INTERNATIONAL DATA TRANSFER PROCEDURE

The International Data Transfer Procedure has been published and entered into force on: March 5, 2025.

This International Data Transfer Procedure (hereinafter referred to as the “Procedure”) describes the methods and means of transferring Personal Data to Third Countries, International Organizations.

References to the words “You” or “Your” (or words similar in content) means the User, depending on the context of the Privacy Policy.

References to “we”, “our” or “us” (or similar words) means the DeHealth Services.

The words he/she and their derivatives in the text of a document can be applied to either a male or female person, depending on the context of the document.

  1. DEFINITION 
    1. User is any person who installs the App to receive Services for the purpose of monitoring their health.
    2. Personal Data is any information that is in the public domain, allowing you to directly or indirectly identify the User. For example, first name, last name, phone number, IP address.
    3. Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
    4. Data is a common name for Personal Data and Data concerning health
    5. Doctor is a qualified specialist in the field of medicine, who is chosen by the User to receive Services for diagnosing his health or monitoring his condition.
    6. DeHealth company (hereinafter referred to as the "Company" or "DeHealth") is a DEHEALTH TECHNOLOGIES, INC, registered at 1049 El Monte Avenue, Ste C #846,
Mountain View, CA 94040, United States, EIN: 36-5099713, which provides Services to Users.
    7. DeHealth application (hereinafter referred to as the "App") is a service created so that the User can check the state of his health and monitor the change in his health.
    8. Services an algorithm of actions carried out by the Company to provide the User with the opportunity to install the App to check the state of his health and monitor its condition by contacting a Doctor.
    9. Controller means a natural or legal person, government agency, institution or other body that independently determines the purposes and means of processing Personal Data.
    10. Processor means a natural or legal person, public authority, agency or other body processing Personal Data on behalf of and on behalf of the Controller.
    11. Encryption - is an algorithmic and reversible transformation of Personal Data, which is performed in a character sequence in order to ensure their security.
    12. European Commission - is the highest executive body of the European Union, responsible for drafting laws, implementing decisions of the European Parliament and the Council, monitoring compliance with EU treaties and other legal acts and current EU affairs.
    13. International Organization - is an organization and its subordinate bodies operating on the basis of public international law, or any other body established by an agreement between two or more countries, or on the basis of such an agreement.
    14. Pseudonymization is the processing of Data as a result of which the Data cannot be identified without the use of additional information, provided that such additional information is stored separately and protected by technical and organizational means to exclude the association of Data with an identified or identifiable individual.
    15. Encryption is an algorithmic and reversible transformation of Data that is performed by a symbolic sequence in order to ensure their security.
    16. Server is specialized equipment that is designed to store information and service users and databases.
    17. Third Party means a natural or legal person, government agency, institution or body, other than the User, Controller, Processor or Company, and persons authorized by the Controller or Processor under their direct supervision to process Personal Data.
    18. Third Country is a country that is not part of the European Economic Area. The European Economic Area includes the countries of the European Union and the European Free Trade Association.
  2. GENERAL PROVISIONS
    1. Personal Data transfers out of accordance with the General Data Protection Regulation include transfers to a Third Country and/or an International Organization.
    2. By Personal Data, we mean the transfer of Personal Data of Users to a Third Country and/or International Organization.
    3. Before Personal Data transfer, the Company checks the security and level of protection of such a transfer.
  3. LEGALITY OF PERSONAL DATA TRANSFER
    1. We may transfer Personal Data to the United States in accordance with the pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework.
    2. The Personal Data transfer is carried out by the Controller or the Processor on behalf of the Controller, in accordance with Article 44 of the General Data Protection Regulation.
    3. The Personal Data transfer to a Third Country or an International Organization is carried out if the Third Country or International Organization provides an adequate level of Personal Data protection . If a Third Country or an International Organization does not ensure an adequate level of Personal Data protection, then the decision on such transfer is made by the European Commission, in accordance with Article 45 of the General Data Protection Regulation.
    4. In the absence of a decision on an adequate level of Personal Data protection, in accordance with Article 45 of the General Data Protection Regulation, the Controller or Processor may transfer Personal Data to a Third Country or an International Organization, if the Controller or Processor provides appropriate guarantees, effective remedies for the Personal Data, according to Article 46 of the General Data Protection Regulation.
    5. In the absence of adequate protection for the Personal Data transfer in accordance with Article 45 of the General Data Protection Regulation or the corresponding guarantees in accordance with Article 46 of the General Data Protection Regulation, the Personal Data transfer to a Third Country or an International Organization may be carried out subject to one of the following conditions (in accordance with Article 49 of the General Data Protection Regulation):
      1. the User expressly agreed to the proposed transfer of Data, having been informed of the possible risks of such Data transfer, in the absence of a decision on adequate protection and appropriate remedies;
      2. the transfer is necessary to perform an agreement between the User and Company, or to implement pre-contractual measures taken at the request of the User;
      3. the transfer is necessary for the conclusion or performance of a contract between the Controller and other natural or legal person;
      4. the transfer is necessary for important reasons of public interest;
      5. the transfer is necessary to assert, exercise or contest legal claims;
      6. the transfer is necessary to protect the vital interests of the User, or other persons, if the User is physically or legally unable to give their consent;
      7. the transfer is made from a register, which, according to the law of the European Union or a member state, is intended to provide information to the public.
  4. METHODS OF ENSURING THE SECURITY OF PERSONAL DATA
    1. When transferring Data to a Third Country and/or International Organization, we use methods of Data Encryption and Pseudonymization.
    2. Channels protected by TLS 1.2 or 1.3 are used for data transmission, with automatic Encryption on the receiver side. Deletion of Data is performed using secure destruction protocols in accordance with NIST SP 800-88, including overwriting of Data and physical destruction of media when necessary.
  5. REASONS FOR THE DATA TRANSFER
    1. Company may transfer Personal Data in the following cases:
      1. conclusion of a contract with the User;
      2. storage of Data on the Server;
      3. use of protection systems;
      4. according to a legitimate request from a supervisory, government or law enforcement agency;
      5. to protect their interests in court or pre-trial proceedings.
  6. CHANGE OF PROCEDURE
    1. We have the right to periodically make changes to the Procedure in the event of a change in the methods of transferring Data, Server and legal requirements.
    2. We notify Users of such changes by posting news on the App, sending an e-mail letter, or using other means.
    3. If the User unsubscribes from emails in which we inform about all changes in the Procedure, he/she is still responsible for review thereof.
  7. CONTACTS
    1. The User has the right to contact the Company support service at: [email protected] to ensure his rights, in accordance with the terms of this International Data Transfer Procedure, or in case of violation of his rights, or to leave feedback or ask a question.