Privacy Policy

Last updated: 6th Jun 2024 | v1.0.0

Kera Health Platforms Inc. and its affiliates ("Kera Health", "we", "us" or "our") respects the privacy of our users ("user", "you", or "your"). This Privacy Policy explains how we collect, use, disclose, transfer and store your information when you visit our website or use any of our mobile or web applications (collectively, the "Services").

Information We Collect

Information you provide: We collect information you provide to us directly when using or registering for our Services. This includes identifying information, like your name, email address, telephone number, postal address, date of birth, as well as password and login credentials. It also includes other content you directly provide through our Services like profile information and messages.

Information we collect automatically: We automatically collect information generated through your use of our Services. This includes device identifiers and information related to how you access our Services like browser type, operating system, Internet Protocol (IP) address, the web page visited before coming to our website and analytics about your interactions and usage of our Services. Geolocation Information: We may collect information about your approximate location as determined through data such as your IP address to offer you an improved user experience. Such location data is collected with your consent in accordance with applicable law. Information from Cookies & other Tracking Technologies: We utilize "cookies" and other tracking technologies to collect information about visitors' behavior and interaction with our Services. This allows us to detect user trends and patterns to enhance user experience. You can disable cookies through your browser settings, but it may affect your ability to use our Services. Information we receive from third party sources: We protect data obtained from third parties according to the practices described in this policy and per our obligations under applicable law. This includes data from third party service providers and publicly available sources.

How We Use Information

We process your information only for specific, legitimate purposes outlined in this policy. This processing is either based on i) your consent ii) as necessary to provide our Services iii) as compliant with legal obligations or our legitimate interests in running our business. In Summary, information is used to:

  1. Provide, operate, optimize and maintain our Services.
  2. Send you technical notices, security alerts, updates, and assistance with issues relating to our Services.
  3. To respond to your customer support inquiries and requests for information.
  4. Interact and communicate with you via our Services.
  5. Send you marketing communications, newsletters, promotional materials or content.
  6. Personalize content and experiences in our Services to suit your preferences.
  7. Collect payment from you for products or services.
  8. Conduct internal operations, diagnose technical issues, conduct analytics for fraud detection and abuse prevention.
  9. Comply with legal obligations and assertions of legal rights in connection with users.
  10. Contact you to resolve disputes or investigate suspicious activity.

Who will use my data?
Your data will be used by Kera Health Platforms Inc. and its affiliates for the purposes outlined in the "How We Use Information" section of the privacy policy. This includes providing and maintaining our Services, communicating with you, personalizing your experience, and conducting internal operations.

What will my data be used for?
Your data will be used to provide, operate, optimize and maintain our Services, send you technical notices and updates, respond to your inquiries, communicate with you, send you marketing communications (with your consent), personalize your experience, collect payments, conduct internal operations, comply with legal obligations, and investigate suspicious activity.

What will happen if I contact you?
If you contact us, we will use the information you provide to respond to your inquiries, provide customer support, and resolve any issues or disputes. Your contact information will be stored and used for communication purposes related to your inquiries and our Services.

What data will be stored?
We will store the information you provide directly, such as your name, email address, telephone number, postal address, date of birth, and login credentials. We will also store information collected automatically through your use of our Services, such as device identifiers, IP address, browser type, operating system, and analytics data.

What data will be shared?
We do not sell or disclose your personal information to third parties, except as described in the privacy policy. We may share your data with vendors and service providers who assist us in operating our business and providing our Services. We may also share your information with legal and regulatory authorities when required by law or to protect our rights and interests.

How long will my data be retained?
We retain your personal information only for as long as necessary for legal, regulatory, and legitimate business purposes. Generally, this is for 5 years from your last interaction with your account.

Who can access my data?
Your data can be accessed by Kera Health Platforms Inc., its affiliates, and authorized personnel who need the information to perform their duties. We may also share your data with vendors and service providers who assist us in operating our business and providing our Services, as well as legal and regulatory authorities when required by law.

How is my data kept secure?
We are committed to protecting your information using commercially and technically feasible physical, administrative, and procedural safeguards. This includes measures such as encryption, access controls, and regular security assessments. However, no method of electronic storage or transmission over the internet is completely secure, and we cannot guarantee absolute protection against unauthorized access.

Sharing Your Information

Except as described in this policy, we do not sell or otherwise disclose personal information we collect to third parties. We do not share any personal information with unaffiliated third parties without your consent. We share user information with:

  1. Vendors and service providers in order to operate our business, Services and fulfill your requests. This includes cloud storage providers, payment processors and those offering technical infrastructure, customer services software, etc.
  2. Legal and regulatory authorities upon valid information request supported by warrant or court order.
  3. Law enforcement agencies to protect Kera Health, its affiliates, users or the general public including to stop suspected illegal activity or to prevent harm or financial/reputational loss.

Data Security & Retention

We are committed to protecting your information using all commercially and technically feasible physical, administrative and procedural safeguards to reduce the risks of damage, loss of information and unauthorized access, use or modification. However, no method of electronic storage or transmission over the internet is completely secure. We cannot guarantee absolute protection against unauthorized attempts to access user information. We retain your personal information only for as long as necessary for legal, regulatory and legitimate business purposes. Generally this is for 5 years from your last interaction with your account.

Data Storage and Processing

We take the security and privacy of your personal data seriously. This section explains how we store and process the data we collect.

Data Storage
We store your personal data on secure servers located in, US-East, US-West, EU-West, & Africa-South. We use a combination of physical, technical, and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments.

Data Processing
We process your personal data in compliance with the GDPR and other applicable data protection laws. The processing of your data is based on one or more of the following legal bases:

  1. Consent: We may process your data if you have given us your explicit consent to do so for a specific purpose.
  2. Performance of a Contract: We may process your data when it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  3. Legal Obligation: We may process your data when it is necessary for compliance with a legal obligation to which we are subject.
  4. Legitimate Interests: We may process your data when it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The specific retention period depends on the type of data and the purpose for which it was collected. After the retention period expires, we securely delete or anonymize your personal data.

International Data Transfers
In some cases, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses approved by the European Commission or the Privacy Shield framework for transfers to the United States.

Automated Decision-Making
We do not use your personal data for automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.

If you have any questions or concerns about how we store and process your personal data, please contact our Data Protection Officer using the contact information provided in this privacy policy.

Data Controller and Processor

Under the GDPR, a controller is the entity that determines the purposes and means of processing personal data, while a processor is an entity that processes personal data on behalf of the controller.

Our Role as a Controller
In most cases, Kera Health Platforms Inc. acts as a data controller for the personal data we collect and process. This means that we determine the purposes and means of processing your personal data, and we are responsible for ensuring that the processing complies with the GDPR and other applicable data protection laws.

As a data controller, we have the following obligations:

  1. Implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data.
  2. Provide data subjects with information about the processing of their personal data, including their rights under the GDPR.
  3. Respond to data subject requests, such as requests for access, rectification, erasure, or data portability.
  4. Ensure that personal data is only processed for the specific purposes for which it was collected.
  5. Notify the relevant supervisory authority and affected data subjects in the event of a data breach, where required.
  6. Conduct data protection impact assessments (DPIAs) for high-risk processing activities.
  7. Appoint a Data Protection Officer (DPO) when required by the GDPR.

Our Role as a Processor
In some cases, Kera Health Platforms Inc. may act as a data processor on behalf of another entity that acts as the data controller. When we act as a processor, we process personal data in accordance with the instructions of the data controller.

As a data processor, we have the following obligations:

  1. Process personal data only on the documented instructions of the controller.
  2. Ensure that persons authorized to process personal data are subject to confidentiality obligations.
  3. Implement appropriate technical and organizational measures to ensure the security of personal data.
  4. Assist the controller in responding to data subject requests and in ensuring compliance with the controller's obligations under the GDPR.
  5. Delete or return all personal data to the controller at the end of the provision of services.
  6. Make available to the controller all information necessary to demonstrate compliance with the GDPR and allow for audits by the controller or a third party.

Regardless of our role as a controller or processor, we are committed to protecting your personal data and complying with the GDPR and other applicable data protection laws. If you have any questions about our role or obligations, please contact our Data Protection Officer using the contact information provided in this privacy policy.

Data Subject Rights

Under the General Data Protection Regulation (GDPR), you have certain rights regarding your personal data. These rights include:

  1. Right of Access. You have the right to request access to your personal data that we hold. This includes the right to obtain confirmation that we are processing your data, and the right to receive a copy of the personal data we have about you.
  2. Right of Rectification. You have the right to request the correction of inaccurate personal data that we hold about you. You also have the right to request the completion of incomplete personal data.
  3. Right to Erasure (Right to be Forgotten). In certain circumstances, you have the right to request the erasure of your personal data. This applies when the data is no longer necessary for the purposes for which it was collected, when you withdraw your consent (if the processing was based on consent), or when the data has been unlawfully processed.
  4. Right to Restriction of Processing. You have the right to request the restriction of processing your personal data. This applies when you contest the accuracy of the data, when the processing is unlawful, when we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or when you have objected to the processing and we are verifying whether our legitimate grounds override yours.
  5. Right to Object to Processing. You have the right to object to the processing of your personal data, including for direct marketing purposes. When you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
    6. Right to Data Portability. You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data directly to another controller, where technically feasible.
To exercise any of these rights, please contact our Data Protection Officer using the contact information provided in the privacy policy. We will respond to your request within one month, or within three months if the request is complex or if we have received a large number of requests.
Please note that these rights are not absolute and may be subject to certain conditions and limitations as specified in the GDPR. In some cases, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

Cookie Policy

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to access and store information. The technologies we use can be broken down into the following categories:

  1. Strictly Necessary: Essential for core functionality like security, network management, accessibility, etc.
  2. Performance: Analytics to understand user interaction with Services.
  3. Functionality: Enable services and save functional preferences like language settings.
  4. Targeting: Used to show you more relevant content and advertisements.
Most web browsers allow you to disable cookies and/or delete them from your hard drive. Note that this may degrade Services functionality. Our Services also utilize Google Analytics 360 which employs cookies to measure user interaction. The collection of information via cookies subject to Google Analytics terms:http://www.google.com/analytics/terms/us.html and Google's privacy policies: http://www.google.com/policies/privacy/ . Users may opt out of Google Analytics data collection with the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout

Children's Privacy

We do not knowingly collect any personal data from children (under the age of 18). If we determine that a user is under 18, we will deactivate the account immediately.

Contact Information

If you have any queries, concerns or complaints, Contact our Data Protection Officer (DPO) at:

Kera Health Platforms Inc.

Name: Vangelis Oden

Email: tech@kera.health

US Phone Number +1 (267) 894-2743

Senegal Phone Number +221 (764) 956-487

Address:
1007 N Orange St.
4th Floor, 1129.
Wilmington, DE 19801, USA.

UK Representative

Company Name: GDPR Local Ltd

Name: Adam Brogden

Email: contact@gdprlocal.com

Tel: +441 772 217 800

Reporting Link: https://kerahealthplatformsinc.gdprlocal.com/uk

UK Address:
GDPR Local Ltd
1st Floor Front Suite 27-29 North Street,
Brighton, England BN1 1EB.

EU - Ireland Representative

Company Name: Instant EU GDPR Representative Ltd

Name: Adam Brogden

Email: contact@gdprlocal.com

Tel: +353 15 549 700

Reporting Link: https://kerahealthplatformsinc.gdprlocal.com/eu

EU Dublin Address:
INSTANT EU GDPR REPRESENTATIVE LIMITED Office 2
12A Lower Main Street, Lucan Co.
Dublin K78 X5P8 Ireland

Changes to this Privacy Policy

We may update this Privacy Policy at any time to reflect changes in data processing practices. We will appropriately notify users of any material changes to this policy, so we encourage you check it periodically. Your continued use of our Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.