Ancora Privacy Policy

Privacy Policy – May 2021 

PRIVACY POLICY 

  1. Introduction

This Privacy Policy is to inform you what Personal Data is processed by using this App/Site, how it is collected, to whom it is or may be disclosed, and how it is used. This Privacy Policy is incorporated into, and is subject to, the Terms of Use. 

By “Personal Data” we mean any information relating to an identified or identifiable natural person, as further defined in the General Data Protection Regulation (EU) 2016/679. 

By “Data Controller” we mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, as further defined in the General Data Protection Regulation (EU) 2016/679.  

This Privacy Policy was last updated on 17 may 2021. 

  1. About the App and/or Site

2.1 The Services comprise without limitation a mobile application on an iOS enabled mobile device or on an Android mobile device (“Personal Device”) that you own or control or access via a web browser at https://app.ancora.health/ (“Site” or each, an “App”), including all related documentation and related services, which enable users to: 

  • get their health data measured and collected via a physical assessment, the collection of urine, DNA and blood samples and an online self-assessment questionnaire;
  • get their health data analyzed by Ancoraanalists to quantify biomarkers, genes and lifestyle;  
  • receive a personalized, confidential health profile, including guidelines on nutrition, activity and lifestyle choices that could help to reduce health risks and/or prevent health issues.

2.2 The App is designed and intended for use by EU residents who are at least 18 years of age and have reached the age of majority in their country of residence. The App is provided exclusively for personal and private use. 

 

  1. What Personal Data is processed by using the App, Site and/or Services? 

There is a variety of Personal Data that is processed when you use the Site and/or download and use the App. This Personal Data may be provided by you directly or it may be information that results from your use of the App. Depending on the service you use, Ancora may collect the following personal data:  

  • Name and address; 
  • Email address; 
  • Telephone number; 
  • Address
  • Information about your appointment; 
  • IP address;

Medical information:   

  • Personal medical history (medication, previous or current health conditions, and history of surgical interventions); 
  • Family history (previous or current health conditions from 1st or 2nd degree blood relatives);

Lifestyle data:  

  • Activity and exercise (including degree of activity during daily routine, and fitness and sporting habits); 
  • Nutrition (including dietary habits and preferences, and food allergies); 
  • Stress management strategies from validated questionnaires; 
  • Subjective wellbeing from validated questionnaires; 
  • Health-relatedbehaviours including smoking, drinking, and others from validated questionnaires; 

Results of your health assessment:   

  • Blood: biomarkers of, including but not to limited to, liver health, bone and muscle health, heart health, metabolic health, renal health, blood health, thyroid health, stress, and nutrition status; 
  • Urine: biomarkers of, including but not limited to, renal health; 
  • Fitness: markers and measurements of, including but not limited to, body composition and anthropometrics, and cardiopulmonary conditioning. Providing any or all of the above information is voluntary. You can decide for yourself which information you want to add to the Application or functionalities you wish to use. Not providing the information or not amending the default settings may limit the functionalities of the Application.

  

  1. Purposes of data processing

Ancora will only process your Personal Data for specific purposes. The personal data collected by us under Section 3 is used for the following purposes: 

  • Creating your account to register with Ancora; 
  • Logging in to your account; 
  • Keeping your medical record; 
  • Providing health assessment reports and lifestyle advice;  
  • Scheduling an appointment; 
  • Keep track of your preferences; 
  • Improving our service to you; 
  • Performing other services that you have requested; 
  • Followup correspondence (phone inquiries, e-mail or live chat); 
  • Sending newsletters;
  • Keeping track of results from previous examinations and / or treatments.

 

  1. Use and Sharing of Personal Data

5.1 Through the App, Site and/or Services, Personal Data that you provide will be used to enable you to use all the functionalities, features and benefits of our Services. 

5.2 The App and/or Site allows you to share the information listed under Section 3. For instance, you may decide to share any of the information collected in the App and/or Site with recipients, such as your healthcare provider, via the Share button in your personal account (e.g. any medical information, lifestyle data and/or results of your health assessment).

5.3 We may anonymize your Personal Data by processing it so that it is impossible to identify any particular individuals (e.g., by removing all pieces of information which might allow an individual to be identified such as IP address and carrying out a process to make it impossible to re-identify that individual) and use that anonymized information for analyzing, providing and improving our services and/or products. More specifically, this means that we set up anonymous dashboards for clients to gain insight into the health levels of companies or sectors. These insights cannot be traced back to an individual.  

5.4 Except as provided for in the next section, we will only share your Personal Data with our affiliated companies and external service providers, including service providers established in the United States, we trust. This means that your Personal Data may be transferred outside of the European Economic Area (EEA) to countries that may provide a lower standard of protection for your information. When we transfer your Personal Data outside the EEA, we do so in compliance with applicable data protection laws and will ensure that your information is kept secure and the recipient has an adequate level of security. We will rely on appropriate contracts or suitable safeguards with recipients in countries outside the EEA to ensure your Personal Data is properly protected. Please contact us using the details below should you wish to find out more information on the contracts and suitable safeguards.  

5.5 We will not share your Personal Data with other persons or organizations, unless we believe in good faith that this is necessary to protect your safety or the safety of others, investigate fraud, respond to a government request or otherwise exercise our legal rights or defend against legal claims; and when we believe it is necessary to share information in order to assist in an investigation regarding, or to prevent, illegal activities, suspected fraud, or situations involving potential threats to the safety of any person. 

        

  1. Third Party Analytics

6.1 When the Site and/or the App (is downloaded) and used, we may automatically collect information on the usage of the App by its users. For instance, what kind of functionalities are used and how long users spend on each page in the Site and/or App. We use this information to analyze the usage of the Site and/or App and identify opportunities for further development and optimization of our services. The (third party) analytical tool (e.g. Google Analytics) that we use collect and analyze this kind of information for us.

 

  1. Your Rights and Choices

In accordance with the General Data Protection Regulation (GDPR), you have the: 

Right of access. You may contact us to get confirmation as to whether or not we are processing Personal Data concerning you. Where that is the case, we will inform you about the categories of Personal Data we process, the processing purposes, the categories of recipients to whom Personal Data have been or will be disclosed and the envisaged storage period or criteria to determine that period. 

Right to rectification. You have the right to have inaccurate or incomplete Personal Data, we store about you, rectified or completed. 

Right to object. In case our processing operations are based on a legitimate interest of us, you have the right to object at any time against these processing operations. We will then no longer process your Personal Data, unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.  

Right to restriction of processing. You have the right to obtain from us restriction of processing your Personal Data in specific situations as foreseen by applicable data protection law (e.g. when the accuracy of your Personal Data is contested by you, for a period enabling us to verify the accuracy of your Personal Data).  

Right to erasure. You have the right to ask us to erase your Personal Data from our systems if your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. Furthermore, you have the right to erasure if you exercise your right to object as meant above, unless we have an overriding legitimate ground to not erase the relevant data. We may not immediately be able to erase all residual copies from our servers and backup systems after the active data have been erased. Such copies shall be erased as soon as reasonably possible. 

Right to data portability. You have the right to receive your Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided to us. 

You also have the right to file a complaint before your local data protection authority if you believe that we processed your Personal Data unlawfully. For the Netherlands, see: https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrechten/klacht-melden-bij-de-ap   

 

  1. Data Retention

The Personal Data listed under Section 3 will be not be kept in an identifiable form for longer than necessary. We determine the retention period of your Personal Data on the basis of the following criteria: (a) the purpose for which we use your Personal Data: we keep the data as long as necessary for that purpose; and (b) legal obligations: various laws and regulations impose minimum retention periods we are obliged to comply with. Your medical personal data (e.g. medical information and results of your health assessment) has a retention period of twenty (20) years.

 

  1. Security

We are concerned about safeguarding your Personal Data against unauthorized access, use and loss. We have appropriate administrative, technical, and physical measures in place to safeguard the Personal Data specified under Section 3. To protect your Personal Data, we have taken appropriate security measures. In particular we are ISO 27001 and NEN7510 certified and thus demonstrate that we have safeguarded adequate security levels.

 

  1. Third Party Sites and Services

The Site and/or App may contain links to websites, other apps and other online services operated by third parties that are not under our control. We are not responsible for the collection, use, and disclosure of your Personal Data on those websites and other online services by those third parties. We encourage you to review the privacy policies of each website and other online services you visit.  

 

  1. Updates to this Data Protection Policy

We reserve the right to adjust this privacy policy from time to time. These changes will be announced on our website. We therefore advise you to regularly check this privacy policy, so that you are aware of any changes.  

 

  1. Contact and Questions

In order to exercise the above-mentioned rights, or if you have any questions about our privacy practices or our use or disclosure of your Personal Data while using the Site and/or App, please contact us by clicking on the “Support” link or contact us via info@ancora.health. 

 

Ancora Health B.V. 

Herestraat 106 

9711 LM Groningen 

Chamber of Commerce: 73031895