 |
Welcome to Jonda! Jonda is a cloud-based service by
Jonda Health Pte. Ltd. (“Jonda,” “we,” “us,” “our”) that helps you to
store, manage, create and share your health information and medical
records (collectively, the “Health Data”) securely using cryptographic
end-to-end security.
Jonda enables individuals to maintain and share
their Health Data as they choose via our app and other related
technologies and services (collectively, the “Services”). Please see
Jonda’s Terms of Use for more details. For the purposes of this privacy
policy (“Privacy Policy”), “you” and “your” means you as the user of the
Services.
At Jonda, we are committed to protecting the privacy of your
Health Data.
This Privacy Policy describes the information we collect
about you and how we use and disclose it, as well as your options
regarding certain uses of this information. We follow this Privacy
Policy in accordance with applicable law in the places where we operate.
In some cases, we may provide additional data privacy notices specific
to certain features or services. Those notices are to be read in
combination with this Privacy Policy, and in the event of any conflict
or inconsistency between any such additional data privacy notice and
this Privacy Policy, the terms in this Privacy Policy shall prevail.
Please note that our app may contain links to other sites not owned or
controlled by us and we are not responsible for the privacy practices of
those sites. We encourage you to be aware when you leave our app or
sites and to read the privacy policies of other sites that may collect
your personal data.
If you have any questions or concerns about this
Privacy Policy, please contact us at daniel@jonda.io.
| 1. |
How we secure your Health Data
Our commitment is to
make privacy and security available to you to manage your Health Data.
That’s why we use cryptographic end-to-end security to protect the
Health Data you share, store and create on Jonda.
We encrypt all and
every transmission containing personal data using, among others, Secure
Socket Layer technology (SSL) and apply additional encryption on the
Health Data uploaded and stored in protected storage folders (the
“Encrypted Data”).
We never collect or store your Health Data, unique
encryption keys (“Security Token”) and passwords in an unencrypted or
invertible form. The Encrypted Data can only be decrypted by you, except
when you authorise us or a third-party to exchange or share data. To the
best of our knowledge, Jonda is unable to decrypt the Encrypted Data and
accordingly, cannot access it, unless you authorise us to do so.
However, when creating your account and using the Services, you may also
submit some non-encrypted data, including personal data (for more
details, please refer to the section on “Account Information” below).
|
| 2. |
What information we collect |
| 2.1. |
Where we refer to “personal data”, we mean data, whether true or not,
about an individual who can be identified from that data, or from that
data and other information to which we have or are likely to have
access, and any other data falling within the definitions of “personal
data” or “personal information” in the applicable laws relating to
privacy and data protection.
|
| 2.2. |
Account information.
When you sign up for and use the Services, you may provide us with
information about you for account creation and maintenance (“Account
Information”). Such Account Information may include, as applicable
and/or as required or permitted under applicable laws, items such as
your name, profile photo, email address, address, date of birth, gender,
race or ethnicity, device identifiers, IP address, password, location,
payment information and other information pertaining to your
transactions on the Services, and information about your medical
providers. We will let you know at the time of collection when it is
optional for you to provide certain information, and when it is
necessary in order to use certain Services.
|
| 2.3. |
Profiles
If you decide you want to create multiple profiles under your Jonda
account that may relate to other individuals, you may provide us with
certain personal data of those individuals, such as their names, in
order to fulfil your request for such profiles. You represent and
warrant that any disclosure of another individual’s personal data by you
to Jonda for the purpose of creating profiles under your Jonda account
is within the scope of the consent validly given by that individual to
you or which you may validly provide on behalf of that individual.
|
| 2.4. |
Your Health Data.
Jonda provides a technology service
that allows you to upload, store, create and share your Health Data
securely. As part of the Service, you may choose to provide us with your
Health Data as follows: (i) your health information and medical records
typically by taking a photo, scanning or uploading a file; (ii) other
information about your health, such as information about your medical
condition(s), how you are feeling or pain management; and (iii) data
from wearables or diagnostic equipment, among others. Jonda consolidates
and encrypts such Health Data and converts them into encrypted
structured standardized digital data. Jonda is unable to decrypt your
Health Data as your Security Token is held by you on your compatible
device. We are not responsible or liable for the completeness or
accuracy of the information in your Health Data.
|
| 2.5. |
Usage information. When you use
the Services, we may automatically collect technical and
navigational information relating to your interaction with
and customer support for the Services, such as the language
of device, device type, unique device type and identifiers,
type of operating system, installed version, your interactions
with our customer support (such as the date, time and reason
for contacting us, transcripts of any chat conversations),
and information related to the performance of the Services
(such as crash logs, build analytics and other performance
statistics generated when you use the Services)
(collectively, “Usage Information”). With your permission where
required, such Usage Information may be collected by us or
our service providers, partners or advertising networks via
the use of cookies and other technologies on the Services
(for more details, please see the section on “Cookies and
other tracking technologies” below).
|
| 2.6. |
Payment and billing information.
When you pay a
third-party for your subscription package for the Services (e.g. on an
app store like the Apple App Store) your payment information is directly
collected and controlled by that third-party. However, we receive
invoice receipts from third-parties for your subscription purchase and
these receipts are stored by us as we have to keep them for internal
accounting and tax purposes and to comply with our legal obligation as
per any applicable laws, audits, claims, legal proceedings and/or
investigations.
|
| 2.7. |
Product interaction and feedback. We
may collect responses to surveys that we invite you to complete, search
queries within the Services, and transactions you make regarding the
Services. We collect product interaction and feedback that you provide
us through our Services to provide you with the Services, improve and
enhance our Services, and conduct research and analytics.
|
| 2.8. |
Other information.
We collect any other information you
choose to include in communications with us, for example, when sending a
message or submitting information through a webform.
|
| 3. |
How we use information
|
| 3.1. |
Jonda will use your information to create and manage your Jonda account, and may
also use your information for any or all of the following purposes:
| (a) |
To perform obligations in the course of or in
connection with our provision of the Services to you;
|
| (b) |
To help us create, develop, operate, deliver and
improve the Services, and when necessary, for loss prevention and
anti-fraud purposes, and account and network security purposes;
|
| (c) |
To verify your identity;
|
| (d) |
To send important notices regarding the Services, including software updates,
changes to our terms, conditions and policies;
|
| (e) |
To respond to, handle and process queries, requests, applications,
complaints, and feedback from you;
|
| (f) |
To manage your relationship with us;
|
| (g) |
To process payment or credit transactions; |
| (h) |
to send marketing information about
our products or Services, including notifying you of our marketing
events, initiatives and promotions;
|
| (i) |
To comply with
any applicable laws, regulations, codes of practice, guidelines, or
rules, or to assist in law enforcement and investigations conducted by
any governmental and/or regulatory authority; |
| (j) |
Any other purposes for which you have provided the information; and |
| (k) |
Any other incidental business purposes related to or
in connection with the above. |
|
| 3.2. |
Jonda does not make
decisions based solely on automated processing, including profiling,
which have legal consequences for, or significantly affect, our users. |
| 3.3. |
Jonda may access information about your use of the
Services in order to create aggregate usage data for both internal use
and, in some cases, public dissemination. Such statistics will not
contain any personal data about you or any other Jonda users. |
| 4. |
When we disclose information to third parties |
| 4.1. |
We may disclose your personal data and / or Account
Information (excluding any Encrypted Data): |
| |
| (a) |
Where such disclosure is required for performing obligations in the course of
or in connection with our provision of the Services to you;
|
| (b) |
To third party service providers, agents and other
organisations we have engaged to perform any of the functions listed in
clause 3.1 above for us; |
| (c) |
To our affiliates or
otherwise within our corporate group for the purposes of providing the
Services or with your consent where required by applicable law; |
| (d) |
To comply with valid legal processes including
subpoenas, court orders or search warrants, and as otherwise authorised
by law; |
| (e) |
To professional advisors, such as auditors, law firms and accounting firms; |
| (f) |
In connection with
a bankruptcy, merger, acquisition or sale or other business transaction,
involving all or a portion of our assets or business, and user
information will also be transferred as part of or in connection with
the transaction; |
| (g) |
To enforce any applicable terms of service; or |
| (h) |
When you request us to share certain information with third parties; |
|
| 4.2. |
The purposes listed
in clauses 3.1 and 4.1 above may continue to apply even in situations
where your relationship with us (for example, pursuant to a contract)
has been terminated or altered in any way, for a reasonable period
thereafter. |
| 4.3. |
When you make a decision to share your
personal data outside of the Services or with a healthcare provider or
other external party, the data practices under this Privacy Policy will
no longer apply to the information held by that external party. We
recommend that you review and determine whether you are comfortable with
the external party’s privacy policy prior to sharing your personal data
outside of the Services or with the external party. |
| 4.4. |
It is worth noting that we will not disclose and we have no ability to
disclose your Encrypted Data, unless you authorise us to access them and
make the relevant disclosure. |
| 5. |
Transfer of personal data to a foreign country |
| 5.1 |
We store your information
on our servers, and on the servers of the third-party service providers
which we engage, which are located in Singapore, and we keep or transfer
information to and from Singapore for storage and processing. |
| 5.2. |
Aside from that mentioned in clause 5.1 above, we
generally do not transfer your personal data to countries outside of
your country of residence. However, if we do so, we will take steps to
ensure that your personal data continues to receive a standard of
protection that is at least comparable to that provided under the
applicable laws relating to privacy and data protection. |
| 6. |
Your controls and choices |
| 6.1. |
We provide you the ability to exercise certain controls and choices
regarding our collection, use and disclosure of your personal data. In
accordance with applicable law, your controls and choices may include: |
| |
| 6.1.1. |
Access to and correction of personal data. If you wish to
(i) access the personal data which we hold about you or information
about the ways in which we use or disclose your personal data, or (ii)
correct or update any of your personal data which we hold about you, you
can access the personal data we hold about you by logging into your
account. If you believe we hold any other personal data about you, you
may submit your access or correction request via email to our data
protection officer at the email address provided below. In case you have
made your subscription via an app store, then you may have to request
for access to or correction of your subscription / personal data on the
relevant app store platform as per their applicable processes. For the
avoidance of doubt, please note that we do not have access to your
Encrypted Data, unless you have authorised us to access the same.
|
| 6.1.2. |
Data portability. In some jurisdictions, the applicable
law may entitle you to request copies of personal data that you have
provided to us in a structured, commonly used, and machine-readable
format and/or request us to transmit this information to another service
provider (where technically feasible). You can issue such a request by
contacting us using the information below. In case you have made your
subscription via an app store, then you may have to request for access
to your subscription / personal data or portability of your subscription
/ personal data on the relevant app store platform as per their
applicable processes. |
| 6.1.3. |
Withdrawal of consent. For data
that we collect and process based on consent obtained from you, you may
withdraw your consent at any time, by selecting preferences available on
our app, on your device, or by contacting us using the information
below. We shall review your request and may ask you to verify your
identity. Whilst we respect your decision to withdraw your consent,
please note that depending on the nature and scope of your request, we
may not be in a position to continue providing the Services to you.
Please note that withdrawing consent does not affect our right to
continue to collect, use and disclose personal data where such
collection, use and disclosure without consent is permitted or required
under applicable laws. |
| 6.1.4. |
Data erasure. In certain jurisdictions where you have the legal right to request for the erasure
of your personal data, you can request that we erase your information
and close your Jonda account by contacting us using the information
below. The erasure of your information will result in your subscription
being terminated without any refunds. In case you have made your
subscription via an app store, then you will have to unsubscribe
yourself from the relevant app store platform and / or request for the
erasure of your personal / subscription data on the relevant platform as
per their applicable processes. Please note that if you request for the
erasure of your personal information, we may retain some of your
personal information as necessary for our legitimate business purpose,
such as fraud detection and prevention and enhancing safety, or to the
extent necessary to comply with our legal obligations. |
| 6.1.5 |
Objection to processing. In certain jurisdictions where you have the
legal right to object to the use of your personal data with respect to
certain types of processing, you may object by changing your
preferences, or disabling cookies and other tracking technologies. If
you wish for us to cease or restrict processing of your personal data
then, unless the Services allow you to select available preferences, you
should cease to use the Services. In case you have made your
subscription via an app store, you may have to object to the processing
of your subscription / personal data on the relevant app store platform
as per their applicable processes. |
|
| 6.2. |
We may need to collect and process personal data by law, or under the terms of a
contract we have with you. If you choose not to give us this personal
data or if you wish for us to cease or restrict processing of such
personal data, it may delay or prevent us from providing the Services to
you or providing you with further access to your Jonda account. |
| 7. |
Integrity and retention of information |
| 7.1. |
You must keep your Account Information accurate, complete and up-to-date. |
| 7.2. |
Jonda will retain personal
data about you as long as necessary to fulfil the purposes for which it
was collected, or as required or permitted by applicable laws. We will
cease to retain your personal data, or remove the means by which the
data can be associated with you, as soon as it is reasonable to assume
that such retention no longer serves the purpose for which the personal
data was collected, and it is no longer necessary for legal or business
purposes. |
| 8. |
Cookies and other tracking technologies |
| 8.1. |
A cookie is a small text file that can be stored on and
accessed from your device when you use the Services, to the extent you
agree. Other tracking technologies work similarly to cookies and place
small data files on your devices or monitor your website activity to
enable us to collect information about how you use the Services. The
information provided below about cookies also applies to these other
tracking technologies. |
| 8.2. |
We and our service providers
may use cookies and other technologies to store information in your web
browser or on your devices that allow us to store and receive certain
pieces of information whenever you use or interact with the Services.
Such cookies and other technologies help us to identify and learn more
about our users and their likely interests, and to deliver and tailor
marketing or advertising. We may also use cookies and other tracking
technologies to control access to certain content on the Services,
protect the Services, and to process any requests that you make to us. |
| 8.3. |
Most websites, mobile devices and apps automatically
accept cookies but, if you prefer, you can change your browser, device
or app settings to prevent that or to notify you each time a cookie is
set. Please note however, that by deleting or disabling cookies used on
our Services or website, you may not be able to take full advantage of
our Services or website. |
| 9. |
Children’s privacy |
| 9.1. |
We do not knowingly permit any person who is under 16
years of age to register for an account. If we become aware that any
person less than 16 years of age has been registered for an account,
then we will take the appropriate steps to delete the relevant account
and any information provided with respect to that account. |
| 9.2. |
If you are above the age of 16, you will be able to
create multiple profiles under your Jonda account, which may include
profiles for individuals under the age of 16. Where you create a profile
for an individual under the age of 16, you represent and warrant that
you may validly act on behalf of that individual for the registration,
creation and management of that individual’s profile, as well as for the
collection, use or disclosure of that individual’s personal data. |
| 10. |
Jurisdiction-specific provisions |
| 10.1. |
European Union |
| |
| 10.1.1. |
If you are in the European Economic Area
(“EEA”) or the United Kingdom (“UK”), the disclosures set out below
apply to you in addition to the disclosures set out in the general
sections of this Privacy Policy above. |
| 10.1.2. |
For the purpose of
applicable data protection laws, we are the data controller. |
| 10.1.3. |
Your information will be processed on the basis of the following legal bases:
| Purpose |
Categories of data |
Legal basis (Article 6) |
Legal basis (Article 9) |
| To keep you posted on available
products, Services, software updates, and
upcoming events. You can opt out of these
communications in the manner designated in
the specific communication or within your
account. |
Account Information |
Consent |
Explicit consent |
| To help us create,
develop, operate, deliver and improve our
products and Services. |
Account Information |
Consent |
Explicit consent |
| For loss prevention
and anti-fraud purposes and account and
network security purposes. |
Account Information |
Our legitimate
interests in maintaining the security and
integrity of our systems and networks. |
N/A |
| To send important
notices regarding Jonda products and
Services, including changes to our terms,
conditions, and policies. |
Account Information |
Our legitimate interests in keeping you up to date regarding the Services. |
N/A |
|
| 10.1.4. |
Your rights. If you are
located in the EEA or the UK, you have certain rights in relation to
personal information about you:
| (a) |
Access: You have the
right to access information we hold about you, ho w we use it, and who we
share it with. |
| (b) |
Portability: You have the right to
receive a copy of the information we hold about you and to request that
we transfer it to a third party, in certain circumstances and with
certain exceptions. |
| (c) |
Correction: You have the right to
correct any personal information about you we hold that is inaccurate. |
| (d) |
Erasure: In certain circumstances, you have the right to
delete the information we hold about you. |
| (e) |
Restriction of processing to storage only: You have the right to require us to stop
processing the information we hold about you, other than for storage
purposes, in certain circumstances. |
| (f) |
Objection: You have the right to object to our processing of personal information about you. |
| (g) |
Objection to marketing: You can object to
marketing at any time by opting-out using the unsubscribe / opt-out
function displayed in our communications to you. |
| (h) |
Withdrawal of consent: You have the right to withdraw your consent at
any time. |
|
| 10.1.5. |
Please note that a number of these rights only
apply in certain circumstances, and all of these rights may be limited
by law. |
| 10.1.6. |
To exercise any of these rights, you can contact
us using the information provided below. We will respond to requests to
exercise these rights without undue delay and we will use reasonable
efforts to respond within one month of receipt of the relevant request
(though this may be extended by a further two months in certain
circumstances). |
| 10.1.7. |
Storage and transfer of personal
information about you. The information that we collect from you may be
transferred to and stored at/processed in countries outside the EEA and
UK. Your information may also be processed by staff operating outside
the EEA and the UK who work for us or one of our third-party service
providers or partners. We will take all steps reasonably necessary to
ensure that personal information about you is treated securely and in
accordance with this Privacy Policy. For any transfers of data outside
the EEA or the UK, the data transfer will be on the basis of your
explicit consent. |
| 10.1.8. |
Retention of personal information. We
will retain personal information about you as follows:
| (a) |
Where you have authorised us to access and share or exchange your Health
Data, we will retain your Health Data for as long as you keep your
account open or as needed to provide you with the relevant Services; |
| (b) |
Your Account Information for as long as you keep your
account open or as needed to provide you with our Services; |
| (c) |
If you contact us, we will keep your data for as long as
you keep your account open or as needed to provide you with our
Services; |
| (d) |
Your Usage Information for as long as you
keep your account open and as long as it is needed to provide our
Services and usage metrics; and |
| (e) |
We will also retain and
use your information to the extent necessary to comply with our legal
obligations, resolve disputes and enforce our terms and conditions,
other applicable terms of service, and our policies. |
|
| 10.2. |
If
you live in another part of the world not specifically mentioned here,
please contact our data protection officer using the information
provided below. |
| 11. |
Changes to this policy |
| 11.1. |
This Privacy Policy applies in conjunction with any other
notices, contractual clauses and consent clauses that apply in relation
to the collection, use and disclosure of your personal data by us. |
| 11.2. |
We reserve the right to make changes to the terms of this
Privacy Policy from time to time. We will give you advance notice of any
materials changes (except those that may need to be made immediately in
order to comply with law or to deal with an urgent situation that
threatens the security of information held by Jonda or severely impacts
the functionality of the Services), and obtain your consent to the
changes where required by law. You may also determine if any such
revision has taken place by referring to the date on which this Privacy
Policy was last updated. The updated Privacy Policy will be effective as
of the time of posting, or such later date as may be specified in the
updated Privacy Policy. Your continued use of the Services after any
updates constitutes your acknowledgement and acceptance of those
changes. |
| 12. |
Contact us |
| 12.1. |
If you have
questions or feedback related to our Privacy Policy or our privacy or
security practices, or if you would like to exercise any of your rights
outlined in this Privacy Policy, please email our data protection
officer at daniel@jonda.io. |
|
|
|