What information do we collect?
We collect certain information you provide to us when using Hexabits, such as when you create an account and profile, send us an email, or post information or other content to Hexabits. We collect certain personal information, like your name, picture, email address and phone number, as well as certain non-identifying information like your gender, birthday and postcode. We will also collect the contact information of your friends if you choose to connect your contacts and address book information with Hexabits, and your login credentials to your social network accounts, such as Facebook, Twitter, and Google, if you choose to connect those accounts with your Hexabits account.
We also automatically collect certain information when you use Hexabits, such as your location/GPS coordinates (if you enable this feature), a device identifier (but not the UDID), MAC address, Internet Protocol (IP) address (if using a browser), operating system, the browser type, the address of a referring site, and your activity on Hexabits. You can enable or disable location services when you use Hexabits at any time, through your mobile device settings. This information is not treated as personal information unless we combine it with or link it to any of the personal identifiable information mentioned above.
We may also automatically collect certain information through the use of “cookies”. These are small files that your browser places on your computer. We may use both session cookies and persistent cookies to better understand how you interact with our services, to monitor aggregate usage by our users and web traffic routing on our services, and to improve our services. Most internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.
1. Purpose of this Policy
Hexabits provides you (the “User”) with access to the online and mobile services including but not limited to, www.hexabits.pk and all associated subdomains (the “Website”), the Hexabits mobile application (the “App”), and any provided healthcare tracking technology, collectively the “System”.
We may collect and process information provided by filling in forms on the Website or App, including information provided during the completion of surveys and other online tools, posting comments in the Community or requesting further services, and when you report a problem with our System. If you contact us, we may also keep a record of that correspondence.
Throughout your use of the System we may collect and process information such as: personal information (name, postcode, email, phone number) and other profile information and details of your visits to the System and the resources that you access (including, but not limited to, traffic data, location data, weblogs, other communication data, and the resources that you access).
The information described in this Policy that is collected through either the System, Apple HealthKit / Google Fit, or your electronic patient record is known as “personal data”.
But don’t worry, we are required by law to maintain the privacy of your personal data and to provide you with this notice of our legal duties and privacy practices with respect to your personal data. When we use or disclose your personal data, we are required to abide by the terms of this Policy (or other Policy in effect at the time of the use or disclosure).
2. IP addresses and cookies
We may collect information about your device, including where available your IP address, operating system, browser type and screen size for use in system administration, to tailor your experience of the System, provide you with customer support and to report aggregate information internally.
For the same reason, we may obtain information about your usage of the System by using a cookie file which is stored on the hard drive of your device. Cookies help us to give you smooth user experience, improve the System and deliver a better and more personalized service. They enable us: To recognize you when you return to our site. To maintain data you have entered e.g. during the completion of a survey. To speed up your searches. To estimate our audience size and usage pattern. To store information about your preferences, and so allow us to customize our site according to your individual interests.
Both Hexabits and third-party vendors, including Google, may use first-party cookies (such as the Google Analytics cookie) to inform, optimize, and serve ads based on your past visits to the Website on sites across the Internet (also known as ‘remarketing’). If you would like to opt-out of this you can do so via your Google Ads Preferences Manager.
3. The Use and Disclosure of Personal Data
Hexabits is dedicated to maintaining the privacy and integrity of your personal data. As such, we have policies and procedures and other safeguards to help protect your personal data from improper use and disclosure.
We follow a Minimum Necessary Access Policy so any required disclosure of your identifiable information is minimized. The following categories describe different ways that we use your personal data within Hexabits and disclose your personal data to persons and entities outside of Hexabits. We have not listed every use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some uses and disclosures that may require your specific authorization.
How much personal data is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure.
- Disclosure at your request: We may disclose information relating to your use of the System when requested by you. This disclosure at your request may require written authorization by you.
- Payment: We fully comply with all applicable Data Protection in place, and protect the security of your personal data with Secure Sockets Layer (SSL) encryption.
- Operations: We may use and disclose your personal data for our internal operations, which include administration, planning and various activities that assess and improve the quality and cost-effectiveness of the service that we deliver to you. Examples are using information about you to improve the quality of the service, satisfaction surveys, de-identifying personal data, customer services, and internal training.
- Reminders and notifications: We may use and disclose your personal data to contact you as a reminder to interact with, or complete tasks relating to your use of the System.
- Third-party service providers: The System uses FullStory, Google Analytics, and Mixpanel: these are third-party services that allow Hexabits to collect information from you concerning your use of the System, including but not limited to pages visited, links clicked, non-sensitive text entered, mouse movements, and usage of our iPhone and Android apps. These services are used to help Hexabits enhance or improve the user experience on this website and to perform any other function that Hexabits reasonably believe in good faith is required to protect and ensure the proper functionality and security of this website. The data provided for these services is non-identifiable and anonymized.
- Threat to health or safety: We may use and disclose your personal data when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
- As required by law: Certain laws permit or require certain uses and disclosures of personal data for example, for public health activities, health oversight activities and law enforcement. In these instances, Hexabits will only use or disclose your personal data to the extent the law requires.
- For research and publicity purposes: We may use personal data for internal and external research and publicity purposes. This may include publishing aggregate, anonymous information about our users in the context of providing public information and conducting academic research.
- Transfer of business assets: If Hexabits or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets.
4. Where we store your personal data
All information and data you provide to us is stored on secure servers with trusted 3rd party suppliers, Amazon Web Services (‘AWS’) or Linode within the European Economic Area (‘EEA’). These services comply with EU Data Protection Directive (‘Directive 95/46/EC’), which sets out several data protection requirements, which apply when personal data is being processed. AWS and Linode are industry leaders in the provision of hosting services and take security very seriously – you can find out more about their security policies and processes on their websites.
All passwords are stored in encrypted form and all traffic is transmitted securely via SSL by default. However, it may be possible that your anonymized data is transferred to, and stored at, a destination outside the EEA – such as Google Analytics. By submitting your personal data, you agree to this transfer, storing or processing.
Unfortunately, despite these measures, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the System, and any transmission is at your own risk. Once we have received your personal data, we will use strict procedures to try to prevent unauthorized access in accordance with our Company data protection policy and code of practice.
5. Your rights regarding your personal data
You have certain rights with respect to your personal data. If we do not agree to a request by you with respect to your personal data, please consult the Hexabits Privacy and Security Officer whose contact information is below.
- Restrictions: You have the right to request in writing that we do not disclose certain information about you. To request a restriction, please contact the Privacy and Security Officer whose contact information is below.
- Confidential Communications: You have the right to request in writing that we restrict the way in which we communicate information regarding your health and health care services, such as ceasing to send email or SMS messages to notify or remind you about aspects of the System or your progress through the Hexabits program. We will make every effort to accommodate your request.
- Access: You have the right to inspect and copy your personal data maintained by us. Normally, we will provide you with access within 21 days of your request.
- Deletion: You have the right to ask that we delete all information that the System has collected on you via email to the Hexabits privacy and Security whose contact information is below.
- Amendment: You have the right to request that we amend your written personal data. For instance, you can request that we correct an incorrect date of birth in your records. We will generally amend your personal data within 60 days of your request and will notify you when we have amended your personal data. We can deny your request in certain circumstances, such as when we believe that your personal data is accurate and complete.
- Accounting: You have the right to request an accounting from us of certain disclosures made by us. We will generally provide you with your accounting within 60 days of your request. In addition, we will notify you as required by law if there has been a breach of the security of your personal data.
6. Data Retention
As per the ICO’s ‘Principle 5’, we retain personal data no longer than is necessary for the purpose we obtained it for. With the context that your personal data may be used for research purposes (as covered in section 3), Hexabits will retain any information held on an individual for up to 10 years after that individual has ceased use of the System. At that point, the individual’s information will be deleted. As covered in section 5, you may request that we delete your data at any time.
7. Concerns or complaints
If you believe that any of your rights with respect to your personal data has been violated by us, our employees or agents, please communicate with the Hexabits Privacy and Security Officer at [email protected]
8. Hexabits App’s
As a user of the Hexabits app please find below details as to how we as a company will be handling your data to comply with the new General Data Protection Regulation (GDPR) laws that came into effect on May 25th, 2018.
How we use your data:
The personal data we collect about you will include data relating to your name, postcode, email address, mobile number, photo, gender and birthday.
We will only use your data for the purpose for which it was collected. We do not share your data with any other third party.
If you have any questions please contact [email protected]
How we store your data:
All data is stored on a secure server. All electronic data is password protected and only accessible by authorized individuals.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
By continuing to use our services, sites, and apps after this date, you agree to these updated terms.
If at any point you wish to stop using Hexabits and to have your data deleted please contact our Data Protection Officer,[email protected]
9. Amending this Policy
We reserve the right to revise this Policy and to make the revised Policy effective for all personal information that we created or received prior to the effective date of the revised Policy. If you are a registered user, we will notify you of changes by the email address we have for you on file.
Questions relating to revisions to this Policy may be addressed to the Privacy and Security Officer whose contact information is above. This Policy will be promptly revised if there is a material change to a policy described herein.
Effective Date: This Policy is effective as of Aug 01, 2019.