use personal information solely for fulfilling those purposes specified by us and for other ancillary purposes, unless we obtain the consent of the individual concerned or as required by law.
  • Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
  • We will protect personal information by using reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  • We will make readily available to customers information about our policies and practices relating to the management of personal information.
  • We will only retain personal information for as long as necessary for the fulfilment of those purposes.

Legal basis for data processing

We will only use your information where:

  • we have your consent to do so; or
  • we need to process personal information to provide services under our Terms of Service; or
  • we have a legitimate interest to collect data to provide and improve products and services; or
  • we introduced technical measures to anonymise data collected from you (e.g. anonymisation of web traffic to our website)

Data collection

Personal data:

  • We collect your name, email address, gender, date of birth and related demographic and geographic information, if provided by you.
  • You can use Cora to store health information such as vital signs, your body measurements and BMI. Depending on your usage, this information may stay entirely on your device (cloud services turned off) or may be transferred and stored in encrypted form to/on our web servers (cloud services turned on).
  • We may log information about you using "cookies" in our app and on our website. Cookies are small data files stored on your hard drive by a website or app.
    • The use of cookies in our app is required for service fulfilment, e.g. to keep users signed in.
    • We cannot identify you personally using cookies used on our website. We neither use cookies to collect personal data. Rather, we use cookies to make our site more useful to you and to tailor the experience to your interests and needs.
  • We may get personal information about you from third parties.

Anonymous data:

  • We automatically collect anonymized log information about you and your devices. For example, when using our platform, we log your device language, pages you view, how long you spent on a page and other usage data.
  • We may also, depending on your explicit consent, collect pseudonymised and/or anonymised data about your use of our product, vital signs, your body measurements and BMI. You can opt in and opt out of this data collection in our app's settings.

Use of personal information

Our main purpose of collecting personal information is to operate, maintain, and improve our sites, products, and services; to respond to questions and provide customer service; and to communicate about promotions, upcoming events, and other news about products and services offered by us.

Furthermore, we use your email address to send you emails about our products, to provide additional services related to our offering and for marketing purposes. You can opt out from receiving emails from us at the end of each email we send you.

We saveguard your personal information from unauthorized access and store your personal information in countries that are covered under the EU-US Privacy Shield.


Sharing of personal information

We do not share your personal data with third parties and without your permission, except in the limited circumstances provided below:

  • We may share personal information with our affiliates and business partners to provide (service fulfilment) and improve (legitimate interest) our services
  • We may share personal information for legal, protection, and safety purposes.
  • We do not share personally identifiable health information with third parties.
  • We do not sell your personal information to third parties.

At times, some of your personal data may be transferred and processed in the United States or other countries outside the EEA in which our affiliates and service providers maintain facilities. We always apply safeguards to protect your personal data from unauthorised access. By registering an account you consent to any such transfer of personal data outside the EEA. Furthermore, we may transfer your personal data in the event that our business (or a portion of our assets) is sold.


Your rights

You have the right to request access to personal data that we may process, to correct any inaccuracies in your data, or to request deletion of your personal data. This can be done either inside our apps or by contacting us.

If you gave us consent to the collection and processing of your personal information, then you can withdraw that consent at any time, with the exception of cases in which we may be required by law to collect and process personal data.

You can also opt-out of data processing for direct marketing (email marketing). This can be done at the bottom of emails we send you, in your Account Settings in the Cora mobile app or by contacting us.


Security

The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.


Updates

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. 2Hearts IT-Solutions GmbH may change this privacy policy from time to time at 2Hearts IT-Solutions GmbH's sole discretion.


Contact Details

If you want to send feedback and questions or use your rights, please contact us at support[at]cora.health.



Last Update: May-24, 2018