This notice on health data (hereafter called the “Notice”) is to inform any natural person or legal entity connecting and using iHealth applications (hereafter “User”, “Users”, “Your” or “You”) of the terms for hosting and processing of their personal data, in particular for personal health, by such applications (hereafter “Personal Data”).

1. GENERAL PROVISIONS

1.1 Presentation of iHealth applications

The iHealth applications (hereafter the “Applications”) have been developed for iHealth products and services (hereafter the “Products”) and are operated by the iHealthLabs Europe company, a single person limited liability company with head office at 36 rue de Ponthieu, 75008 Paris, France, registered with the RCS of Paris under number B 792 514 341 (hereafter “iHealth”, “We” or “Our”) under the regulations in force in France, relating to computing, files and freedoms and in Europe on the protection of Personal Data, including the “Computing and Liberty” Law N° 78-17 of January 6, 1978, and also the French Public Health Code and the recommendations of the HAS (High Health Authority), the independent health authority (hereafter the “Regulation”).

The processing manager is Mr. Stéphane KERRIEN, in his capacity as CEO of the iHealth company.

This Notice exclusively covers the Applications, and is an integral part of the documentation and legal conditions for use of iHealth services, shown in the legal tabs. Thus, each User affected by this Notice is also subject to other conditions, in particular:

-       In the case of simple navigation on the https://ihealthlabs.eu website (hereafter the “Website”), to the General Conditions for Use of the Website and the Confidentiality Policy [ENTER A HYPERLINK TO THIS DOCUMENT HERE].

-       In the case of purchasing Products. the General B to B Conditions of Sale [ENTER A HYPERLINK TO THIS DOCUMENT HERE] or B to C [ENTER A HYPERLINK TO THIS DOCUMENT HERE].

iHealth publishes and operates various Applications.

The Products function with integrated Applications which allow collection of Personal Data.

For products that connect via Bluetooth, the data are first transmitted to the application and will then, when the application is synchronised with the WiFi network, be sent to the iHealth Cloud.

For WiFi connected products, personal health data are sent directly to the iHealth Cloud, before being redirected and saved on the application.

Products that include built-in Applications are:

•        The iHealth Wave connected bracelet,
•        The iHealth Air pulse oximeter,
•        The iHealth Lite and Core connected scales,
•        The iHealth Track, Feel, Sense and View blood pressure monitors,
•        The iHealth Gluco and Align connected glucometers.

- Mobile Applications: refer to Applications published by iHealth, provided with a graphical interface, downloadable and accessible from the User’s Smartphone or iPad.  These Applications permit saving, recording and accessing Personal Data resulting from the use of the Products.

The mobile Applications published by iHealth are:

•        iHealth MyVitals,
•        iHealth Gluco-Smart.

- The iHealth Cloud: refers to the hosting platform set up by iHealth, accessible online from the User’s Smartphones, graphic tablets and computers, through a browser. This platform allows access by the User to all his Personal Data.

For more information about the use of Applications and Products, the User can contact iHealth customer service at the following address: support@ihealthlabs.eu.

1.2 Enforceability

This Notice is made available to Users on the Website where it can be consulted directly. It may be downloaded from the site.

Collection of Personal Data and their processing are subject to the prior consent of Users. This consent is distinct from that already given by the User, on the conditions for use of the site or any collection of personal data, of informative nature on its qualities, which has already been given for simple use of the Website.

Users are advised that Personal Data disclosed, directly or indirectly, to iHealth will be subject to storage, hosting and possibly automated processing, certified by official bodies as being in compliance with the Regulation. 

For more details about hosting of Personal Data, the User is invited to refer to Article 4 of this Notice.

This Notice relates, firstly, to Users in France or in a member country of the European Union, who acknowledge, before any connection or use of the Applications or Products, having read this Notice. For this reason they are asked to first have expressly and irreversibly accepted it, prior to any subsequent step, by checking the box provided for this purpose. Users are also advised that it is highly recommended that they save this Notice on a durable medium, in order to keep the information relating to processing their data as long as necessary to protect their interests. They acknowledge having been duly informed of the conditions of collection, storage, hosting and processing of their Personal Data as well as the fact that these operations are done under control and after formal declaration with official bodies. They also are aware of the possibility that they have to be informed of the status and content of such data and their ability to exercise their individual rights, including opposition or deletion of information about them, for a valid reason. Finally, Users acknowledge that they are of full age or capable within the meaning of applicable law (for Users less than eighteen (18) years of age, see Article 8 of the Notice).

In the event of reservation and/or dispute relating to the Notice, they are interpreted as a refusal to expressly consent to this Notice. The User shall then disconnect and cease the use of the Applications and if necessary uninstall them.

2. PERSONAL DATA WHICH MAY BE COLLECTED

As has been advised, iHealth may process the User’s Personal Data on the basis of his express consent, in particular to provide him with the services he has subscribed to.

When collecting such Personal Data, the User is advised that it must only communicate to iHealth complete, accurate and current information, that does not prejudice the interest of third parties.

2.1 Personal Data collected while browsing our Website

iHealth is responsible for collection of certain of the User’s Personal Data while browsing the Website. We invite the User to consult the Confidentiality and Personal Data Policy [ENTER A HYPERLINK TO THIS DOCUMENT HERE] relating to its use and to browsing on the Website, as well as the Policy relating to the use of Cookies [ENTER A HYPERLINK TO THIS DOCUMENT HERE]. This essentially relates to information for identification and recognition of the user, apart from any data relating to his health or well-being.

2.2 Personal Data collected during use of iHealth Applications and Products

2.2.1. When activating a Product

A User of iHealth Products and Applications, who is not however limited to consult the site but who has subscribed to some of these elements, is advised that at the time of activation of a Product certain data may be collected about his physical identity (weight, height, sex, etc.) so the Product may be adapted and configured according to his needs as a User.

In addition, iHealth may ask the User to download a mobile Application which requires an iHealth account to be created.

2.2.2 When creating an iHealth account

Creating an iHealth account lets the user make full use of the Products and Applications.

To this end, certain data on the User’s identity may be collected (surname, first name, mailing address and possibly telephone number), and also data relating to his choices and options of well-being, as well as body identity (weight, size, sex, etc.).

2.2.3 When using Products

The Products function with integrated Applications which allow collection of Personal Data.

For products that connect via Bluetooth, the data are first transmitted to the application and will then, when the application is synchronised with the WiFi network, be sent to the iHealth Cloud.

For WiFi connected products, personal health data are sent directly to the iHealth Cloud, before being redirected and saved on the application.

Personal Data likely to be collected, depending on the Product used:

2.2.4 When synchronising and using mobile Applications

Certain functionalities of the Products require a connection with mobile Applications.

When synchronising the Product to a mobile Application, the Personal Data are recorded then transmitted to the iHealth Cloud via WiFi connection.

Depending on the device used by the User to access a mobile Application, some identity data may be communicated while downloading the Application.

iHealth reminds users that the use of a mobile Application requires creation of an iHealth account (for more information, see the preceding Article 2.2.2 of this Notice).

Mobile Applications operate and transmit Personal Data to the iHealth Cloud through an internet connection. They make it possible to process the raw Personal Data collected by the Products in order to make them readable by the User, as well as by the persons he has specially authorised for this purpose.

The User can activate options enabled on his device such as geolocation. In addition, if the mobile applications can access the User’s contacts, thereby allowing easier sharing, iHealth does not retain them.

Personal Data likely to be processed, depending on the mobile Application used:

2.2.5 The use of Cookies

iHealth may use Cookies when installing and using Applications in order to make them easier to use. For more information about these Cookies, iHealth invites the user to refer to Article 7 of this Notice and the section of the site for this purpose [INSERT A HYPERLINK TO THIS DOCUMENT HERE].

2.3 Personal Data collected when connecting from the iHealth account to an iHealth partner

iHealth provides connectivity options to third party applications, partners of iHealth. These partners can offer to connect the User’s Personal Data with their applications.

By using the iHealth API, these partner applications can then collect personal data on identity, body identity, environment, level of activity and if applicable data relating to their health.

In these cases, iHealth has specific agreements with these partners allowing iHealth and the partners to access Personal Data collected by their respective Applications. For more information about how this is shared, iHealth invites Users to refer to Article 3.2.1 of this Notice.

Such access is done with the User’s prior agreement, being a specific consent given independently of any other consent that the User may have previously given.

2.4 Personal Data collected when contacting iHealth customer service

In case of a request about a Product or Application, the User may contact iHealth customer service. The User then provides certain Personal Data temporarily permitting his identification and allowing its staff to answer the User’s questions and queries. 

iHealth monitors to ensure that its staff complies strictly with this Notice.

Thus, individual and company identity data may be used regarding the level of activity, environmental data, Cookies and possibly health data.

3. USE AND SHARING OF PERSONAL DATA

3.1 Use of Personal Data

The Products collect raw Personal Data which are processed by the mobile Applications in order to offer the User services allowing him to optimise his use of the Products.

iHealth uses certain Personal Data collected to improve iHealth services and to develop them based on the User’s usage patterns.

iHealth prohibits the use of Personal Data when they are identifiable, except with the User’s express consent.

iHealth prohibits any direct or indirect sale of identifiable Personal Data.

Certain Personal Data collected are used to target the User’s requests and make offers and suggestions or advise him of the launch of new Products.

If the User does not wish to receive such information, he simply disables the notifications he no longer wishes to receive from this link.

iHealth may also use Personal Data, previously anonymised to protect the User’s privacy, to produce statistics of analyses.

The use of Personal Data by iHealth also contributes to understanding the uses, development and improvement of connected objects that it offers, as well as enriching the iHealth blog, issuing press releases and participating in scientific studies.

3.2 Sharing of Personal Personal Data

3.2.1 Sharing at the User’s initiative

Elements for authentication (CPS card, PIN code, certificates, passwords, etc.) as well as the User’s Personal Data (hereafter “Confidential Data”) are private and confidential. The decision to share or securely transfer them to third parties, whether with health professionals, health institutions or services, relatives, etc., is the User’s alone.

Sharing or transferring Confidential Data with third parties is done at the User’s own risk, and he agrees that iHealth may not be held liable for losses of confidentiality, auditability or integrity due to disclosure of such elements.

The User explicitly acknowledges that iHealth cannot be held liable for processing Confidential Data by third parties or any harm that may be caused, including during activities of prevention, diagnosis, care or social and medical-social care.

It is also specified that iHealth is not responsible to protect Confidential Data that the User decides to share or transfer to third parties, nor to prevent or control the actions or uses made of them by the third parties following such communication.

In addition, the User is advised to exercise caution when he decides to share or transfer his Confidential Data to third parties , especially over the internet, outside the means of communications proposed by iHealth, where their transmission may be intercepted.

•        With health professionals and third parties

In the event that the User decides to share or transfer his Confidential Data data to a health professional or any other natural or legal person, iHealth invites him to ensure that they are only communicated to those persons for whom they are intended.

It is up to the User to ensure that these professionals do not permit the disclosure of his Confidential Data by any means whatsoever, be it by authorising viewing of his terminal’s screen, printing or screenshots, spyware, or any other means of consultation. The User is also required to log off from his session before leaving his work station.

•        With an iHealth partner

As noted, iHealth provides connectivity options to third party applications, partners of iHealth. These partners can offer to connect the User’s Personal Data with their applications. This sharing is permitted by the use of the iHealth API.

Such sharing or transfers of Confidential Data will only be possible if the User expressly decides in advance, and his consent may be modified or withdrawn at any time. This consent is independent of any other consent that the User may have previously given.

While offering the option that allows connection of a third party application, iHealth cannot be held responsible for backup, security or appropriate processing of the User’s Confidential Data by its use of such third party applications.

Consequently, by opting to share with a third party application, or to transfer Confidential Data to such third party, the User explicitly acknowledges that iHealth disclaims all liability for processing of Confidential Data by such third party, and the User agrees that iHealth declines any liability relating to any harm caused by such third party applications processing the Confidential Data.

iHealth therefore invites its Users to check the privacy protections implemented by the said partners before agreeing to share their Confidential Data.

•        On social media 

Should the User decide to share his Personal Data on social media, such sharing is done in accordance with the conditions for use of the social media used and the confidentiality policy specific to such social media.

3.2.2 Sharing necessary for the use of certain services

So that iHealth can offer services specific to Users, iHealth may need to share Personal Data with other companies. This relates in particular to sharing of Personal Data for online payment services on the website.

3.2.3 Legal obligations for sharing of Personal Data

iHealth may be required to communicate Personal Data by order of a judicial or administrative authority, authorised by law, in accordance with the legal and regulatory provisions in force.

Unless prohibited, iHealth will inform the User as soon as possible about the transmission of its Personal Data.

4. CONDITIONS FOR HOSTING AND STORAGE OF PERSONAL DATA

iHealth has chosen to host the Personal Data of its Users in the secured and specially authorised iHealth Cloud, whose servers are located in France, one of the countries most strict about protection of personal data, especially health.

When the User synchronises his Products with mobile Applications, his measurements are sent to the secure iHealth Cloud. The Cloud is an online storage space. With this, the User can access his Personal Data freely from all his devices and at any time.

By their design, the Applications do not use local storage. This means that all Personal Data collected and processed by the Applications will be exclusively hosted on the secure iHealth Cloud and not on the User’s terminal.

In accordance with the provisions in force in France on protection of personal data, iHealth uses a certified personal health data hosting platform.

iHealth has decided to entrust management of Personal Data to the Informatique de Sécurité company, whose head office is at 2 avenue des Puits à Montceau Les Mines, registered at the RCS of Châlon sur Saône under number 339 178 949 (hereafter “IDS”). IDS is a ISO 27001:2013 certified host, accredited in France for hosting personal health data. The list of accredited hosts can be accessed on the website of the ASIP Santé government agency (the French agency for digital health) at the following address:

http://esante.gouv.fr/services/referentiels/securite/hebergeurs-agrees

IDS provides a service of highly secure hosting, storage and internet connectivity on behalf of iHealth and delivers its services through a number of communication, data processing and storage centres. They are equipped with advanced devices and security procedures and access to them is strictly restricted and controlled by several security measures (personnel and security interlocks, specific access control readers, etc.). Some of these centres can be hosted in the premises of external service providers, but they are exclusively operated by IDS personnel.

Encryption of communications between Users’ terminals and the secure iHealth Cloud, authentication of Users and daily backup of Personal Data filed are provided by the security module defined and operated by IDS, which supports all technological developments necessary to protect the availability, confidentiality, integrity and auditability of their Personal Data processed by the Applications. IDS and iHealth take all reasonable necessary measures to ensure that Users’ Personal Data are processed securely and in accordance with this Notice.

5. PERIOD FOR PRESERVATION OF PERSONAL DATA

Users’ Personal Data are preserved for a period that does not exceed the relevant and necessary period for accomplishment of the purposes for which they have been collected and processed, except for the legal or specific recommendation of the CNIL (National Commission of Computing and Freedoms).

Users’ Personal Data are kept as long as their account is not deleted (on this question, the User may refer to Article 6.5 of this Notice).

6. USERS’ RIGHTS

In accordance with the Regulations, the User has a right of access, opposition, correction and, subject to applicable legal provisions, of deletion of Personal Data concerning him, by contacting iHealth:

By email at the following address: support@ihealthlabs.eu

By postal mail at the following address: iHealthLabs Europe, 36 rue de Ponthieu, 75008 Paris, France.

6.1 Right of access and recovery of Personal Data

Every User has a right with respect to his privacy, secrecy and free access to all information about his health. At any time and on simple request, the User may, by a secure procedure, have easy access to information about his health in connection with the Applications, in an easily accessible and exportable form.

Thus, iHealth makes available, in an open and structured form currently in use and machine readable, allowing preservation, Users’ Personal Data, the access rights granted and access history for such Personal Data. It is hereby stated that iHealth may deny requests that are obviously abusive, including by their number, or their repetitive or systematic character.

Users may access information about their health in relation to the Applications and Products in various ways.

- Users may have access by contacting iHealth (cloud recovery), or,

- Users may also have access through a third party such as a family member or health professional that they have designated to obtain communication. These are health professionals and institutions or health services caring for Users who originate production of collection of hosted health Personal Data.

To make a request, please contact us:

-       By email at the following address: support@ihealthlabs.eu

-       By postal mail at the following address: iHealthLabs Europe, 36 rue de Ponthieu, 75008 Paris, France.

If a User has questions or comments about their Personal Data, in particular about their source, purpose of processing, categories of Personal Data processed or categories of recipients to whom the Personal Data are communicated, we invite him to contact us.

6.2 Right of opposition to processing of Personal Data

Any User has the right to oppose, for legitimate reasons, the processing of Personal Data concerning them by contacting iHealth.

However, absence of communicating certain Personal Data may have consequences on the use of the Products and Applications, including being unable to connect or use them.

6.3 Right to correction of Personal Data 

Any User proving their identity may at any time request that Personal Data about them be corrected, completed or updated. To do this, the User may contact iHealth.

6.4 Right of deletion of Personal Data

Subject to applicable legal provisions, User’s Personal Data that is inaccurate, incomplete, equivocal, out of date or which was collected while he was a minor at the time of collection may be deleted upon request by contacting iHealth.

6.5 Deletion of iHealth account

If a User wishes to delete his iHealth account, he must contract iHealth at the following email address: support@ihealthlabs.eu. Deletion of the account cannot be done from mobile Applications or the website.

The User’s Personal Data will then be deleted from the secure iHealth Cloud.

However, iHealth maintains and regularly conducts a guarantee of security of Personal Data by a backup procedure, in accordance with the legal and regulatory provisions.

Users’ Personal Data may be archived on the secure iHealth Cloud if they provide evidence of a right or a contract, or archived for compliance with a legal obligation in accordance with the provisions in force. The time for archiving therefore corresponds to the required duration. Archived Personal Data may only be consulted on an ad hoc basis and motivated by Users or through a health professional that they designate to obtain communication.

If backups archived by iHealth reach the end of their legal period for preservation, they will be either permanently deleted, or irreversibly anonymised for statistical and scientific purposes. Thus, iHealth cannot guarantee the Users’ Personal Data will always be accessible.

For this reason and prior to deletion of his account, the User may at any time and on simple request, by a secure procedure, have easy access to information about his health, in an easily accessible and exportable form (for means of access on recovery of Personal Data see preceding Article 6.1 of the Notice).

7. USE OF COOKIES

As already indicated under the heading and tab [INSERT HYPERLINK HERE], Cookies may be placed in the User’s terminal to identify his browser or device. iHealth uses Cookies and other similar technologies to collect technical information about how Users use the Applications and to adapt its Products to the needs of Users, including offering new functions.

Cookies and other similar technologies also allow optimising and simplifying the use of Applications in order to ensure their correct operation.

Cookies collect technical information from the User’s terminal to track data, for example on how the User uses the Applications and any errors that may occur. These analysis data may be sent to the secure iHealth Cloud.

When installing the Application, the User has the choice to accept or refuse Cookies.

In addition, they may later block Cookies by activating a setting on the terminal which allows for refusing to have Cookies placed. However, if the User sets his terminal to block all Cookies (including essential Cookies) the User may not be able to use the Applications or only certain functions of the Applications.

8. MINOR USERS

iHealth does not collect or process any Personal Data associated with a person who is confirmed to be under eighteen (18) years of age unless we have the prior and verifiable consent of their parents or legal guardians (hereafter referred to as "Parents or Guardians"). If the User is less than eighteen (18) years old, his Parents or Guardians must agree to iHealth by contacting us:

-       By email at the following address: support@ihealthlabs.eu

-       By postal mail at the following address: iHealthLabs Europe, 36 rue de Ponthieu, 75008 Paris, France.

If you are a parent or guardian with questions or comments about your child's Personal Data, we invite you to contact us.

If we collect or process Personal Data of a person under eighteen (18) years of age, or a minor who uses our Applications and Products without the consent of his Parents or Guardians, we would be obliged to permanently delete his Personal Data from our secure iHealth Cloud as soon as we know about it and have confirmation.

9. MODIFICATIONS TO THIS PRIVACY POLICY

iHealth reserves the right to modify this Notice at any time and in particular to adapt it to the needs of Users.

Any new version will be posted on the website and iHealth will notify Users of changes to this Notice by email or a push notification in the Applications so that Users can read them. The User’s consent to this new Notice will also be asked of the User.

The online version on the website shall prevail over any other version of this Notice, except for changes that occur following an order under ordinary law.

The nullity of a clause does not invalidate the Notice, which continues to have effect.

10. CONTACT

If you have any questions or comments regarding this Notice, please contact us:

-       By email at the following address: support@ihealthlabs.eu

-       By postal mail at the following address: iHealthLabs Europe, 36 rue de Ponthieu, 75008 Paris, France.