Website Privacy Policy

Upheal, Inc, a Delaware company (hereinafter: “Upheal”, “us”, ) is the Data Controller of the personal information processed when you visit our website and interact with us.

We care about your privacy and have appointed a Data Protection Officer (“DPO”) available at legal@upheal.io.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may need to be updated or maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

What personal information do we collect?

Our website is an important communication tool for us. Here we communicate news and information about our products to the public.

When you visit our website, we collect the following informations about you:

Data category

Data items

Identification data

Name

Email address

Contact details

IP Address

Device ID

Employment information

Qualification

Role

Place of work

Other data

Content of the messages you may send to our email address

Usage data

Session date and time, log data, and the cookies found in our Cookie Policy here: https://www.upheal.io/privacy-and-compliance/website-cookie-policy .

Why do we use your data?

Personal information is used on our website for the following purposes:

Purpose

Data category

Legal basic

Are you obliged to provide the data?

How long do you hold your data?

Provide you with a functioning website (allowing access and browsing the website)

Identification data (IP address)

Performance of the contract - art. 6(1)(b) GDPR

Yes. IP addresses are automatically collected the moment users request to access our website.

Duration of the session

Communicate with you (Join the waitlist, taking steps at your request, answering to your questions)

Identification data, content of the messages, employment information

Performance of the contract/ art. 6(1)(b) GDPR

No. However, failure to provide such data will result in our inability to communicate with you.

For the time needed to answer and, in any case, for no more than 3 months

Understanding and providing a personalised experience

Previous page, marketing campaign details

For website visitors outside the US: The basis of consent - art. 6(1)(a) GDPR

For website visitors in the US: no “legal basis” needs to be shown for processing by default.

For website visitors outside the US: No. Analytical data for a personalized experience are only tracked with your consent through a cookie banner when you first visit our website. You may change your preference at any time.

‍For website visitors in the US: No. When visiting the website from the US, we will automatically track information on metrics such as the number of visitors, bounce rate, and traffic source. However, you may opt-out at any time and still access the website .

Duration of the contract.

Other purposes

Safety and Security

If necessary, we may use your personal information to ensure the safety and security of our Services and our users. We may use your personal information to monitor operations, authenticate users, detect and protect against fraud and other criminal activity and enforce our Terms of Use and other policies. We will rely on our legitimate interests when processing personal information in detecting and preventing fraud and illegal conduct or if necessary for complying with a legal obligation to which we are subject.

Manage and Defend Legal Claims

If necessary, we may use your personal information to manage and defend legal claims (e.g. in connection with a dispute or a court proceeding). We will in such a case process the personal information collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your personal information is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim.

Fulfill Legal Obligations

Finally, we may use your personal information to fulfill legal obligations that we have (e.g. accounting requirements or obligations under data protection laws). We will in such a case process the personal information collected which is necessary in order to fulfill the legal obligation in question. Your personal information is stored for such a period as is necessary in order to fulfill respective legal obligations.

Cookies

Our website uses cookies. For more information, check our Website Cookie Policy.

To whom do we disclose your data?

We disclose or share your personal information with third parties only in the ways described as follows:

In certain situations, we may be required to disclose your data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your information (i) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (ii) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceedings, (iii) as otherwise required or permitted under any applicable law, rule, or regulation, (iv) in good faith, to protect or defend the rights or property of Upheal and other users, and (e) if Upheal is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our site of any change in ownership or uses of your information, as well as any choices you may have regarding your information;
We use third-party service providers to provide certain data processing services for us (acting as our authorized data processors) with whom we have appropriate agreements in place. When acting as our authorized data processors, they are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations.

International transfers of data

Most of our team is based in the EU and some of our suppliers (IT services, hosting provider) operate in the US. Therefore, it is possible that your data will be processed outside of your country/region. In this case, we inform you that the data transfer will take place only in the presence of adequate safeguards provided for by the applicable law. In particular, for transfers from the EU and the UK, where an Adequacy Decision is not applicable, we rely on the Standard Contractual Clauses provided by the European Commission (art. 46 GDPR). For further information about the data transfer you can contact Us at the email address indicated below.

How do we support you in dealing with data subject rights?

We inform you that you have the right to access and request amendment to your data.
You can obtain the erasure of your personal information under certain circumstances. You also have the right to restrict the processing of your personal information.
Moreover, you can receive a copy of your personal information or ask Upheal to transmit that data to another controller, where technically feasible.
You can lodge a complaint with the supervisory authority of your country in case you think that your rights have been breached.
You have also the right to object to the use of your personal information
You have the right to object to the use of your personal information based on our legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal information, unless we can show that the interest overrides your privacy interest.‍
If you wish to exercise one of these rights, you can contact us at legal@upheal.io.

Special notice to California residents - Disclosure of personal information

Upheal does not share your personal information with “third parties'' as defined under the CCPA for different purposes other than the ones previously described.

We do not sell your personal information, including personal information of California consumers under the age of 18.

Your Privacy rights

Under CCPA, you have the following rights:

You have the right to request that we disclose to you the personal information we have collected, used, disclosed or sold about you in the previous twelve (12) months. You can also request a copy of the personal information we have collected on you over the past twelve (12) months.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

You can contact us at privacy@upheal.io to exercise your rights.

Compliance with other privacy laws

As our Company is based in the United States, we also comply with additional health and privacy laws. If you wish to know more about how Upheal complies with other applicable State and Territory privacy and health data protection laws click here.‍

Products and services specific information

If you wish to know more about the processing of your personal and sensitive data within our services, please contact legal@upheal.io.

Changes to the privacy policy and our duty to inform you of changes

‍We keep our privacy policy under regular review and may modify and revise it occasionally. Any information we collect is subject to the privacy policy in effect at the time such information is collected.

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email. Therefore, we encourage you to review it from time to time to stay informed of how we process your data.

Contact us

For further information about our Privacy Policy or practices you can contact us using the details set out below:

Upheal, Inc.

651 North Broad Street,

Middletown Delaware

19709

legal@upheal.io