Data concerning health Processing Procedure

Data concerning health Processing Procedure was published and entered into force: March 5, 2025.

This Data concerning health Processing Procedure (hereinafter referred to as the “Procedure”) describes the rules, methods and techniques for processing and recording Data concerning health.

References to the words “You” or “Your” (or words similar in content) means the User, depending on the context of the Data concerning health Processing Procedure.

References to “we”, “our” or “us” (or similar words) means the DeHealth Company.

By taking into account Data concerning health, we mean the maintenance of the Register by the Controller and Processors or their representatives, in accordance with Art. 30 of the GDPR.

The Company, in its activities when collecting, processing, storing personal data, makes every effort to adhere to the rules and requirements provided for by the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016), known as "GDPR".

We are grateful to you for your cooperation with the Company.

  1. DEFINITION 
    1. User is any person who installs the App to receive Services for the purpose of monitoring their health.
    2. Personal Data is any information that is in the public domain, allowing you to directly or indirectly identify the User. For example, first name, last name, phone number, IP address.
    3. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
    4. Data is a common name for Personal Data and Data concerning health
    5. Doctor is a qualified specialist in the field of medicine, who is chosen by the User to receive Services for diagnosing his health or monitoring his condition.
    6. DeHealth company (hereinafter referred to as the "Company" or "DeHealth") is a DEHEALTH TECHNOLOGIES, INC, registered at 1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States, EIN: 36-5099713, which provides Services to Users.
    7. DeHealth application (hereinafter referred to as the "App") is a service created so that the User can check the state of his health and monitor the change in his health.
    8. Controller means a natural or legal person, government agency, institution or other body that independently determines the purposes and means of processing Personal Data.
    9. Processor means a natural or legal person, public authority, agency or other body processing Personal Data on behalf of and on behalf of the Controller.
    10. Register of Operations with Data concerning health (hereinafter referred to as the Register) is a document drawn up in written and electronic form, in which the Data concerning health is recorded.
  2. DATA CONCERNING HEALTH 
    1. The Company uses additional conditions for processing Data concerning health:
      1. height;
      2. weight;
      3. gender;
      4. blood type;
      5. DNA test;
      6. birth Defects;
      7. allergies;
      8. history of diseases;
      9. information about previous and chronic diseases;
      10. medicine prescription;
      11. drug intolerance;
      12. bad habits;
      13. health history: provided exclusively to the Doctor, and the Company only stores such data;
      14. state of health.
    2. Data concerning health are processed exclusively by the Doctor for the following purposes to:
      1. fully check the physical and mental state of the User;
      2. monitor the physical and mental state of the User;
      3. receiving advice from a Doctor in the field of medical services.
  3. ACCESS LEVEL TO THE DATA CONCERNING HEALTH
    1. The Company acts as the controller during the processing of Data concerning health:
      1. DEHEALTH TECHNOLOGIES, INC
      2. Address:1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States
      3. EIN: 36-5099713
    2. The Doctor and the Company's employees, as well as the Company's contractors who provide the Company with services for storing Data concerning health, act as the processor during the processing of Data concerning health.
    3. The Company allocates the following levels of access to Data concerning health:
      1. Full access - means that the Processor has the right to:
        1. process Data concerning health;
        2. keep records of Data concerning health;
        3. participate in the processes of transferring, storing, and ensuring the security of Data concerning health;
        4. disclose Data concerning health, in cases provided for by the Company's documentation.
      2. Partial access - means that the Processor has the right to:
        1. keep records of Data concerning health;
        2. participate in the processes of transferring, storing, and ensuring the security of Data concerning health.
      3. Limited access - means that the Processor has the right to:participate in the processes of transferring and storing Data concerning health.
    4. The Company has the right to change the access level of the Processor and/or the employee/counterparty of the Company. In this case, the Processor/employee/counterparty is assigned a new access level.
    5. The Processor has the right to access Data concerning health in accordance with the access granted to him by the Company.
    6. To limit access to Data, the Company uses the Least Privilege procedure - Employees have access to only the data they need to perform tasks and instructions from the Company.
    7. Special registers of Employees with the right to access Data are stored in access control systems (IAM). All Employee accesses to the Data are registered, each change to the Data or its viewing is recorded. The Company conducts random audits of the use of Data to identify unexpected access to Data by Employees.
    8. The full name, position, duties and access level of the Company's employees are set out in the following table:

      No.

      Full name

      Position

      Access level

      Duties

      1.

      Denys Tsvaig

      CEO

      Full

      Owner of the project

      Setting tasks

      Assigning project roles

      2.

      Oleh Khomiak

      Chief information security officer 

      (CISO)

      Full

      Architecture, Database and Software Security

      3.

      Alexander Lisovik 

      Web3/Mobile Lead

      Full

      Leading the Mob Development Team

      IOS Development

      Work on the project architecture and on the blockchain protocol and storage

      4.

      Kudovbenko Bohdan

      QA Lead

      Full

      Tests the system - backend, frontend, security

      5.

      Denis Stadnichenko

      Android Engineer

      No access to data

      6.

      Bohdan Chernysh

      iOS Engineer

      No access to data

      7.

      Vlad Kuznia

      Data Engineer

      ML Engineer

      Full

      Data Parsing

      Database

      Data Analysis

      8.

      Bohdan Hordiychuk

      Backend Engineer

      Master's in Computer Science

      Full

      Database

      9.

      Serhii Monastyrskyi

      iOS Engineer

      No access to data
    9. The name, category of services, responsibilities and access level of the Company's counterparties are set out in the following table:

      No.

      Name

      Service category

      Access level

      Duties

      1.

      AWS HealthLake and AWS Lambda

      Data Storing 

      Full

      personal data and personal medical data (tests, etc.) are encrypted

      AWS API GateWay, S3 Buckets, HealthLake, IAM Roles.

      2.

      Empat (empat.tech)

      Software service provider (outsourcing)

      No access to data

      Develops individual components of the system and transfers them to the team

      3.

      Apricot Soft

      Software service provider (outsourcing)

      No access to data

      They created UX for us

      4.

      3DLOOK (https://3dlook.ai/)

      Online Human Body Scanner

      No access to data

      API integration

      5.

      G Suite (Google)

      Corporate emails

      Partial access

      Access to all project sources - designs, technical specifications, As well as development plans and all correspondence with partners and clients

      6.

      GitHub (github.com)

      Code repository

      Partial access

      Code repository

      7.

      Apple Store and Google Cloud

      Data Storing 

      Partial access

      Sale of the application for users

      8.

      Stripe (Stripe.com)

      Payments

      No access to data 

      Payments

      9.

      Firebase (Google)

      Development platform

      Partial access

      A set of tools and services for developing mobile and web applications from Google.

      10.

      Slack (slack.com)

      Messenger

      access to team correspondence

      Communication between employees

      11.

      Docusign (docusign.com)

      Document management platform

      Access to the company's corporate agreements

      Signing contracts with employees, partners and contractors

      12.

      Jira.(Atlassian.com)

      Atlassian Task and Project Tracking Software

      Access to team correspondence

      Communication between employees

      13.

      Clarity (clarity.microsoft.com)

      Analytics platform

      Access to the website

      Analysis of user behavior when receiving services, using the site/app 

      14.

      Google Analytics

      Analytics platform

      Access to the website

      Analysis of user behavior when receiving services, using the site/app 

      15.

      Zoom 

      Online meeting platform

      No access to data

      Communication between employees

      16.

      Miro (miro.com)

      Interactive online whiteboard for team work

      Access to company diagrams - architecture and database diagram, etc.

      Project management of the Company's team

      17.

      Figma (http://figma.com)

      Vector online interface development and prototyping service with the possibility of organizing joint work by the Company's employees.

      Access to all company design and identity

      Project management of the Company's team

      18.

      Notion (Notion.com)

      Interactive online whiteboard for team work

      Access to employee`s data

      Communication between employees
    10. The full name, service category, duties and access level of the Company's Doctors are set out in the following table:

      No.

      Full name

      Position

      Access level

      Duties

      1.

      Philippe Gerwill

      Medical data Adviser

      No access to data

      Consultations and participation in conferences

      2.

      Albert Abel 

      Medical consultant

      No access to data

      Consultant on medical systems of human health
  4. ACCOUNTING DATA CONCERNING HEALTH
    1. The Company keeps records of Data concerning health by maintaining a Register, in accordance with Article 30 of the General Data Protection Regulation.
    2. The Controller or the Processor, on behalf of the Controller, maintains a register of the activities for processing and recording Data concerning health for which they are responsible.
    3. The Register contains the following information:
      1. Contact details of the Controller;
      2. Personal data of the Company's employees/contractors;
      3. Contact details of the Contractors;
      4. Contact details of the Personal Data Protection Officer, if any;
      5. The purposes of processing Data concerning health;
      6. Breach of the procedure for processing Data concerning health;
      7. Unlawful disclosure of Data concerning health;
      8. The categories of recipients to whom Data concerning health has been or will be disclosed, including recipients in third countries or international organisations;
      9. Detailed information on transfers of Data concerning health to other countries;
      10. schedules for storing Data concerning health;
      11. planned dates for deleting different categories of Data concerning health;
      12. description of technical and organizational measures for the security of Data concerning health, specified in Article 32 of the General Data Protection Regulation.
    4. The Register is maintained to record:
      1. Data concerning health stored by Company and the places where it is stored;
      2. names of organizations to which Data concerning health is transferred;
      3. methods and methods of using Data concerning health;
      4. storage periods for Data concerning health;
      5. names of counterparties;
      6. Data concerning health of employees;
      7. concluded contracts and/or agreements.
    5. Before re-use for Data processing, media undergo full encryption or Data destruction (sanitization) in accordance with NIST SP 800-88. The Company keeps a detailed log with a description of all actions with media used for Data processing. If the medium is no longer used for Data processing, it is subject to physical destruction.
  5. AUDIT
    1. The Company periodically conducts an audit for compliance of the processing, transfer, storage, protection, and security of Data concerning health with the rules of the General Data Protection Regulation. The purpose of the audit: ensuring the security of Data concerning health.
    2. An audit is conducted in the following cases:
      1. at the beginning and end of the reorganization of the company's activities, in accordance with the General Data Protection Regulation;
      2. as scheduled every 6-12 months;
      3. before starting work with new contractors/Processors;
      4. before conducting risky transactions with Data concerning health;
      5. after identifying a breach of Personal Data security.
    3. The company has the right to conduct the following types of audits:
      1. Internal audit. Carried out by the Company independently;
      2. Authorized audit. Carried out by regulatory authorities authorized to conduct investigations and inspections on the proper processing of Data concerning health by the Company;
      3. External audit. Carried out by an independent expert in the protection of Data concerning health.
  6. CHANGES TO PRIVACY POLICY
    1. We have the right to periodically make changes to the Data concerning health Processing Procedure for the security of Data, and to comply with the requirements of the laws of England and Wales.
    2. The User must familiarize himself with the new terms of the Data concerning health Processing Procedure and DeHealth is not responsible if the User has not familiarized himself with the new terms of the Data concerning health Processing Procedure.
    3. DeHealth will update the modification date of the current version of the Data concerning health Processing Procedure in the “Updated” line at the top of the document.
    4. Our electronic copies of the Data concerning health Processing Procedure are deemed to be correct, complete, valid, legally binding and in effect at the time of your visit to the App.
  7. CONTACTS
    1. The User has the right to contact the Company support service at: [email protected] to ensure his rights, in accordance with the terms of this Data concerning health Processing Procedure, or in case of violation of his rights, or to leave feedback or ask a question.