Privacy Notice

Welcome to Holly Health! Our full name is 'Holly Health Ltd'. We are called "we", "us", "our", or "Holly Health" in this Privacy Notice).

We talk about our website (https://hollyhealth.io) (the "Site") and our mobile application (the "App") (and anything we might provide in the future) together as Holly Health or as our "Platform".

Holly Heath provides a digital coach (the Holly Bird) to help develop small healthy habits, and our services are as described on the Platform (our "Services").

Let's start with some key points, which you'll find more detail on below:
  • The Holly Health app collects information from you, including things like your name, email, health behaviours, demographics and medical conditions, in order to tailor the health coaching and content within the service, to be more useful. We never share personally identifiable user information externally, without your explicit permission - for example, we may ask if you'd like to be part of a research study where a specific university team may be able to see the information, or in the future, we may ask you if you'd like to share your Holly Health data with your doctor. This would be entirely optional and we would always explicitly ask for your consent first.
  • We do share an overall summary of average insights (otherwise known as aggregated data) with select parties, such as primary care clinics/GP practices and researchers, for the purpose of improving care and understanding population health challenges. It is not personally identifiable; therefore, your personal information would never be shared in this way.
  • Holly Health is fully GDPR and DTAC compliant, meaning we take privacy, data protection, clinical safety and usability very seriously, and meet NHS digital health service standards. If you have any questions on our policies or would like help with something, you can email us using [email protected].

Please read our Terms and Privacy Notice carefully.
It will take about 5-10 minutes if you read the whole Terms.

1. What information do we collect & how do we use it?

This Privacy Notice will apply to you if:

● you visit and browse our Site or App.
● you contact or engage with us.
● you sign up for marketing from Holly Health.
● you use our Services (with or without an account).

We must have a relevant legal reason, called a 'lawful basis' for each way that we use your personal information. We say what our legal reasons are in each section below, and we explain what each one means under 'What do each of these legal reasons mean?'.

If you visit our Platform:
We collect:

If you visit any of our Services, whether you're just browsing or you have an account, we will automatically collect information from you each time you use our Platforms. This includes:

  • technical information
  • information about your visit and
  • (if you opt-in) location data
What do each of this include?

Technical information

Technical information may include: phone number, Internet Protocol (IP) address, login information, browser type and version, browser plug-in types and versions, device IDs, social log-in ID/email address, time zone setting, operating system and platform, hardware version, device settings (e.g. language and time zone), file & software names and types (associated with your device and/or the Services), battery & signal strength, information relating to your mobile operator or Internet Service Provider (ISP).

Information about your visit

Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), pages and services you viewed or searched for, demographic information (including age and gender), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), traceable campaign links (e.g. in emails, or via tracking URLs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team and our social media accounts.

Location data

We only collect location data if you give us permission (via our website cookie banner, or via your app settings).

Location data includes country location (based on your full or partial IP address and/or Google Analytics information) which we use to provide location services (if you ask or permit us to), so that we can deliver content, advertising or other services that are dependent on knowing where you are, like checking for fraudulent transactions.

Location data may be collected in combination with device ID, so we can recognise your mobile browser or device when you return to the Service.

Delivery of location services will involve us checking any of the following:o the coordinates (latitude/longitude) of your location,

o your current country or region, by referencing your current IP address against public sources, and/or

o your Identifier for Advertisers (IFA) or ID for Vendors (IDFV) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.

You can opt-in and out of location sharing by changing your device settings.

We use this to:
  • understand how individuals use our Platform, and how we can improve it.
  • ensure content from our site is presented in the most effective manner for you and for your computer.
  • provide you with the information, products and services that you request from us or we think you may be interested in.
  • if you visit our website and opt-in to cookies, or download our app and opt-in to letting us use your personal data for tracking, we may display Holly Health ads to you on other websites, or send you push notifications – for example, to encourage you to get started using Holly Health. You can always change what we have access to in your device settings.
Our legal reason for this is:

We do this in our legitimate interests, where we have considered these are not overridden by your rights or with your consent if required (e.g. to non-strictly necessary cookies).

What do these legal reasons mean?

See below for our Cookie Notice for more information on the use of cookies and device identifiers on the Services.

If you contact or engage with us:
We collect:

If you contact or engage with us, we will collect your contact information, and the other communications information you provide.

Contact information includes basic contact information you provide, for example:

● email address,
● first and last name,
● phone number(s),
● social media handle (for example, if you engage with us on social media)
● address (we may sometimes ask for this to send you Holly goodies, this is optional).

Communications information includes your correspondence with us, for example if you get in touch with us to ask about a subscription or to report a problem with our Site. This includes:

● emails,
● texts, in-app messaging & other digital messaging,
● calls,
● letters,
● any in-person conversations you have with us.

We use this to:

● Contact you if you have asked us to do, including to respond to your queries, troubleshoot problems, and help with any issues you may have with our Services.
● Provide you with information you might request about our Services.
● Provide you with technical and other service updates (for example, if we update our Terms of Service).

Our legal reason for this is:

We do this in our legitimate interests.

We may also do this to take steps to enter into any contract with you or to fulfil our obligations under any contract with you (including our Terms of Service).

Where required, we may do this with your consent.

If you sign up for updates, offer or other marketing from Holly Health:
We collect:

We may collect contact information (as explained above), like your name and email address.

We may also collect marketing preferences, which are our records of what information you would or would not like to receive from us, and if you have opted out of any direct marketing.

We use this to:

● send you offers, updates, promotions, newsletter(s), insights and other marketing material related to Holly Health.

● send you personalised marketing, for example about new features we think you may be interested in or habits you've set, related to Holly Health.

● send you surveys, competitions, promotional campaigns, offers or other occasional activities.

● ask you for feedback, including through surveys and other marketing research.

We may send these via push notifications, emails or texts, depending on your preferences.

Our legal reason for this is:

We do this with your consent, where required.In certain circumstances (for example, if you agree to marketing when you begin a paid subscription), we may do this in our legitimate interests (where we have considered these are not overridden by your rights).

What do these legal reasons mean?

You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional email updates, or by replying to the email saying unsubscribe.

If you use or sign up for our Services:
We collect:

Account
You must create an account to use Holly Health.

● You may have access to a limited preview with just a first name.

● If you sign up for an account with us, you can sign in using your account with Apple, Facebook or Google, or with your email. You'll create a password. You can disconnect this later if you change your mind. If you disconnect an account login, without creating an account using your email address, you will no longer be able to access your account.

● We'll record which subscription and payment option you choose. We won't see your payment information.

Holly Bird chats
We'll record your chats with the Holly Bird, which includes which chat options you choose or what you type into the chat. This can include information about your sleep, nutrition, exercise and mental health – for example, if you feel stressed or worried, or other information about your habits and goals.

Habits, goals and wellbeing
We'll collect your:

● height and weight (optional, for BMI calculation and building progress diagrams).
● city location or post code (optional, for discovery/event recommendations).
● health & wellbeing goals (like improved sleep).
● medical conditions (optional, for service improvement or recommendations).
● age and gender (optional, for service  improvement or recommendations).
● information you share about specific habits:

o sleep (e.g. bedtime, average sleep length)
o nutrition (e.g. eating more vegetables)
o exercise (e.g. yoga completed, or number of squats done)
o mental health (e.g. mindful breathing, evening reading completed, or information about how you feel).

● information you share about all your habits:

o habit timing (e.g. length, repetition, day of the week, time of day (like before breakfast or after work) and calendar information)
o progress (like weight or psychological markers).

● information we create and track about your habits, for example:

o your progress charts showing percentage changes, or how you've rated your mood
o personalised information, where we combine information you give us or that we record about you so that we can improve our services and offer you better recommendations.

● any requests or suggestions you submit to us.

App integrations
In the future, you may have the option to share information from other apps (like Apple Health or Google Fit) with Holly Health. We won't do this without asking you, we'll provide more information at the time.

We use this to:

● provide our Services to you, including:

o Holly Bird chat functionality
o Providing personalised information and recommendations (e.g. articles, videos, activity challenges) for you across sleep, nutrition, exercise and mental health. Enabling you to set goals and track your habits
o Understanding user experience, so that we can improve future designs

Our legal reason for this is:

We do this to comply with our contract with you (e.g. our Terms of Service). We may also do this in our legitimate interests. GDPR enables users to opt out of user profiling. User profiling does not apply to the Holly Health service in its current service design.

2. What do each of these legal reasons mean?

We must have a relevant legal justification, called a 'lawful basis' for each way in which we use your personal information.

Lawful bases include consent, a contract with you (as a data subject), compliance with our legal obligations and our specified legitimate interests.

Consent:
We'll use your personal information to send you promotional or marketing content (for example, updates or newsletters) if you have consented (where required by law).

We may also send direct marketing based on our legitimate interests (see below).

You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional updates and marketing to you, or by replying to the email saying unsubscribe.

We also rely on consent for some of the cookies we use (see our Cookie Notice for more detail).

Contract:
We use your personal information if it is necessary to perform a contract you have with us (for example, our Terms of Service), or if you have asked us to take specific steps before entering that contract. We may send you service updates based on your contract with us (for example, about your subscription payments).

Legitimate interests
:
Holly Health collects only the minimum information needed to provide a useful and personalised coaching service. We may use your personal information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. Our legitimate interests include:

Administering, improving and expanding our Platform and services

− Getting your feedback and reviews

− Providing our Platform, and ensuring technical bugs are identified and resolved

− Gathering information and developing insights about how use Holly Health, including aggregating individuals' data

− Developing and improving Holly Health

− Customising Holly Health for our users

− Implementing and improving our security measures

− Growing our business and informing our marketing strategy.

Marketing & advertising

− Marketing and promoting Holly Health to an organisation you work for or provide services to.

− Measuring or understanding the effectiveness of advertising we serve to you and others and delivering relevant advertising to you (including when you visit other websites).

Fulfilling agreements with other organisation

− Complying with any agreement we may have with an organisation you work for or provide services to.
− Enforcing or applying our terms or other agreements with you or with an organisation you work for or provide services to.

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests. If you would like further information about how we assess our legitimate interests, please contact us at [email protected]. The Holly Health DPO (data protection officer) is Grace Gimson. If there are material changes to how we collect user data, user consent will be re-obtained.

Legal obligation:
We may need to process your personal information to comply with our legal obligations, including under applicable UK law, and/or any court orders. This may include compliance with know-your-client and anti-money laundering rules.

We also use different types of cookies on our Platform – we explain this in the Cookie Notice.

3. Who do we share your information with?

We may share your personal information with:

● our service providers, organisations who support the services we offer through the Platform and only process your personal information on our behalf, following our instructions and data protection law

o Service providers help us with things like website and data hosting, distributing communications, supporting or updating marketing lists, customer service, facilitating feedback on our services, digital invoicing and payment processing providers, and IT support services.

o These organisations (which may be third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.

● we may provide aggregated and anonymised data to academic institutions, service delivery partners, or research bodies. If we wish to provide any personal information which is not anonymised, we will provide detailed privacy information at the time (including individual opt-ins where applicable). Personally identifiable user data will not be shared outside of Holly Health without explicit user permission.

● if we run surveys, competitions, promotional campaigns, offers or other occasional activities and you opt-in with a partner (for example, if you chose to enter a prize draw we manage with a partner organisation). We will provide more detailed privacy information at the time.

● our auditors, legal advisers and other professional advisers.

● potential investors, or if we sell or buy any business or assets then a potential seller or buyer.

● any person to whom disclosure is necessary for us to protect our rights, property, or safety, our clients, or other third parties, and to enforce our rights under this Notice or under any agreement (for example, our Terms of Service) with you. This includes exchanging information with other companies and organisations for the purposes of detecting and preventing fraud and cyber-crime.

● if required to do so by court order or if we are under a duty to disclose your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation. This includes exchanging information with law enforcement agencies, regulators, or other similar government bodies.

4. Where do we store your information?

Holly Health is based in the United Kingdom. We may transfer your personal information outside the UK (or, if you are in the EEA, outside of the EEA):

● to store it.

● so we can to provide our Platform and Services to you.

● to support the operation of our business, where this is in our legitimate interests and we have concluded these are not overridden by your rights.

● where we are legally required to do so.

We will put legal protections in place to safeguard personal data transfers in compliance with data protection laws.

We may transfer your personal information to external key organisations to support service delivery, in or outside the UK / EEA, including to the key organisations listed below:

We update our partners and service providers as we grow, and will update this Notice regularly. For more information about how we currently transfer and protect data, please contact [email protected].

5. How do we protect your information?

All information you provide to us is stored on our servers. Our website uses secure end-to-end encryption to protect your information. All connections into our platform are secured using industry standard security and encryption.

All data we capture is stored in secured databases and data storage systems with strict access limitations. All data access requests are logged and monitored in accordance with any threat detection policies.

Unfortunately, the transmission of information via the internet is not completely secure. We do our best to protect your personal information, but we cannot guarantee the security of your data transmitted to us, any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

6. Payments

Payments made on our App and for our Services are made through the Apple App Store or Google Play store subscription functions.

You will be providing credit or debit card information directly to Apple or Google (which will use a secure server to process payment details, encrypting your credit/debit card information and authorising payment).

Information which you supply to Apple or Google is not within our control and is subject to Apple's or Google's own privacy policy and terms.

7. Other websites

We may sometimes link to other websites (including other apps). The websites will have their own privacy information, which you should read before using or sharing personal information with the site.

We are not responsible or liable for these websites, any content on them, or their policies and notices. A link does not mean we endorse the views of the linked website. We have no control over the availability of any of these websites.

8. How long do we keep your information for?

If you freeze your account, we will retain your personal information while it is frozen. If your account goes fully inactive, we will delete your data 2 years after it has ceased to be used, for personally identifiable data, and 5 years after for non personally identifiable data.

We will usually keep personal information:

● for as long as necessary for the original reasons we collected it (for example, for as long as you have an account with us), and
● for up to five years after that to identify any issues and resolve any legal proceedings.

We may keep your personal information for a longer period:

● in the event of a complaint,
● if we reasonably believe there is a prospect of legal proceedings,
● if we are aware of pending or ongoing legal proceedings, or
● in some circumstances, if applicable law says we must.

If you have opted into receiving marketing from us but later decide to opt out (or object to any other use of your personal information), we may keep a record of your opt-out or objection so we can respect your preferences.

9. Anonymised data

We may anonymise your personal data to create anonymised data (like aggregated statistics). You cannot be identified from anonymised data, and it cannot be reverse engineered to re-identify individuals. This kind of data is no longer personal data.

We may keep and use this anonymised data to help us provide, develop and improve our Platform and services, including to:

● better understand how people use Holly Health
● develop useful insights and improvements to Holly Health
● to provide partners or academic organisation with insight into service usage and aggregated outcomes information

10. What rights do you have over your personal information?

In certain circumstances, you have the following rights:

● to be provided with a copy of your personal information,
● to ask us to correct or delete your personal information,
● to request us to restrict how we use your personal information (for example, while we investigate your concerns about the accuracy of data, or lawfulness of a certain use),
● to object to the further use of your personal information, including the right to object to marketing from us,
● to request that your provided personal data be moved to a third party, and
● where you have consented, to withdraw consent.

If you would like to exercise any of these rights in relation to the personal information we hold about you, you can contact us at [email protected]. We will respond to user data requests as quickly as possible, with a maximum turn around time of 2 months. If you have any concerns, you have the right to lodge a complaint with a data protection supervisory authority.

● The Information Commissioner's Office (ICO) is the supervisory authority in the UK and can provide further information about our rights, an organisation's obligation in relation to your personal information, as well as deal with any complaints that you may have. You can visit their website at www.ico.org.uk.
● If you are outside the UK, you can find your local data protection authority here.

11. Updating this Privacy Notice

This Notice was last updated 20/07/2021

We may update this Notice from time to time, and will post any changes on this page.

If we make any substantive changes, we will notify you through email or website pop-ups within our Platform.

12. How can you contact us?

We would love to hear from you. If you have any questions or feedback, please get in touch at [email protected].

1. Cookie Notice

Our Sites use cookies and/or other similar technologies such as device-IDs, in-app codes, pixel tags and web beacons to collect and store certain information.

What are cookies?

These typically involve pieces of information or code that a website transfers to or accesses from your computer hard drive or mobile device to store and sometimes track information about you. Cookies and similar technologies enable you to be remembered when using that computer or device to interact with websites and online services and can be used to manage a range of features and content as well as storing searches and presenting personalised content.

How does or Platform use cookies?

Our Sites use cookies and similar technologies either alone or in combination with each other to create a unique device ID, and to distinguish you from other users of our Sites. This helps us to provide you with a good experience when you browse our Platform, and allows us to improve our Sites.

A number of cookies and similar technologies we use last only for the duration of your web or app session and expire when you close your browser or exit our Site or App. Others are used to remember you when you return to one of our Sites and will last for longer.

We use strictly necessary cookies if they are necessary for the performance of a contract with you, or because using them is in our legitimate interests (where we have considered that these are not overridden by your rights). We use all other cookies with your consent.

We use the following types of cookies:

Strictly necessary cookies

These are cookies that are required for the operation of our Sites and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Sites or (on other sites) use a shopping cart.

Cookie name
Expires
NONE
NA

Functionality cookies

These may be used to recognise you when you return to our Sites. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, choice of language or region).

Cookie name
Expires
Hollyhealth.io
NA

Analytical/performance cookies.

These allow us to recognise and count the number of visitors and to see how visitors move around our Sites when they are using them. This helps us improve the way our Sites work, for example, by ensuring that users are easily finding what they are looking for.

Cookie name
Expires
Hotjar
NA
Webflow.io
NA
Google Analytics
NA

Targeting/Advertising cookies.

These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information subject to your choices and preferences to make our Sites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose.

Cookie name
Expires
Doubleclick.net (Google Ads)
NA
Facebook.com
NA
Pinterest.com
NA
LinkedIn.com
NA

Social networking cookies.

These cookies help us manage our social media, including enabling you to share content and enabling us to understand how you interact with us. We will use this information subject to your choices and preferences to improve our Sites and Services. We may also share this information with third parties for this purpose.

Cookie name
Expires
Twitter.com
NA
Facebook.com
NA
LinkedIn.com
NA

We may also work with advertising networks that gather information about the content on our Site you visit and on information on other websites and services you visit. This may result in you seeing advertisements through our Site or our advertisements when you visit other websites and services of third parties. For more information about how to turn this feature off see below or visit http://www.youronlinechoices.co.uk.

Other cookies.

We also use the following cookies:

Cookie name
Expires
NONE
NA

Disabling cookies

The effect of disabling cookies depends on which cookies you disable but, in general, the website may not operate properly if all cookies are switched off.

If you want to disable cookies on our website, you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use.

Microsoft Internet Explorer
1. Select the Tools menu > Internet Options
2. Click on the Privacy tab
3. Click on Advanced within the Settings section and select the appropriate setting

Google Chrome
1. Select Settings > Advanced
2. Under Privacy and Security > Content settings.
3. Click Cookies and select the relevant options

Safari
1. Select Preferences > Privacy
2. Click on Remove all Website Data

Mozilla Firefox
1. Choose the Tools menu > Options
2. Click on the Privacy icon
3. Select the Cookie menu and select the relevant options

Opera 6.0 and further
1. Choose Files menu > Preferences
2. Select Privacy

We may also separately prompt you regarding our use of cookies on the Site.