Privacy policy
1. Important notice of compliance
1.1 GDPR applies to us in our dealings with you. We are fully compliant with this law, and we will ensure, in respect of the personal data you give us or that we obtain about you, that notwithstanding any other term or condition express or implied in or from your dealings with us that:
1.1.1 Your personal data is processed fairly and lawfully;
1.1.2 We provide timely and appropriate notice to you about our data practices;
1.1.3 Your personal data is obtained only for the lawful purposes that facilitate your dealings with us and shall not be further processed in any manner incompatible with those purposes;
1.1.4 The personal data we obtain from you is adequate, relevant and not excessive in relation to the purpose or purposes for which processing is required;
1.1.5 Your personal data will, at your request or as known to us from your dealings with us, be updated and corrected.
1.1.6 Your personal data processed for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes;
1.1.7 We will take commercially reasonable steps to ensure that your personal information is reliable for its intended use, accurate, complete, and, where necessary, kept up-to-date;
1.1.8 Your personal data is processed in accordance with your rights as a data subject under the GDPR. In this regard, see more below;
1.1.9 We shall not use your personal information for direct marketing purposes without giving you an opportunity to “opt-out”
1.1.10 Appropriate technical and organisational measures will be taken by us against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data; and
1.1.11 Your personal data will not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
2. Your Rights under GDPR
2.1 The GDPR provides the following rights for individuals which we respect and to which we adhere. The rights you have as a “data subject” (as the GDPR describes you to be) are as follows:
2.1.1 The right to be informed about our use of your personal information;
2.1.2 The right to access the personal information we hold on you;
2.1.3 The right to correct errors in the personal information we hold on you;
2.1.4 The right to have the personal information we hold on you erased;
2.1.5 The right to restrict processing by us of your personal information;
2.1.6 The rights to “data portability” as prescribed by the GDPR, of the personal information we hold on you;
2.1.7 The rights in certain circumstances specified in the GDPR, including use for direct marketing, to object to our processing of your personal information;
2.1.8 The rights in relation to automated decision making and profiling as specified in the GDPR; and
2.1.9 The right to claim compensation for damages caused to you by our breach of the GDPR.
2.2 Contact us at hello@evelynhealth.com if you wish to exercise any of your rights under the GDPR, or if you have any questions or wish to check on any aspect relating to your personal data held by us. Please note we do not process details relating to your means of payment, nor do we process personal information you may supply to third parties you have accessed via our services.
3. Global Privacy Policy
3.1 EVELYN HEALTH LIMITED (the “Company”) respects your right to privacy. This Privacy Policy summarises what personal information we may collect, how we may use this information, and other important topics relating to your privacy and data protection.
3.2 It is the Company’s policy to comply with all applicable privacy and data protection laws. This commitment reflects the value we place on earning and keeping the trust of our customers, business partners and others who share their personal information with us.
3.3 This Policy applies to all Internet sites and mobile applications operated by or on behalf of the Company and includes its affiliates and subsidiaries worldwide (each a “Company Internet Site or App”). It also applies to personal information we may otherwise collect:
3.3.1 Through our products and services;
3.3.2 When you interact with us by means other than a Company Internet Site or App, for example, in person, by telephone, or at a trade show; and
3.3.3 From our customers, distributors, suppliers, vendors, and other business partners (collectively “Business Partners”).
4. Personal Information the Company Collects
Information You Provide
4.1 The Company collects personal information you provide us, which may include:
4.1.1 Contact information, such as your name, company name, job title, address, e-mail address, and phone number;
4.1.2 Additional information about how you use our products;
4.1.3 Comments, questions, requests and orders you may make;
4.1.4 Financial information needed to process payments if you make purchases, such as credit card or account information or tax identification number; and
4.1.5 Information about your preferences, such as your preferred methods of communication and product types in which you are interested.
Information Automatically Gathered from Your Device
4.2 Device and browser information
The Company may collect technical information about your device, such as device type, browser type, IP address, operating system, and device identifier. The Company collects this information automatically from your device and web browser through cookies and similar technologies.
4.3 Information about how you interact with us
The Company may collect technical data about your usage of Company Internet Sites and Apps and how you interact with our digital advertisements and promotions, such as content viewed or downloaded, features used, links clicked, Company promotional emails opened, and dates and times of interactions. The Company collects this information using cookies and similar technologies;
4.4 Location information
The Company may collect location information, including precise real-time location information from your device and imprecise location information derived from, for example, your IP address or postal code. Company Apps will NOT access precise-real time location information from your device unless you grant permission to do so.
4.5 Cookies and Similar Technologies
Please refer to our Cookie Policy.
4.6 Analytics
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
4.7 Information from Business Partners and other Third Parties
4.7.1 The Company collects personal information through our Business Partners. This information may include contact information, such as name, company name, job title, address, e-mail address, and phone number.
4.7.2 The Company may also obtain personal information from other third-party sources, including publicly and commercially available sources. We may combine the information we receive from our Business Partners and other third-party sources with information that we collect from you or your device, as described above.
4.7.3 You have choices about the personal information you provide the Company. You may choose not to provide information that we request, but if you do so, we may not be able to provide you with a relevant service or a particular feature for a Company Internet Site, App, or product.
5. How the Company Uses Your Personal Information
5.1 The Company may use your personal information to:
5.1.1 Develop and manage our relationships with you and our Business Partners. This may include:
5.1.1.1 Delivering services or carrying out transactions that you or our Business Partners have requested;
5.1.1.2 Providing information about Company products, services, and transactions, and advertisements, that may be of interest to you;
5.1.1.3 Providing you and our Business Partners a more consistent experience in interacting with the Company, including by learning more about you and how you use and interact with Company Internet Sites, Apps, products, and services; and
5.1.1.4 Planning, managing, and performing under our contractual relationships with our Business Partners.
5.1.2 Communicate with you or your company. This may include:
5.1.2.1 Informing you of Company products, services, and promotional activities that may be of interest to you or your company;
5.1.2.2 Providing information about relevant Company products, services, and transactions, including, for example, pricing information, technical data, invoice, shipping, or production information, warranty or recall information, or information about product or service improvements;
5.1.2.3 Responding to questions or inquiries that you make, including customer service requests; and
5.1.2.4 Inviting you to participate in, or informing you of the results of, customer satisfaction or market research surveys.
5.1.3 Provide and improve our Internet Sites, Apps, products, and services. This may include:
5.1.3.1 Customising them to your preferences or interests, making them more compatible with your technology, or otherwise making them easier to use;
5.1.3.2 Maintaining the security of and otherwise protecting them; and
5.1.3.3 And developing new Company Internet Sites, Apps, products and services.
5.1.4 Address legal issues. This may include:
5.1.4.1 Complying with our obligations to retain certain business records for minimum retention periods;
5.1.4.2 Establishing, exercising, or defending legal claims;
5.1.4.3 Complying with laws, regulations, court orders, or other legal process;
5.1.4.4 Detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law, or other misuse of Company Internet Sites, Apps, products or services; and
5.1.4.5 Protecting the Company’s rights or property, or yours or others’ health, safety, welfare, rights, or property.
5.2 The Company may also use your personal information for other uses consistent with the context in which the information was collected or with your consent.
5.3 The Company may anonymise or aggregate any of the information we collect and use it for any purpose, including for research and product-development purposes. Such information will not identify you individually.
6. When the Company May Share Your Personal Information
The Company will not disclose your personal information except as described below
6.1 The Company may share your personal information with other Company entities, including those in different countries. When we do so, these other Company entities will use your information in a manner consistent with this Policy and all applicable privacy and data protection laws.
6.2 The Company may also share your personal information with third parties we hire to perform support services for us. These third parties are required to use the personal information we share with them only to perform services on our behalf and to treat your personal information in compliance with all applicable privacy and data protection laws.
6.3 In some cases, the Company may share your personal information with third parties who partner with us to provide products and services to our customers, such as distributors. If so, we will require our Business Partners to use that information in a manner consistent with this Policy and all applicable privacy and data protection laws.
6.4 The Company may share your personal information with third parties when we have a good faith belief that disclosure is necessary:
6.4.1 To comply with a law, regulation, court order, or other legal process;
6.4.2 To detect, prevent, and respond to fraud, intellectual property infringement, violation of our contracts or agreements, violation of law, or other misuse of Company Internet Sites, Apps, products or services;
6.4.3 To protect Company rights or property or yours or others’ health, safety, welfare, rights, or property; or
6.4.4 under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal information.
6.5 The Company may share your personal information with third parties in connection with the sale, purchase, merger, reorganisation, liquidation or dissolution of the Company or a Company business unit, or under similar circumstances. If such an event occurs, we will take appropriate steps to protect your personal information.
6.6 The Company may share your information with your permission or at your request.
6.7 The Company may share anonymised or aggregated information internally and with third parties for any purpose. Such information will not identify you individually.
Legitimate Business Interests
6.8 We may process your personal information for our legitimate business interests.‘Legitimate Interests’ means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. It can and does also apply to processing which is in your interests too.
6.9 Processing for our legitimate interests may include processing for the purposes of:
6.9.1 Fraud prevention and compliance;
6.9.2 Certain direct marketing and promotional activities;
6.9.3 The provision and operation of referral marketing programmes;
6.9.4 Network and information systems security;
6.9.5 Data analytics;
6.9.6 Enhancing, modifying or improving our service;
6.9.7 Identifying usage trends; or
6.9.8 Determining the effectiveness of promotional campaigns or advertising.
6.10 In connection with the above activities, we may share your personal information with trusted suppliers who assist us in our data processing activities. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted by law).
6.11 You have the right to object to this processing if you wish and if you wish to do so please contact hello@evelynhealth.com.
7. Security of Your Personal Information
7.1 Your personal information will generally be stored in the Company’s databases or databases maintained by our service providers. Many of these databases are stored on servers located in the United States. The Company takes appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party or transferred to another country, including transfers within the Company.
7.2 The Company maintains reasonable safeguards to protect the confidentiality, security and integrity of your personal information. Although we use security measures to help protect your personal information against unauthorised disclosure, misuse, or alteration, as is the case with all computer networks linked to the Internet, we cannot guarantee the security of information provided over the Internet and will not be responsible for breaches of security beyond our reasonable control.
8. Links to Third Party Internet Sites and Plugins
8.1 Company Internet Sites and Apps may contain links to websites or mobile apps that are not operated by the Company and plugins from social media platforms and other third parties. An example of a social media plugin is the Facebook “Like” button.
8.2 We provide these links and plugins as a service and do not imply any endorsement of the activities or content of the related websites, apps, or social media platforms, nor any association with their operators. To learn about the information collected by these third-party websites, apps, and plugins, please visit their privacy policies. We encourage you to review the privacy policies for the websites, apps, and social media platforms you visit before using them or providing personal information.
9. Access to Your Personal Information
You may review, correct and update personal information you provide to us by using the Contact form on this website.
10. Retention of Your Personal Information
How long we keep your personal information will vary and will depend on the purpose and use of information collected. There are legal requirements that we keep some types of data for specific periods. Otherwise, we will retain it for no longer than is necessary for the purposes for which the data was collected.
11. Children
Company Internet Sites and Apps are not intended for children under 13 years of age. The Company will not knowingly solicit or collect personal information from or about children under 13, or the relevant minimum age under applicable local legal requirements, except as permitted under applicable law.
12. Additional Information for EU Residents
12.1 The Company’s lawful basis for processing your personal data
The lawful basis for the Company’s processing of your personal data will depend on the purposes of the processing. For most personal data processing activities covered by this Privacy Policy, the lawful basis is that the processing is necessary for the Company’s legitimate business interests. Where we process personal data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. When we are required to share personal data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your mobile device.
12.2 Processing on the basis of legitimate business interests
When we process personal information on the basis that the processing is necessary for our legitimate business interests, such interests include:
12.2.1 Providing, improving, and promoting Company Internet Sites, Apps, products, and services;
12.2.2 Communicating with current and potential customers, other Business Partners, and their individual points of contact;
12.2.3 Managing our relationships with our customers and other Business Partners, and their individual points of contact;
12.2.4 Other business development purposes;
12.2.5 Sharing information within the Company, as well as with service providers and other third parties; and
12.2.6 Maintaining the safety and security of our products, services and employees, including fraud protection.
12.3 Processing on the basis of performance of a contract
Examples of situations in which we process personal information as necessary for performance of a contract include e-commerce transactions in which you purchase a product or service from the Company, on your own behalf, through a Company Internet Site or App.
12.4 Processing on the basis of consent
Examples of processing activities for which the Company uses consent as its legal basis include:
12.4.1 Collecting and processing precise location information from your mobile device;
12.4.2 Sending promotional emails when consent is required under applicable law; and
12.4.3 Processing personal data on Company Internet Sites or Apps through cookies and similar technologies when consent is required by applicable law.
12.5 Processing because the Company is under a legal obligation to do so
Examples of situations in which the Company must process personal data to comply with its legal obligations include:
12.5.1 Payment of taxes and other government levies;
12.5.2 Providing your personal data to law enforcement agencies and other governmental bodies when required by applicable laws;
12.5.3 Retaining business records required to be retained by applicable laws; and
12.5.4 Complying with court orders or other legal process.
12.6 Additional information about the retention of your personal data
To determine the period for which your personal data will be retained in accordance with this Policy, the Company considers criteria such as:
12.6.1 Any applicable legal requirements to retain data for a certain period of time;
12.6.2 Any retention obligations related to actual or potential litigation or government investigations;
12.6.3 Any retention requirements in relevant agreements with our Business Partners;
12.6.4 The date of your last interaction with the Company;
12.6.5 The length of time between your interactions with the Company;
12.6.6 The sensitivity of the data; and
12.6.7 The purposes for which the data was collected.
12.7 Your individual rights
In accordance with the applicable laws in the European Union, you have the following rights with respect to your personal data, which apply differently in different circumstances: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability and right to object to processing. Most of these rights are not absolute. Below we describe these rights in more detail and provide information on how you can exercise them. If you make a request to exercise your rights, we will respond within one month, but have the right to extend this period by two additional months, where necessary. If we extend the response period, we will let you know within one month from your request. You can exercise your rights by using the Contact form on this website.
12.8 Right of Access
You have the right to ask the Company to confirm whether we process your personal data. If we do, you have the right to request access to your personal data that we process and the following information:
12.8.1 The purposes of the processing;
12.8.2 The categories of personal data we process;
12.8.3 The recipients or categories of recipients of your personal data;
12.8.4 The envisaged retention period of the data where possible, or the criteria we use to determine the retention period;
12.8.5 Your right to request rectification or erasure of your personal data, or restriction of the processing of such data;
12.8.6 Your right to file a complaint with a supervisory authority;
12.8.7 If we have not collected the data from you, any information we have available about the source of the data; and
12.8.8 Whether we use your personal data to make any automated decisions that have legal or other similar significant effects on you.
12.9 Right to rectification
You have the right to have the Company correct your personal data if they are inaccurate. Taking into account the purposes of the processing, you may also have the right to have incomplete personal data about you completed, including by providing a supplementary statement to the Company.
12.10 Right to object to processing for the Company’s legitimate business interests
You have the right to object to the Company processing your personal data when that data is processed on the basis of the Company’s legitimate business interests. The Company will honour your objection and stop processing the relevant personal data unless:
12.10.1 We have compelling legitimate grounds for the processing that override your interests, rights, and freedoms; or
12.10.2 We need to continue processing your personal data to establish, exercise, or defend a legal claim.
12.11 Right to object to processing for direct marketing
If the Company processes your personal data for direct marketing purposes, you have the right to object to this processing. If you exercise this right, the Company will stop processing your personal data for direct marketing purposes.
12.12 Right to restrict processing
You have the right to request that the Company restrict the processing of your personal data in the following circumstances:
12.12.1 For the period of time the Company needs to verify the accuracy of your personal data when you contest its accuracy;
12.12.2 When the processing of your personal data is unlawful and you oppose the erasure of the data, and instead request that the Company restrict the use of the data;
12.12.3 When the Company no longer needs your personal data for the purposes of processing, but you need the data to establish, exercise, or defend a legal claim; or
12.12.4 For the period of time the Company needs to verify if it has compelling legitimate grounds for processing that override your interests, rights, and freedoms when you object to the processing of your personal data.
12.13 Company’s legitimate business interests
If following your request the Company restricts the processing of your personal data, we will store your data, and otherwise process it only with:
12.13.1 Your consent;
12.13.2 To establish, exercise, or defend a legal claim;
12.13.3 To protect the rights of another natural or legal person; or
12.13.4 For reasons of important public interest of the European Union or a Member State. The Company will also inform you before lifting the restriction of processing.
12.14 Right to erasure
The right to erasure is also called the “right to be forgotten.” You may ask the Company to delete your personal data. This right is not absolute. The Company is required to delete your personal data upon your request only in the following circumstances:
12.14.1 Our personal data is no longer necessary for the purposes for which we collected or processed them;
12.14.2 If the Company processes your personal data on the basis of consent, you withdraw your consent, and no other legal ground exists for us to continue processing your personal data;
12.14.3 If the Company processes your personal data for its legitimate business interests, you object to the processing, and there are no overriding legitimate grounds for us to continue processing your personal data;
12.14.4 If the Company has processed your personal data unlawfully; or
12.14.5 The personal data must be erased to comply with a legal obligation under European Union or Member State law to which the Company is subject.
The Company is not required to erase your personal data to the extent that the Company needs to process them to exercise its right of freedom of expression and information, comply with a legal obligation under European Union or Member State law to which the Company is subject or to establish, exercise, or defend a legal claim.
12.15 Right to data portability
You have the right to receive personal data you provided to the Company when:
12.15.1 The processing of the data is based on your consent or is necessary for the performance of a contract between you and the Company;
12.15.2 The Company’s processing of your personal data is carried out by automated means; and
12.15.3 Complying with your request will not adversely affect the rights and freedoms of others.
If you have the right to receive such personal data and request that we provide it, the Company will provide it to you in a structured, commonly used, and machine-readable format.
12.16 Right to lodge a complaint with a supervisory authority
The Company will use its best efforts to address and settle any requests or complaints brought to its attention. In addition, you have the right to approach the competent data protection authority with requests or complaints. This can be the supervisory authority in the country or federal state where you live.
13. Intellectual Property
Nothing on this website shall be construed as conferring any licence under an intellectual property right, including any right in the nature of trademark or copyright of Evelyn Health Limited or any third party, whether by estoppel, implication, or otherwise. All trademarks and trade names are the property of their respective owners. Except as otherwise noted, the Company is the owner of all trademarks and service marks on this website, whether registered or not. All rights not expressly granted herein are reserved exclusively and entirely to the Company.
14. Questions about this Policy
If you have any questions about this Policy or our use of your personal information, please email hello@evelynhealth.com.
15. Changes to this Policy
Changes to this Policy will be posted on this site, along with information on any material changes. The Company reserves the right to update or modify this Policy at any time and without prior notice. Any modifications will apply only to the personal information we collect after the posting.
This Policy was last revised in September 2023.