Data Privacy Policy
GDPR - Data Processing Agreement Addendum
Last revised: May 21, 2024
Data Privacy Policy
Section 1: Introduction
1.1. Purpose
The purpose of this Data Privacy Policy is to inform you about how Quantum Touch Limited ("Healthwoosh") collects, uses, and shares personal data when you use our services, including mobile apps, websites, AI services, third-party integrations, workflows, loyalty rewards platform, and SMS services. This policy also covers the data processing activities within our open ecosystem, where third parties and users can develop and test their own applications and services.
1.2. Scope
This policy applies to all data subjects whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws in Ireland.
1.3. Data Controller and Data Processor
Healthwoosh is the data controller for personal data collected directly from our users. For data processed on behalf of third parties, Healthwoosh acts as a data processor. We ensure all third-party services used comply with GDPR standards and are hosted within the EU, unless otherwise specified by the data controller.
1.4. Playground Ecosystem
This policy also applies to the data collected and processed within our playground ecosystem, where users can register to develop, test, and deploy their own applications and services using our platform.
Section 2: Data We Collect
2.1. Personal Data
We collect various types of personal data to provide and improve our services, including but not limited to:
Identification information (e.g., name, contact details)
Health-related information (for pharmacy services)
Usage data (e.g., app interaction, IP address)
Transaction data (e.g., purchase history)
2.2. Sources of Data
Data is collected directly from users, through third-party integrations, and via automated means (e.g., cookies, server logs).
2.3. Playground Ecosystem Data
Data collected within the playground ecosystem includes user-generated content, application data, testing results, and usage metrics of the developed applications and services.
Section 3: How We Use Your Data
3.1. Purposes
Personal data is used for:
Providing and maintaining services
Personalizing user experience
Processing transactions
Communicating with users
Ensuring security and compliance
3.2. Legal Basis
Data processing is based on:
User consent
Contractual necessity
Legal obligations
Legitimate interests
3.3. Playground Ecosystem Use
Data within the playground ecosystem is used to facilitate the development, testing, and deployment of user-generated applications and services.
Section 4: Sharing Your Data
4.1. With Third Parties
We may share data with:
Service providers and partners
Regulatory authorities
Other entities with user consent
4.2. Data Transfers
All data transfers are conducted within the EU, ensuring compliance with GDPR. If data needs to be transferred outside the EU, we will ensure adequate safeguards are in place.
4.3. Playground Ecosystem Sharing
Data generated within the playground ecosystem may be shared with other users and third-party developers as part of collaborative development efforts, provided such sharing complies with GDPR and is necessary for the functionality of the ecosystem.
Section 5: Data Security
5.1. Measures
We implement technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. These include encryption, access controls, and regular security assessments.
5.2. Playground Ecosystem Security
Additional security measures are in place to protect the integrity and confidentiality of data within the playground ecosystem, including isolated environments for testing and development.
5.3. Data Contoller Specifc Responsibilities:
Healthwoosh hosts client data within secure environments as part of its services. For clients whose data processing or storage requirements exceed predefined thresholds, Healthwoosh may recommend or strongly require enhancements and migration to external hosting under the Data Controller’s direct management. Data hosting, security, and compliance will then fall under the responsibility of the Data Controller per our terms, DPA and this data privacy unless another agreement exists with the Data Controller.
Healthwoosh provides robust technical and organizational measures at its company scale to secure the platform. However, Data Controllers remain responsible for securing their own hosting environments, workflows, data storage, and integrations. This includes performing periodic security reviews as part of any instructed scaling plan if Data Controller is advised to move those elements in house/on their premise.
Data Controllers using the Playground Ecosystem must anonymize personal data used in testing and ensure that their applications meet security requirements before deployment. Healthwoosh disclaims liability for vulnerabilities or data breaches resulting from Controller negligence.
Section 6: Your Data Protection Rights
6.1. Rights
Users have the right to:
Access their data
Rectify inaccurate data
Erase their data
Restrict or object to processing
Data portability
6.2. Exercising Rights
Users can exercise their rights by contacting us at [insert contact email].
Section 7: International Data Transfers
7.1. Compliance
All international data transfers comply with GDPR requirements. We use Standard Contractual Clauses (SCCs) or other approved mechanisms for transfers outside the EU.
7.2. Playground Ecosystem Transfers
Data within the playground ecosystem is primarily stored and processed within the EU, ensuring GDPR compliance. Any necessary transfers outside the EU will follow strict compliance protocols.
Section 8: Responsibilities of Data Controllers
8.1. User Responsibility
As a user of our playground ecosystem, you are considered a co-creator and data controller for the applications and services you develop and deploy. You are responsible for ensuring that any personal data you process complies with GDPR and other applicable data protection laws. This includes:
Selecting third-party services that comply with GDPR standards.
Ensuring the terms of service and privacy policies of third-party services are compatible with your intended use.
Maintaining and updating your own terms of service and privacy policies for the applications and services you develop.
8.2. Compliance
You must ensure that your processing activities within the playground ecosystem adhere to all applicable data protection laws and regulations. Healthwoosh provides tools and resources to assist you, but ultimate responsibility rests with you as the data controller.
Section 9: Retention of Data
9.1. Period
Personal data is retained only as long as necessary for the purposes for which it was collected, or as required by law.
9.2. Playground Ecosystem Data Retention
Data generated within the playground ecosystem is retained for the duration of the development project or as specified by the user, subject to legal and operational requirements. It is always the Data Controllers responsibility to advise how long to retain data and when to delete data.
If data is hosted by Data Controller, Once hosting transitions to a Data Controller's infrastructure, retention periods and compliance become their responsibility.
Data on unlicenced accounts may be immediately and permanently deleted from our servers. Any such event is non recoverable.
Section 10: Children's Privacy
10.1. Policy
Our services are not intended for use by children under 16. We do not knowingly collect data from children without parental consent.
Section 11: Changes to this Privacy Policy
11.1. Updates
We may update this policy to reflect changes in our practices or legal requirements. Users will be notified of significant changes through our services or via email.
Section 12: Contact Us
12.1. Contact Information
For any queries or concerns regarding this policy, please contact us at:
Quantum Touch Limited (Healthwoosh)
fisk@healthwoosh.ai
Data Privacy Policy
Section 1: Introduction
1.1. Purpose
The purpose of this Data Privacy Policy is to inform you about how Quantum Touch Limited ("Healthwoosh") collects, uses, and shares personal data when you use our services, including mobile apps, websites, AI services, third-party integrations, workflows, loyalty rewards platform, and SMS services. This policy also covers the data processing activities within our open ecosystem, where third parties and users can develop and test their own applications and services.
1.2. Scope
This policy applies to all data subjects whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws in Ireland.
1.3. Data Controller and Data Processor
Healthwoosh is the data controller for personal data collected directly from our users. For data processed on behalf of third parties, Healthwoosh acts as a data processor. We ensure all third-party services used comply with GDPR standards and are hosted within the EU, unless otherwise specified by the data controller.
1.4. Playground Ecosystem
This policy also applies to the data collected and processed within our playground ecosystem, where users can register to develop, test, and deploy their own applications and services using our platform.
Section 2: Data We Collect
2.1. Personal Data
We collect various types of personal data to provide and improve our services, including but not limited to:
Identification information (e.g., name, contact details)
Health-related information (for pharmacy services)
Usage data (e.g., app interaction, IP address)
Transaction data (e.g., purchase history)
2.2. Sources of Data
Data is collected directly from users, through third-party integrations, and via automated means (e.g., cookies, server logs).
2.3. Playground Ecosystem Data
Data collected within the playground ecosystem includes user-generated content, application data, testing results, and usage metrics of the developed applications and services.
Section 3: How We Use Your Data
3.1. Purposes
Personal data is used for:
Providing and maintaining services
Personalizing user experience
Processing transactions
Communicating with users
Ensuring security and compliance
3.2. Legal Basis
Data processing is based on:
User consent
Contractual necessity
Legal obligations
Legitimate interests
3.3. Playground Ecosystem Use
Data within the playground ecosystem is used to facilitate the development, testing, and deployment of user-generated applications and services.
Section 4: Sharing Your Data
4.1. With Third Parties
We may share data with:
Service providers and partners
Regulatory authorities
Other entities with user consent
4.2. Data Transfers
All data transfers are conducted within the EU, ensuring compliance with GDPR. If data needs to be transferred outside the EU, we will ensure adequate safeguards are in place.
4.3. Playground Ecosystem Sharing
Data generated within the playground ecosystem may be shared with other users and third-party developers as part of collaborative development efforts, provided such sharing complies with GDPR and is necessary for the functionality of the ecosystem.
Section 5: Data Security
5.1. Measures
We implement technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. These include encryption, access controls, and regular security assessments.
5.2. Playground Ecosystem Security
Additional security measures are in place to protect the integrity and confidentiality of data within the playground ecosystem, including isolated environments for testing and development.
5.3. Data Contoller Specifc Responsibilities:
Healthwoosh hosts client data within secure environments as part of its services. For clients whose data processing or storage requirements exceed predefined thresholds, Healthwoosh may recommend or strongly require enhancements and migration to external hosting under the Data Controller’s direct management. Data hosting, security, and compliance will then fall under the responsibility of the Data Controller per our terms, DPA and this data privacy unless another agreement exists with the Data Controller.
Healthwoosh provides robust technical and organizational measures at its company scale to secure the platform. However, Data Controllers remain responsible for securing their own hosting environments, workflows, data storage, and integrations. This includes performing periodic security reviews as part of any instructed scaling plan if Data Controller is advised to move those elements in house/on their premise.
Data Controllers using the Playground Ecosystem must anonymize personal data used in testing and ensure that their applications meet security requirements before deployment. Healthwoosh disclaims liability for vulnerabilities or data breaches resulting from Controller negligence.
Section 6: Your Data Protection Rights
6.1. Rights
Users have the right to:
Access their data
Rectify inaccurate data
Erase their data
Restrict or object to processing
Data portability
6.2. Exercising Rights
Users can exercise their rights by contacting us at [insert contact email].
Section 7: International Data Transfers
7.1. Compliance
All international data transfers comply with GDPR requirements. We use Standard Contractual Clauses (SCCs) or other approved mechanisms for transfers outside the EU.
7.2. Playground Ecosystem Transfers
Data within the playground ecosystem is primarily stored and processed within the EU, ensuring GDPR compliance. Any necessary transfers outside the EU will follow strict compliance protocols.
Section 8: Responsibilities of Data Controllers
8.1. User Responsibility
As a user of our playground ecosystem, you are considered a co-creator and data controller for the applications and services you develop and deploy. You are responsible for ensuring that any personal data you process complies with GDPR and other applicable data protection laws. This includes:
Selecting third-party services that comply with GDPR standards.
Ensuring the terms of service and privacy policies of third-party services are compatible with your intended use.
Maintaining and updating your own terms of service and privacy policies for the applications and services you develop.
8.2. Compliance
You must ensure that your processing activities within the playground ecosystem adhere to all applicable data protection laws and regulations. Healthwoosh provides tools and resources to assist you, but ultimate responsibility rests with you as the data controller.
Section 9: Retention of Data
9.1. Period
Personal data is retained only as long as necessary for the purposes for which it was collected, or as required by law.
9.2. Playground Ecosystem Data Retention
Data generated within the playground ecosystem is retained for the duration of the development project or as specified by the user, subject to legal and operational requirements. It is always the Data Controllers responsibility to advise how long to retain data and when to delete data.
If data is hosted by Data Controller, Once hosting transitions to a Data Controller's infrastructure, retention periods and compliance become their responsibility.
Data on unlicenced accounts may be immediately and permanently deleted from our servers. Any such event is non recoverable.
Section 10: Children's Privacy
10.1. Policy
Our services are not intended for use by children under 16. We do not knowingly collect data from children without parental consent.
Section 11: Changes to this Privacy Policy
11.1. Updates
We may update this policy to reflect changes in our practices or legal requirements. Users will be notified of significant changes through our services or via email.
Section 12: Contact Us
12.1. Contact Information
For any queries or concerns regarding this policy, please contact us at:
Quantum Touch Limited (Healthwoosh)
fisk@healthwoosh.ai
Join Newsletter