Hexiahealth Privacy and Data Protection Policies Effective date: [ 24^th July, 2024.]

Introduction

Welcome to HexiaHealth, your trusted AI-powered healthcare platform dedicated to providing personalized and innovative healthcare solutions. We inform you that all personally identifiable information you provide to us on the website Hexiahealth.co.uk (the “Website”), via email, phone call, or through the applications “Symptom Checker” or “Symptom Checker Chatbot” (the “App”) will be collected by Hexia Health Limited of The Harley Building, 77-79 New Cavendish Street, London W1W 6XB, with registration number 14816493 (hereinafter, “Hexia Health Ltd”), following the terms of this Privacy Policy and for the purposes of collecting stipulated hereinbelow.

Company Details:

Company Name: HexiaHealth

Address: The Harley Building, 77-79 New Cavendish Street, London W1W 6XB Registration Number: 14816493

Contact Email: Info@hexiahealth.com Services Offered:

HexiaHealth offers a comprehensive suite of services to meet your healthcare needs, including:

• Symptoms Checkers: Our AI-powered symptom checker helps detect health issues early, ensuring timely intervention and treatment.
• Access to Practitioners: Connect with healthcare professionals for remote consultations and expert advice.

• Patient Management: Manage chronic conditions and track your health progress through our intuitive patient management tools.
• Telemedicine Features: Utilize telemedicine features for convenient communication with healthcare providers.
• E-prescription sent to Pharmacies
• Laboratory Test
• Wellness Check

Legal Basis for Data Collection:

At HexiaHealth, we collect and process your personal information based on the following legal grounds:

• Contractual Necessity: We collect data necessary to fulfill our contractual obligations and provide you with the requested services.
• Consent: By using our platform, you consent to the collection, processing, and use of your data as described in this policy.
• Legitimate Interests: We may process your data for our legitimate business interests, such as improving our services and ensuring the security of our platform.

What This Policy Covers:

This Privacy and Data Protection Policy covers how HexiaHealth collects, uses, discloses, and protects your data when you use our healthcare app, websites, and services. Specifically, this policy addresses:

• The types of data we collect and how we use it.
• The security measures we employ to protect your data.
• How we share your data with third parties.
• Your rights and choices regarding your data.
• How to contact us with questions or concerns about your privacy.

By using HexiaHealth, you agree to the terms and conditions outlined in this Privacy and Data Protection Policy. We encourage you to review this policy regularly for updates and changes.

Data Collection and Storage

At HexiaHealth, we collect and hold various types of data to provide our healthcare services effectively. It is important to note that all client personal data collected must be accurate, and users confirming they are authorized to provide information about themselves or another person.

Personal Data Collection and Accuracy

HexiaHealth collects and holds various types of personal data to ensure effective provision of healthcare services, ensuring accuracy at all times. This includes:

• Identifying Information: Names, date of birth, gender, and government-issued identification numbers (e.g., driver's license, passport).
• Demographic Information: Address, postal code, and occupation.
• Contact Details: Email addresses, phone numbers, and emergency contact information.
• Health Insurance Information: Policy numbers, coverage details, and insurance provider information.

Users confirm their authorization to provide personal data about themselves or others. HexiaHealth ensures the accuracy and currency of all personal data to maintain the highest standards of data integrity and user trust.

Health and Medical Data

HexiaHealth collects comprehensive health and medical data to provide tailored healthcare services. This includes:

• Consultation Notes: Details of medical consultations, including symptoms discussed, diagnoses, treatment plans, and recommendations.
• Diagnostic Procedures: Records of diagnostic tests and procedures, such as scans (e.g., MRI, CT scans), X-rays, blood tests, and biopsies.
• Medication Records: Information about prescribed medications, dosages, frequency, and duration of use.
• Medical Imaging: Results and images from medical imaging tests, including MRI scans, X-rays, and ultrasounds.
• Treatment History: Details of past treatments, surgeries, and medical interventions.
• Medical Records: Any other relevant medical information, including allergies, chronic conditions, and family medical history.
• Wellness check

HexiaHealth ensures the confidentiality and security of all health and medical data collected, adhering to strict privacy policies and regulatory requirements.

Details of User Conversation with HexiaHealth

HexiaHealth records and retains details of user interactions with our platform, including conversations with symptom checkers, pre-diagnosis consultations, emails, calls, live chats with our support team, and video recordings. These details may include:

• Symptom Checker Conversations: Transcripts of user interactions with our symptom checker, including symptoms described, questions asked, and responses provided.
• Pre-Diagnosis Consultations: Records of consultations conducted prior to diagnosis, including discussions about medical history, symptoms, and potential diagnoses.
• Email Correspondence: Copies of emails exchanged between users and t h e HexiaHealth support team regarding medical inquiries, appointment scheduling, or other queries.
• Phone Calls: Logs of phone calls made to and from HexiaHealth's customer support team, including call recordings where permitted by law.
• Live Chats: Transcripts of live chat conversations between users and our support team, covering topics related to healthcare advice, technical support, or general inquiries.
• Video Recordings: Recordings of video consultations between users and healthcare professionals, with user consent, covering discussions about symptoms, treatment options, and medical advice.
• Wellness Check results which consist of measurement of 8 health parameters.
• Laboratory Test results records
• Prescription records and data

We are committed to protecting the privacy and confidentiality of all user communications,

adhering to strict security measures and compliance standards. Access to these records is

restricted to authorized personnel only, and we do not disclose this information to third parties without user consent, except as required by law.

Financial Data Collection and Handling

HexiaHealth handles various types of financial data in accordance with industry best practices and regulatory standards. This includes:

• Payment Details: Information related to payment transactions, such as billing addresses, invoice details, and transaction history.
• Payment Methods: Details of payment methods used, including bank account information, PayPal accounts, and other payment gateways.
• Subscription Information: Details of subscription plans, billing cycles, and renewal dates.
• Financial Transactions: Records of all financial transactions conducted through the platform, including payments, refunds, and credits.

HexiaHealth ensures the security and confidentiality of financial data by:

• Using Third-Party Payment Providers: All payment details, including credit/debit card numbers, CVV codes, and other sensitive information, are processed securely by trusted third-party payment service providers.
• No Storage of Sensitive Information: HexiaHealth does not store sensitive payment information on its servers. Instead, only transaction details are retained for record- keeping and reconciliation purposes.
• Encryption and Security Measures: Implementing encryption and other advanced security measures to protect data during transmission and storage.
• Limited Access: Restricting access to financial data to authorized personnel only, on a need-to-know basis.
• Compliance: Adhering to relevant regulations, such as PCI-DSS (Payment Card Industry Data Security Standard), to safeguard payment information.

HexiaHealth is committed to maintaining the highest standards of data security and privacy to protect our users' financial information.

Data from other sources

HexiaHealth integrates data from various sources to enhance healthcare services. We collect data from other health apps, devices, and services with user consent. This data improves service accuracy and offers personalized recommendations. HexiaHealth ensures data security, transparency, and accountability throughout the process.

Technical Information

HexiaHealth collects technical information as permitted by users' device or browser settings to enhance our healthcare services. This includes:

Device Information:

• Type of device (e.g., smartphone, tablet, computer)
• Device model
• Device ID or unique identifier
• Operating system and version

Browser Information:

• Type of browser (e.g., Chrome, Safari, Firefox)
• Browser version
• Browser settings and preferences

Network Information:

• IP address
• Internet service provider (ISP)
• Network connection type (e.g., Wi-Fi, cellular)

Location Information:

• Geographical location data based on GPS, Wi-Fi, or cellular network
• Location settings and permissions

Log Data:

• Date and time of access
• Pages visited on our website or app
• Time spent on each page
• Clickstream data (i.e., links clicked)

Cookies and Similar Technologies:

• Cookies stored on users' devices
• Web beacons, tags, and tracking pixels

HexiaHealth collects this technical information to:

• Improve website and app performance
• Customize user experiences
• Analyze trends and usage patterns
• Provide targeted advertising based on users' interests and preferences
• Ensure security and prevent fraud

We respect users' privacy preferences and provide options to manage cookie settings and location permissions. Users have the right to opt-out of certain data collection practices. HexiaHealth adheres to strict privacy standards and regulations to safeguard users' technical information.

Cookies

At HexiaHealth, we use cookies to enhance your browsing experience and improve our services. Our cookies help us remember your preferences, analyze website performance, and deliver personalized content and advertising. You can manage your cookie preferences and opt-out of non-essential cookies through your browser settings or our website. By using our website, you consent to our use of cookies as outlined in our Cookies Policy.

Information from Third-Party Services

At HexiaHealth, we offer the option for users to connect their social media accounts or wearable devices to our services. If a user chooses to connect these third-party services, HexiaHealth will receive certain information from them.

Social Media Accounts:

Users can connect their social media accounts (e.g., Facebook, X,) to HexiaHealth. By doing so, HexiaHealth may receive:

• Basic profile information such as name, profile picture, and email address.
• Additional information depending on the user's privacy settings and permissions granted.

Wearable Devices:

HexiaHealth integrates with various wearable devices (e.g., fitness trackers, smartwatches) to collect health and activity data. When users connects their wearable device, HexiaHealth may receive:

• Health and fitness data such as step count, heart rate, sleep patterns, and activity levels.
• Device-specific information necessary for data synchronization and analysis.

Purpose of Data Collection:

• To provide users with a more comprehensive view of their health and wellness.
• To enhance the accuracy and effectiveness of our healthcare services.
• To offer personalized recommendations and insights based on aggregated data from multiple sources.

User Consent and Control:

• Users have the option to connect or disconnect their social media accounts and wearable devices at any time.
• HexiaHealth respects user privacy preferences and only collects data from third-party services with user consent.

Security and Confidentiality:

• HexiaHealth ensures that data received from third-party services is handled with the same level of security and confidentiality as other user data.
• Data is encrypted during transmission and stored securely on our servers.

Data Sharing and Disclosure:

• HexiaHealth does not share user data obtained from third-party services with third parties without user consent, except as required by law.
• Data is used solely for the purpose of providing healthcare services and improving user experience.

Transparency and Accountability:

• HexiaHealth is transparent about the types of data received from third-party services and how it is used.
• We are accountable for ensuring that data from third-party services is used responsibly and in compliance with applicable privacy laws and regulations.

Connecting social media accounts or wearable devices to HexiaHealth is optional, and users have full control over their data sharing preferences. HexiaHealth is committed to maintaining the highest standards of data security and privacy to protect our users' information.

Use of Collected Data

HexiaHealth collects various types of data to enter into a contract with user , provide personalized healthcare services and enhance user experience. Here's how we use the data collected:

Personalized Healthcare Services:

• We analyze user data to provide personalized healthcare recommendations and insights tailored to individual needs.
• Data-driven algorithms help us offer accurate symptom assessments, pre-diagnoses.
• Connect you with medical professional through our telemedicine platform.

Improved Service Quality (Based on User Consent):

• Data analysis, with user consent, helps us understand user behavior and preferences, enabling us to optimize our website, app, and services for better performance and usability.
• With user consent, we utilize feedback and usage patterns to identify areas for improvement and develop new features to meet user needs.
• By collecting data on user preferences and interactions, we customize the user experience to make it more relevant and engaging.

• Personalized content delivery, such as health articles and tips, based on user interests and health goals.

Research and Development

• We use anonymized and aggregated data for research purposes to improve healthcare outcomes and develop new products and services.
• Research findings help us understand healthcare trends, identify risk factors, and contribute to advancements in medical knowledge.

Targeted Advertising:

• We may use non-sensitive user data to deliver targeted advertisements that are relevant to user interests and preferences.
• Advertising helps support our free services and enables us to continue providing valuable healthcare resources.

Compliance and Legal Obligations:

• Data collected is used to comply with legal and regulatory requirements, including data protection laws and healthcare regulations.
• We may use data to investigate and prevent fraudulent or unauthorized activities.

Improving Healthcare Ecosystem:

• Aggregated and anonymized data may be shared with healthcare partners, researchers, and public health agencies to improve overall healthcare outcomes.
• Collaboration with healthcare providers and researchers helps identify trends, improve diagnostic accuracy, and develop effective treatments.

HexiaHealth is committed to using collected data responsibly and transparently, ensuring user privacy and confidentiality are maintained at all times. We strive to deliver valuable healthcare solutions that empower users to take control of their health and well-being.

Data Storage and Processing

HexiaHealth prioritizes the privacy and security of user data. Here's how we store and process different types of data:

Personal  Information:

• Personal information, such as user names, email addresses, and contact details, is stored and processed within United Kingdom
• We utilize Amazon Web Services (AWS), a secure cloud storage service, to host our servers for storing personal information.
• Personal information is processed for creating and managing user accounts, delivering personalized healthcare services, and communication purposes.

Health Data:

• Health data, including medical history, symptoms, diagnoses, and treatment information, is stored and processed within the United Kingdom.
• AWS is used to host our servers for securely storing health data.
• Health data processing includes symptom assessment, diagnosis, treatment planning, and monitoring as part of personalized healthcare services.

Financial Data:

     Financial data, such as credit card numbers or payment details, is not stored by HexiaHealth.

• When users make payments on our platform, credit card details are securely processed by third-party payment service providers.
• Transaction details, such as payment amounts and timestamps, are stored on our secured servers within the United Kingdom.

Data Security Measures:

All data, including personal information, health data, and financial data, is encrypted during transmission and at rest to ensure confidentiality.

• Access to user data is restricted to authorized personnel only.
• We implement stringent security measures and regularly monitor and update security protocols to protect user data from unauthorized access or breaches.

HexiaHealth assures that all data storage and processing activities are conducted within the United Kingdom and comply with stringent data protection laws and regulations. We trust AWS for its robust security measures in safeguarding user data.

Sharing User Data

Sharing User Data

HexiaHealth values user privacy and shares data responsibly for specific purposes:

Service Providers:

• HexiaHealth may share user data with trusted service providers who assist in providing our services.
• These service providers are contractually obligated to handle user data securely and only for specified purposes, such as hosting our platform or providing technical support.

Partners:

1. Employers:

• HexiaHealth partners with employers to support employee wellness programs and initiatives.
• We may share anonymized or aggregated health data with employers to identify health trends within their workforce and develop targeted wellness interventions.
• Information shared may include general health metrics, such as average activity levels, stress levels, or common health concerns among employees.

Insurance Companies:

• Our partnerships with insurance companies aim to improve healthcare outcomes and streamline the claims process.
• We may share data related to health assessments, diagnoses, or treatment plans with insurance providers to facilitate claims processing and provide personalized coverage options.
• Information shared may include diagnosis codes, treatment procedures, or medication usage to ensure accurate and efficient claims processing.

Wellness Programs:

• HexiaHealth collaborates with wellness programs to offer users additional resources and support for their health goals.
• We may share anonymized health data with wellness program providers to tailor program offerings and incentives based on user health profiles.
• Information shared may include activity levels, dietary habits, or participation in health- related activities to customize program recommendations.

Healthcare Providers:

• Our partnerships with healthcare providers aim to improve care coordination and continuity for users.
• We may share relevant health data, such as medical history, diagnoses, or treatment plans, with healthcare providers to facilitate informed decision-making and personalized care.
• Information shared may include recent medical encounters, test results, or treatment adherence to support coordinated care efforts.

Fitness and Lifestyle Apps:

• HexiaHealth partners with fitness and lifestyle apps to provide users with integrated health and wellness solutions.
• We may share anonymized health and activity data with these apps to offer personalized fitness plans, nutrition recommendations, or goal tracking features.
• Information shared may include exercise routines, dietary preferences, or progress towards health goals to enhance user experience and engagement.

Public Health Protection:

• In certain circumstances, HexiaHealth may share user data to protect public health or prevent the spread of infectious diseases.
• This may involve sharing anonymized or aggregated data with public health agencies or authorities for epidemiological research or disease surveillance purposes.

Legal Compliance:

• HexiaHealth may share user data when required by law, such as in response to a valid legal request or court order.
• Data may also be shared to comply with regulatory obligations or to protect the rights, property, or safety of HexiaHealth, its users, employers, or others.

Research and Analytics:

• HexiaHealth may share anonymized or aggregated user data for research or analytical purposes.
• This data sharing is aimed at improving healthcare services, understanding healthcare trends, developing new treatments or interventions, or supporting workplace wellness initiatives.

HexiaHealth ensures that all data sharing activities are conducted in compliance with applicable laws and regulations, and with a focus on protecting user privacy and confidentiality. Users have the option to review and manage their data sharing preferences through their account settings.

Data Retention Periods

HexiaHealth follows the recommendations provided by the Department of Health and the British Medical Association (BMA) for data retention. We understand the importance of maintaining data for appropriate periods while also respecting user privacy. Below are the general data retention periods along with exceptions:

GP Records:

• Retention Period: Minimum of 10 years after the patient's death, or if the patient reaches 17 years old.
• Exceptions: In cases involving legal disputes , the retention period may extend beyond 10 years.

Healthchecks:

• Retention Period: Records of health checks are retained for a minimum of 2 years.
• Exceptions: If a health check identifies a significant health concern, the record may be retained longer for ongoing monitoring or treatment purposes.

Communication with Support Teams:

• Retention Period: Records of communication with support teams are retained for a minimum of 3 years.
• Exceptions: If a communication involves a significant health issue or ongoing support, the record may be retained for longer periods.

Maternity Records:

• Retention Period: Maternity records are retained for a minimum of 25 years after the birth of the last child.
• Exceptions: In cases of legal disputes or if the health of the child or mother requires ongoing monitoring, records may be retained beyond 25 years.

Record of Treatment of Mental Disorders:

• Retention Period: Records of treatment for mental disorders are retained for a minimum of 20 years after the last contact.
• Exceptions: If ongoing treatment or monitoring is required, records may be retained for longer periods. In cases of legal disputes or if the patient's condition necessitates ongoing care, records may be retained indefinitely.

HexiaHealth ensures that all data retention practices comply with legal requirements and industry standards. We understand that there may be exceptions where data needs to be retained longer for legal, medical, or ethical reasons, and we handle such cases with care and sensitivity.

Your Rights

At HexiaHealth, we are committed to upholding the rights of our users and ensuring that they have control over their personal health information. Here are your key rights :

Right to Access:

• You have the right to access your personal health information held by HexiaHealth. This includes medical records, test results, treatment plans, and other relevant health data.
• Users can request access to their information through their HexiaHealth account or by contacting our customer support team.

Right to Correction:

• You have the right to request corrections to any inaccuracies in your health records. If a user believes that their health information is incorrect or incomplete, they can request corrections to ensure the accuracy of their records.

Right to Consent:

• You have the right to control how your health information is used and shared. HexiaHealth seeks explicit consent from users before collecting, processing, or sharing their personal health data.
• Users can manage their consent preferences through their HexiaHealth account settings.

Right to Privacy and Confidentiality:

• You have the right to expect that your health information will be kept private and confidential. HexiaHealth employs robust security measures to protect the confidentiality and integrity of user data.
• We adhere to strict privacy policies and comply with relevant data protection laws to safeguard your information.

Right to Portability:

• You have the right to request a copy of your health information in a format that is easily transferable to another healthcare provider or system. This allows users to maintain continuity of care when switching providers.

Right to Withdraw Consent:

• You have the right to withdraw your consent for the collection, processing, or sharing of your health information at any time. HexiaHealth respects user preferences and will cease processing data upon withdrawal of consent.

Right to File Complaints:

• You have the right to file complaints if you believe your rights have been violated or if you are dissatisfied with how your health information has been handled. HexiaHealth provides channels for users to submit complaints and will address them promptly and transparently.
• HexiaHealth is committed to empowering you and respecting your rights to privacy, confidentiality, and control over your health information. We strive to provide a transparent and user-centric approach to data management, ensuring that you feel confident and empowered in your healthcare journey.

Changes to This Policy

HexiaHealth may update this Privacy and Data Protection Policy from time to time to reflect changes in legal or regulatory requirements, industry best practices, or our business operations. We encourage users to review this policy periodically to stay informed about how we collect, use, and protect their personal information. Here's how we handle changes to this policy:

Notification of Changes:

• In the event of significant changes to this policy, we will provide notice to users through our website, mobile app, or email.
• Users will be informed of the nature of the changes and the effective date of the updated policy.

User Consent:

• By continuing to use HexiaHealth's services after the updated policy becomes effective,

users consent to the revised terms and practices outlined in the policy.

Review and Feedback:

• We welcome feedback from users regarding our privacy practices and policies.
• Users can contact us with any questions, concerns, or suggestions regarding the updated policy.

Retention of Previous Versions:

• Previous versions of this policy will be archived for reference purposes.
• Users can request access to previous versions of the policy by contacting our customer support team.

Compliance with Changes:

• HexiaHealth is committed to complying with all changes to this policy in accordance with applicable laws and regulations.
• We will take all necessary steps to ensure that our data handling practices align with the updated policy.

User Responsibility:

• It is the responsibility of users to review and understand the terms of this policy.
• Users are encouraged to reach out to HexiaHealth if they have any questions or concerns about the policy or its updates.
• HexiaHealth values the privacy and security of our users' personal information and is committed to keeping them informed about changes to our privacy practices. We strive to maintain transparency and accountability in all aspects of our data handling processes.

Cookies Policy

Introduction

Hexiahealth app ("App") uses cookies and similar technologies to enhance your user experience, provide essential functionality, and analyze usage patterns. This Cookies Policy explains what cookies are, how we use them, and your choices regarding their use.

What are Cookies?

Cookies are small text files stored on your phone, computer, or tablet when you visit a website or use an app. Most major app companies and websites, including Hexiahealth, use them to help the app remember your preferences and activities, making your experience more seamless and personalized. The choice to accept them or decline them, however, is yours. Please note that disabling cookies may affect the app's functionality and features.

What type of information is held by the cookie?

Normally, a cookie holds the following information: the name of the app it has come from, how long the cookie will stay on your phone, and a randomly generated value.