by Jonda Health
Who we are
Data Ownership
Patient Voices
Partners
Blog
DowNload app

Privacy Policy

Welcome to Jonda! Jonda is a cloud-based service by Jonda Health Pte. Ltd. (“Jonda,” “we,” “us,” “our”) that helps you to store, manage, create and share your health information and medical records (collectively, the “Health Data”) securely using cryptographic end-to-end security.

Jonda enables individuals to maintain and share their Health Data as they choose via our app and other related technologies and services (collectively, the “Services”).  Please see Jonda’s Terms of Use for more details. For the purposes of this privacy policy (“Privacy Policy”), “you” and “your” means you as the user of the Services.

 

At Jonda, we are committed to protecting the privacy of your Health Data.

This Privacy Policy describes the information we collect about you and how we use and disclose it, as well as your options regarding certain uses of this information. We follow this Privacy Policy in accordance with applicable law in the places where we operate. In some cases, we may provide additional data privacy notices specific to certain features or services. Those notices are to be read in combination with this Privacy Policy, and in the event of any conflict or inconsistency between any such additional data privacy notice and this Privacy Policy, the terms in this Privacy Policy shall prevail.

Please note that our app may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our app or sites and to read the privacy policies of other sites that may collect your personal data.

If you have any questions or concerns about this Privacy Policy, please contact us at daniel@jonda.io.

1. How we secure your Health Data

Our commitment is to make privacy and security available to you to manage your Health Data. That’s why we use cryptographic end-to-end security to protect the Health Data you share, store and create on Jonda.

We encrypt all and every transmission containing personal data using, among others, Secure Socket Layer technology (SSL) and apply additional encryption on the Health Data uploaded and stored in protected storage folders (the “Encrypted Data”).

We never collect or store your Health Data, unique encryption keys (“Security Token”) and passwords in an unencrypted or invertible form. The Encrypted Data can only be decrypted by you, except when you authorise us or a third-party to exchange or share data. To the best of our knowledge, Jonda is unable to decrypt the Encrypted Data and accordingly, cannot access it, unless you authorise us to do so.

However, when creating your account and using the Services, you may also submit some non-encrypted data, including personal data (for more details, please refer to the section on “Account Information” below).

2. What information we collect

2.1. Where we refer to “personal data”, we mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, and any other data falling within the definitions of “personal data” or “personal information” in the applicable laws relating to privacy and data protection.

2.2. Account information. When you sign up for and use the Services, you may provide us with information about you for account creation and maintenance (“Account Information”). Such Account Information may include, as applicable and/or as required or permitted under applicable laws, items such as your name, profile photo, email address, address, date of birth, gender, race or ethnicity, device identifiers, IP address, password, location, payment information and other information pertaining to your transactions on the Services, and information about your medical providers. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary in order to use certain Services.

2.3. Profiles. If you decide you want to create multiple profiles under your Jonda account that may relate to other individuals, you may provide us with certain personal data of those individuals, such as their names, in order to fulfil your request for such profiles. You represent and warrant that any disclosure of another individual’s personal data by you to Jonda for the purpose of creating profiles under your Jonda account is within the scope of the consent validly given by that individual to you or which you may validly provide on behalf of that individual.

2.4. Your Health Data. Jonda provides a technology service that allows you to upload, store, create and share your Health Data securely. As part of the Service, you may choose to provide us with your Health Data as follows: (i) your health information and medical records typically by taking a photo, scanning or uploading a file; (ii) other information about your health, such as information about your medical condition(s), how you are feeling or pain management; and (iii) data from wearables or diagnostic equipment, among others. Jonda consolidates and encrypts such Health Data and converts them into encrypted structured standardized digital data. Jonda is unable to decrypt your Health Data as your Security Token is held by you on your compatible device. We are not responsible or liable for the completeness or accuracy of the information in your Health Data.  

2.5. Usage information. When you use the Services, we may automatically collect technical and navigational information relating to your interaction with and customer support for the Services, such as the language of device, device type, unique device type and identifiers, type of operating system, installed version, your interactions with our customer support (such as the date, time and reason for contacting us, transcripts of any chat conversations), and information related to the performance of the Services (such as crash logs, build analytics and other performance statistics generated when you use the Services) (collectively, “Usage Information”). With your permission where required, such Usage Information may be collected by us or our service providers, partners or advertising networks via the use of cookies and other technologies on the Services (for more details, please see the section on “Cookies and other tracking technologies” below).

2.6. Payment and billing information. When you pay a third-party for your subscription package for the Services (e.g. on an app store like the Apple App Store) your payment information is directly collected and controlled by that third-party. However, we receive invoice receipts from third-parties for your subscription purchase and these receipts are stored by us as we have to keep them for internal accounting and tax purposes and to comply with our legal obligation as per any applicable laws, audits, claims, legal proceedings and/or investigations.

2.7. Product interaction and feedback. We may collect responses to surveys that we invite you to complete, search queries within the Services, and transactions you make regarding the Services. We collect product interaction and feedback that you provide us through our Services to provide you with the Services, improve and enhance our Services, and conduct research and analytics.

2.8. Other information. We collect any other information you choose to include in communications with us, for example, when sending a message or submitting information through a webform.

3. How we use information

3.1. Jonda will use your information to create and manage your Jonda account, and may also use your information for any or all of the following purposes:

(a) To perform obligations in the course of or in connection with our provision of the Services to you;

(b) To help us create, develop, operate, deliver and improve the Services, and when necessary, for loss prevention and anti-fraud purposes, and account and network security purposes;

(c) To verify your identity;

(d) To send important notices regarding the Services, including software updates, changes to our terms, conditions and policies;

(e) To respond to, handle and process queries, requests, applications, complaints, and feedback from you;

(f) To manage your relationship with us;

(g) To process payment or credit transactions;

(h) To send marketing information about our products or Services, including notifying you of our marketing events, initiatives and promotions;

(i) To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

(j) Any other purposes for which you have provided the information; and

(k) Any other incidental business purposes related to or in connection with the above.

3.2. Jonda does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.

3.3. Jonda may access information about your use of the Services in order to create aggregate usage data for both internal use and, in some cases, public dissemination. Such statistics will not contain any personal data about you or any other Jonda users.

4. When we disclose information to third parties

4.1. We may disclose your personal data and / or Account Information (excluding any Encrypted Data):

(a) Where such disclosure is required for performing obligations in the course of or in connection with our provision of the Services to you;

(b) To third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 3.1 above for us;

(c) To our affiliates or otherwise within our corporate group for the purposes of providing the Services or with your consent where required by applicable law;

(d) To comply with valid legal processes including subpoenas, court orders or search warrants, and as otherwise authorised by law;

(e) To professional advisors, such as auditors, law firms and accounting firms;

(f) In connection with a bankruptcy, merger, acquisition or sale or other business transaction, involving all or a portion of our assets or business, and user information will also be transferred as part of or in connection with the transaction;

(g) To enforce any applicable terms of service; or

(h) When you request us to share certain information with third parties;

4.2. The purposes listed in clauses 3.1 and 4.1 above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.

4.3. When you make a decision to share your personal data outside of the Services or with a healthcare provider or other external party, the data practices under this Privacy Policy will no longer apply to the information held by that external party. We recommend that you review and determine whether you are comfortable with the external party’s privacy policy prior to sharing your personal data outside of the Services or with the external party.

4.4. It is worth noting that we will not disclose and we have no ability to disclose your Encrypted Data, unless you authorise us to access them and make the relevant disclosure.

5. Transfer of personal data to a foreign country

5.1. We store your information on our servers, and on the servers of the third-party service providers which we engage, which are located in Singapore, and we keep or transfer information to and from Singapore for storage and processing.

5.2. Aside from that mentioned in clause 5.1 above, we generally do not transfer your personal data to countries outside of your country of residence. However, if we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the applicable laws relating to privacy and data protection.

6. Your controls and choices

6.1. We provide you the ability to exercise certain controls and choices regarding our collection, use and disclosure of your personal data. In accordance with applicable law, your controls and choices may include:

6.1.1. Access to and correction of personal data. If you wish to (i) access the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (ii) correct or update any of your personal data which we hold about you, you can access the personal data we hold about you by logging into your account. If you believe we hold any other personal data about you, you may submit your access or correction request via email to our data protection officer at the email address provided below. In case you have made your subscription via an app store, then you may have to request for access to or correction of your subscription / personal data on the relevant app store platform as per their applicable processes. For the avoidance of doubt, please note that we do not have access to your Encrypted Data, unless you have authorised us to access the same.

6.1.2. Data portability. In some jurisdictions, the applicable law may entitle you to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). You can issue such a request by contacting us using the information below. In case you have made your subscription via an app store, then you may have to request for access to your subscription / personal data or portability of your subscription / personal data on the relevant app store platform as per their applicable processes.

6.1.3. Withdrawal of consent. For data that we collect and process based on consent obtained from you, you may withdraw your consent at any time, by selecting preferences available on our app, on your device, or by contacting us using the information below. We shall review your request and may ask you to verify your identity. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Services to you. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

6.1.4. Data erasure. In certain jurisdictions where you have the legal right to request for the erasure of your personal data, you can request that we erase your information and close your Jonda account by contacting us using the information below. The erasure of your information will result in your subscription being terminated without any refunds. In case you have made your subscription via an app store, then you will have to unsubscribe yourself from the relevant app store platform and / or request for the erasure of your personal / subscription data on the relevant platform as per their applicable processes. Please note that if you request for the erasure of your personal information, we may retain some of your personal information as necessary for our legitimate business purpose, such as fraud detection and prevention and enhancing safety, or to the extent necessary to comply with our legal obligations.

6.1.5. Objection to processing. In certain jurisdictions where you have the legal right to object to the use of your personal data with respect to certain types of processing, you may object by changing your preferences, or disabling cookies and other tracking technologies. If you wish for us to cease or restrict processing of your personal data then, unless the Services allow you to select available preferences, you should cease to use the Services. In case you have made your subscription via an app store, you may have to object to the processing of your subscription / personal data on the relevant app store platform as per their applicable processes.

6.2. We may need to collect and process personal data by law, or under the terms of a contract we have with you. If you choose not to give us this personal data or if you wish for us to cease or restrict processing of such personal data, it may delay or prevent us from providing the Services to you or providing you with further access to your Jonda account.

7. Integrity and retention of information

7.1. You must keep your Account Information accurate, complete and up-to-date.

7.2. Jonda will retain personal data about you as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and it is no longer necessary for legal or business purposes.

8. Cookies and other tracking technologies

8.1. A cookie is a small text file that can be stored on and accessed from your device when you use the Services, to the extent you agree. Other tracking technologies work similarly to cookies and place small data files on your devices or monitor your website activity to enable us to collect information about how you use the Services. The information provided below about cookies also applies to these other tracking technologies.

8.2. We and our service providers may use cookies and other technologies to store information in your web browser or on your devices that allow us to store and receive certain pieces of information whenever you use or interact with the Services. Such cookies and other technologies help us to identify and learn more about our users and their likely interests, and to deliver and tailor marketing or advertising. We may also use cookies and other tracking technologies to control access to certain content on the Services, protect the Services, and to process any requests that you make to us.

8.3. Most websites, mobile devices and apps automatically accept cookies but, if you prefer, you can change your browser, device or app settings to prevent that or to notify you each time a cookie is set. Please note however, that by deleting or disabling cookies used on our Services or website, you may not be able to take full advantage of our Services or website.

9. Children’s privacy

9.1. We do not knowingly permit any person who is under 16 years of age to register for an account. If we become aware that any person less than 16 years of age has been registered for an account, then we will take the appropriate steps to delete the relevant account and any information provided with respect to that account.

9.2. If you are above the age of 16, you will be able to create multiple profiles under your Jonda account, which may include profiles for individuals under the age of 16. Where you create a profile for an individual under the age of 16, you represent and warrant that you may validly act on behalf of that individual for the registration, creation and management of that individual’s profile, as well as for the collection, use or disclosure of that individual’s personal data.

10. Jurisdiction-specific provisions

10.1. European Union

10.1.1. If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

10.1.2. For the purpose of applicable data protection laws, we are the data controller.

10.1.3. Your information will be processed on the basis of the following legal bases:

Purpose Categories of data Legal basis (Article 6) Legal basis (Article 9)
To keep you posted on available products, Services, software updates, and upcoming events. You can opt out of these communications in the manner designated in the specific communication or within your account. Account Information Consent Explicit consent
To help us create, develop, operate, deliver and improve our products and Services. Account Information Consent Explicit consent
For loss prevention and anti-fraud purposes and account and network security purposes. Account Information Our legitimate interests in maintaining the security and integrity of our systems and networks. N/A
To send important notices regarding Jonda products and Services, including changes to our terms, conditions, and policies. Account Information Our legitimate interests in keeping you up to date regarding the Services. N/A

10.1.4. Your rights. If you are located in the EEA or the UK, you have certain rights in relation to personal information about you:

(a) Access: You have the right to access information we hold about you, how we use it, and who we share it with.

(b) Portability: You have the right to receive a copy of the information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.

(c) Correction: You have the right to correct any personal information about you we hold that is inaccurate.

(d) Erasure: In certain circumstances, you have the right to delete the information we hold about you.

(e) Restriction of processing to storage only: You have the right to require us to stop processing the information we hold about you, other than for storage purposes, in certain circumstances.

(f) Objection: You have the right to object to our processing of personal information about you.

(g) Objection to marketing: You can object to marketing at any time by opting-out using the unsubscribe / opt-out function displayed in our communications to you.

(h) Withdrawal of consent: You have the right to withdraw your consent at any time.

10.1.5. Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law.

10.1.6. To exercise any of these rights, you can contact us using the information provided below. We will respond to requests to exercise these rights without undue delay and we will use reasonable efforts to respond within one month of receipt of the relevant request (though this may be extended by a further two months in certain circumstances).

10.1.7. Storage and transfer of personal information about you. The information that we collect from you may be transferred to and stored at/processed in countries outside the EEA and UK. Your information may also be processed by staff operating outside the EEA and the UK who work for us or one of our third-party service providers or partners. We will take all steps reasonably necessary to ensure that personal information about you is treated securely and in accordance with this Privacy Policy. For any transfers of data outside the EEA or the UK, the data transfer will be on the basis of your explicit consent.

10.1.8. Retention of personal information. We will retain personal information about you as follows:

(a) Where you have authorised us to access and share or exchange your Health Data, we will retain your Health Data for as long as you keep your account open or as needed to provide you with the relevant Services;

(b) Your Account Information for as long as you keep your account open or as needed to provide you with our Services;

(c) If you contact us, we will keep your data for as long as you keep your account open or as needed to provide you with our Services;

(d) Your Usage Information for as long as you keep your account open and as long as it is needed to provide our Services and usage metrics; and

(e) We will also retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies.

10.2. If you live in another part of the world not specifically mentioned here, please contact our data protection officer using the information provided below.

11. Changes to this policy

11.1. This Privacy Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.

11.2. We reserve the right to make changes to the terms of this Privacy Policy from time to time. We will give you advance notice of any materials changes (except those that may need to be made immediately in order to comply with law or to deal with an urgent situation that threatens the security of information held by Jonda or severely impacts the functionality of the Services), and obtain your consent to the changes where required by law. You may also determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy. Your continued use of the Services after any updates constitutes your acknowledgement and acceptance of those changes.

12. Contact us

12.1. If you have questions or feedback related to our Privacy Policy or our privacy or security practices, or if you would like to exercise any of your rights outlined in this Privacy Policy, please email our data protection officer at daniel@jonda.io.

Your Health. Your Data.
Managed Securely Your Way.

by
Security
Data Ownership
Privacy Policy
Terms of Use