HealthBlocks' Privacy Policy
Last updated: November 2024
Welcome to our App, where we want to help you to make a step towards a healthy and fit lifestyle by sharing your Personal Data with us. This means that you entrust us with your health data from connected wearables. As such, your privacy is our number one priority and therefore we have drawn up a transparent and detailed privacy policy ("Privacy Policy").
This Privacy Policy applies to all processing activities of HealthBlocks (as defined below) as the data controller, inter alia, to (i) the Website, (ii) our App and (iii) all relations between HealthBlocks and its Business Partners (i.e. promotional partners that can co-organize a health challenge on the App and/or sponsor the reward upon completion of the health challenge), Data Partners (i.e. research partners), Third Party Partner (i.e. payment partner) and Users.
Our App has a specific functionality to share your Personal Data with our Data Partners for groundbreaking research. As stipulated below we will always ask your prior explicit and specific consent to share your Personal Data with Data Partners, because we take your privacy very seriously. We believe users should also share in the value of their data, this means that you can earn a reward when you choose to share your Personal Data.
Please read this Privacy Policy together with our other supporting & legal documents, such as Cookie Policy and General Terms and Conditions B2C. HealthBlocks may update this Privacy Policy in the future: the latest version can always be found on our Website or App. You can find our previous privacy policy here.
1. About This Privacy Policy
Due to, for example, your commercial relationship or recent contact with HealthBlocks or due to a visit to or action on our “Website” (www.healthblocks.ai), we may collect, store and otherwise process personal data relating to you (“your Personal Data”).
This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.
HealthBlocks respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (iii) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).
2. HealthBlocks as Data Controller
We are HealthBlocks B.V., a private limited company, incorporated and existing under the laws of the Netherlands, with registered office at NL Duinlustweg 16, 2051 AA Overveen with NL Traderegister no. 74929984 (“HealthBlocks” or “we | us”).
HealthBlocks is the developer and provider of the HealthBlocks Application as described and represented via the Website (“App”) and the corresponding online service of HealthBlocks (“Service”) and is the owner of the Website. In the App the Users can track and manage their physical and mental health data, participate in challenges, share your health data for research purposes and earn rewards as you reach your own goals.
In light of Privacy Legislation, HealthBlocks will act as the data controller of your personal data for the purposes described in this Privacy Policy. This entails that we are in control of (and therefore responsible for) your Personal Data.
3. HealthBlocks' Processing Activities
Which personal data we collect, store and otherwise process and the purpose for which we process this data may differ depending on your relation with HealthBlocks. In particular, we identify five different scenarios:
❑ You are browsing on our Website;
❑ You (wish to) receive updates and newsletters related to HealthBlocks’ services and products;
❑ You use our App;
❑ You are seeking a commercial relationship with HealthBlocks as a Business Partner or Data Partner;
❑ You are | your company is a partner or supplier of HealthBlocks.
3.1 You are browsing on our Website
Contacting HealthBlocks via the Website
Purpose: To answer any questions you may have and/or to initiate a conversation
Personal data:
☐First name
☐Last name
☐Email address
☐Nature of inquiry
☐Voluntarily provided information
Legal ground: Consent
Retention period: Until one (1) year following your contact with HealthBlocks
Registering for waiting list of new App release
Purpose:To secure your spot on the waiting list for the release of the new version of the App
Personal data:
☐First name
☐Last name (voluntary)
☐Email address
☐Continental location
☐Personal interest in the App
Legal ground: Consent
Retention period: Until one (1) year following your contact with HealthBlocks
Registering for the Official HealthBlocks Community
To communicate with other Users you can download the Telegram application. Telegram will ask your Personal Data, such as your first name, last name, username, telephone number, email address, profile picture (voluntary) and birthday (voluntary)). These Personal Data will not be processed by HealthBlocks and will be exclusively controlled and processed by Telegram. More information on the processing of your Personal Data can be found here.
Cookies
When browsing on our Website and App, we may also collect your Personal Data through cookies stored on your device(s) in order to optimize the functioning of the Website and App. Please read this Privacy Policy in conjunction with HealthBlocks’ Cookie Policy.
3.2 You (wish to) receive newsletters and updates related to HealthBlocks' services and products
HealthBlocks’ newsletter | update
Purpose: Providing more information on (new features of) the HealthBlocks App, our Service or related products/services
Personal data:
☐ Email address
Legal ground: Consent
Retention period: Until you have objected to the processing of your personal data for this purpose (cfr. Section 8 - “Right to object”)
3.3 You use our App
Creating an Account in the App
Purpose: Create an Account in the App to participate in health challenges
Personal data:
☐Email address
☐Country
☐City
☐Postal code
☐Birth month and year
☐Health data through wearables and/ or smartphone (*)
☐Login/username
☐Language
☐Gender
☐Body height
☐Weight
Legal ground: Consent
Retention period: Until one (1) following the termination of the commercial relationship between the User and HealthBlocks
Participating in health challenges
Purpose: The User can subscribe to health challenges which are published in the App on a regular basis and pay an entry fee for participation, when completed the User will be granted a reward
Personal data:
☐Email address
☐Country
☐City
☐Postal code
☐Birth month and year
☐Health data through wearables and/ or smartphone (*)
☐Login/username
☐Password
☐Language
☐Gender
☐Body height
☐Weight
Legal ground: Consent
Retention period: Until two (2) years after participating in a health challenges
(*) The User chooses which health data is shared with HealthBlocks and which third party channels are integrated to the App by connecting your wearables and/or smart phone (e.g. Strava, Garmin, Polar, etc.).
Payments
Our third party partner, Online Payment Platform (OPP), handling all matters relating to payments of the Entry Fees and payout of Rewards to Users. These Personal Data will not be processed by HealthBlocks and will be exclusively processed by OPP. More information on the processing of your Personal Data can be found here.
(Technical) support
Purpose:To enable communication with & to provide support to Users via support@healthblocks.ai
Personal data:
☐First name (if voluntary provided)
☐Last name (if voluntary provided)
☐ Email address
☐Telephone number
☐Language
☐Voluntarily provided information
Legal ground: Necessary for the performance of the agreement
Retention period: Until one (1) following the termination of the commercial relationship between the User and HealthBlocks
Data analysis by Data Partners
Purpose:Data Partners might temporary access and analyse your encrypted Personal Data for research purposes
Personal data:
☐Country
☐City
☐Postal code
☐Gender
☐Date of birth (month & year)
☐Body height
☐Weight
☐Health data in the App (*)
☐Additional information upon request of Data Partner
Legal ground: Consent
Retention period: Until you have objected to the processing of your personal data for this purpose (cfr. Section 8 - “Right to object”)
(*) If the Data Partners requests to access the health data for a new research project, the User can give explicit and specific consent to share health data that is processed in the App with Data Partners.
3.4 You are Seeking a Commercial Relationship with HealthBlocks as Business Partner or Data Partner
General communication with HealthBlocks
Purpose: If you are interested to become a Business Partner or Data Partner, HealthBlocks can provide more information on its Service and the App
Personal data:
☐First name
☐Last Name
☐Email address
☐Company/organization
☐Role/position
☐Voluntarily provided information
Legal basis: Consent
Retention period: Until two (2) years following your contact with HealthBlocks
3.5 You are | Your Company is a Partner or Supplier of HealthBlocks
General communication and providing of services
Purpose: To communicate with you in the scope of our commercial relationship
Personal data:
☐First name
☐Last name
☐Email address
☐Telephone number
☐Company/organization
☐Role/position
☐ Voluntarily provided information
Legal ground: Necessary for the performance of the agreement
Retention period: For the duration of your commercial relationship with HealthBlocks and in any event accordance with any (data processing) agreements concluded with HealthBlocks
Billing
Purpose: To pay your invoices for the services provided (incl. corresponding communication)
Personal data:
☐First name
☐Last name
☐Email address
☐Telephone number
☐Address
☐Company/organization
☐Role/position
☐Bank account number (IBAN)
☐VAT number
Legal ground: Necessary for the performance of the agreement
Retention period: For the duration of your commercial relationship with HealthBlocks and in any event accordance with any (data processing) agreements concluded with HealthBlocks
4. Legal Grounds for Processing
You can find more information on the applicable ground for each of the identified processing activities in Section 3 above.
In case the legal ground for processing happens to be legitimate interest, HealthBlocks shall always (i) assess whether this is in proportion with the purpose for which your Personal Data was collected and used; and, (ii) take your reasonable expectations into account and ensure a balance with your fundamental rights and freedoms. If we cannot guarantee this, we will stop storing / using your Personal Data or we will determine a new legal ground.
5. Retention Period
You can find more information on the retention period of your Personal Data for each of the identified processing activities in Section 3 above.
We do not process your Personal Data any longer than is necessary for the purposes set forth in this Privacy Policy. We do store your Personal Data as long as your account is active or when the processing of your Personal Data is necessary to allow you to make use of our App. If you want to receive a more detailed description of our different data retention periods, you can always contact info@healthblocks.ai.
6. Sharing of Personal Data to Third Parties
HealthBlocks shall not disclose your Personal Data to other third parties, unless it is necessary to achieve the purposes described in this Privacy Policy. In this respect, (some of) your Personal Data may be disclosed to Data Partners, software (cloud) providers, cloud partners, payment partners and other suppliers (“Sub-processors”):
Data Partners
Businesses, institutions or entities who might temporary access and analyse your encrypted Personal Data upon request and after your explicit and specific consent for new and groundbreaking research;
Third Party Partner
Our payment partner to process payments in our App;
Software and cloud providers
To facilitate hosting of (the Personal data in the App and services;
Other suppliers
Of course we have made sure that the necessary agreements or similar legal binding acts are in place to ensure that these third parties treat your personal data in accordance with the Privacy Legislation (e.g. Article 28 GDPR).
Healthblocks collaborates also with Business Partners for promotional reasons to co-organise a health challenge on the App and/or sponsor the reward that might be won upon completion of the health challenge, such as a discount code to purchase products and/or services from the Business Partner. Healthblocks shall not transfer or share your Personal Data with our Business Partners.
In addition, HealthBlocks may disclose your Personal Data:
- To the competent authorities: for instance (i) if HealthBlocks is obliged to do so under the law or under legal or future legal proceedings, and (ii) to safeguard and defend our rights;
- In M&A context: meaning, if HealthBlocks or the majority of its assets, is taken over by a third party, in which case your Personal Data – which HealthBlocks has collected – may be one of the transferred assets.
HealthBlocks shall not transfer, sell, hire out or pass on your Personal Data to third parties for purposes outside the purposes listed in this Privacy Policy, such as, but not limited to marketing purposes, except when it (i) has obtained your permission to this end and (ii) has completed a data processing agreement with the third party in question, which contains the necessary guarantees regarding confidentiality and privacy compliance of your Personal Data.
7. Transfers of Personal Data to Third Countries
In case any of the above mentioned Sub-processors or other recipients are located in a country outside the European Economic Area, HealthBlocks will ensure that one or more of the listed EU-approved safeguards are in place:
- European Commission adequacy decision;
- Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
- Binding corporate rules; or,
- Certification mechanisms.
Every transfer to a third country, not recognized by an adequacy decision, is subject to an assessment by HealthBlocks to determine if there is anything in the law and/or practices in force of said third country that may infringe on the effectiveness of the appropriate safeguards in place (as identified above).
Where required on the basis of aforementioned assessment, HealthBlocks shall identify and implement appropriate supplementary measures to govern any data transfer to such international organization or a third country without an adequacy decision to ensure the level of data protection as required by EU law.
Furthermore, HealthBlocks shall take all reasonable efforts to implement sufficient guarantees and measures to protect the Personal Data and ensure the effectiveness of the protection of the SCC’s, binding corporate rules and/or certification mechanisms.
8. Your Privacy Rights
The Privacy Legislation (e.g. GDPR) grants certain rights over your Personal Data in relation to HealthBlocks. You can exercise these rights by contacting us at info@healthblocks.ai. In light of the processing of your Personal Data, you enjoy the following privacy rights:
Access: you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your Personal Data in structured and commonly used, machine-readable format;
Rectification: you can ask us to correct | complete any information you believe is inaccurate | incomplete;
Erasure: you can ask us to erase your Personal Data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided;
Objection: you can object to us processing your Personal Data, without any justification and/or the transmission of your Personal Data to third parties;
Restriction of processing: you can ask us to restrict the processing of your Personal Data, unless we have legitimate interests for the processing of your Personal Data that prevail over your interests;
Data portability: you can ask us to transfer your Personal Data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions.
Updates | Newsletters: If you no longer wish to receive any of our communications, you can object to these direct marketing communications by contacting us via email at info@healthblocks.ai. Upon receipt of your objection, we will stop processing your Personal Data for HealthBlocks’ communications.
9. Security of Personal Data
The security and safety of your Personal Data is HealthBlocks’ top priority. HealthBlocks implements a variety of technical, administrative and physical security measures designed to protect your Personal Data from (i) unauthorized access or disclosure and (ii) loss, abuse or alteration. However, HealthBlocks is not in a position to guarantee absolute security.
The security of your account will also partly depend on the confidentiality and complexity of your password. You may not disclose to or share with any third parties your account. HealthBlocks therefore strongly advises you, if you observe that someone has accessed your account or if your account has the risks being hacked, to immediately change your password and contact us at info@healthblocks.ai.
HealthBlocks uses its best efforts to protect the confidentiality and security of your Personal Data. In case of violation of your Personal Data, HealthBlocks undertakes to notify the Data Protection Authority without delay and, if possible, not later than 72 hours after becoming aware of such violation.
HealthBlocks shall in no event be liable for any direct or indirect damages that result from a wrong or illegal handling by third parties.
10. Updates
We reserve the right to modify this Privacy Policy at any time. Any changes to the Privacy Policy will be published on the App and on the Website. In case of significant changes to the Privacy Policy that results in HealthBlocks using your Personal Data in a manner materially different from that stated at the time of the collection, we will provide you with a notice on the App and/or send you an email notification.
11. Notifications and Questions
Notifications under this Privacy Policy (such as exercising your data subject rights) and/or questions or complaints about the implementation of this Privacy Policy should be directed at info@healthblocks.ai.
12. Complaints
You are not satisfied with the manner in which we collect, store or otherwise treat or secure your Personal Data? We are sorry to hear that, and are prepared to take all measures to remedy this situation. Please do contact us as specified above.
You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Dutch Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your Personal Data infringes the Privacy Legislation. You can send an email to the Dutch Data Protection Authority at privacy@autoriteitpersoonsgegevens.nl or any other email address provided by the Dutch Data Protection Authority (https://www.autoriteitpersoonsgegevens.nl/en/contact).
13. Relevant links to related documents
You can consult our Cookie Policy here. You can consult our General Terms and Conditions B2C here.