Protecting your Privacy

Last modified: August 22, 2019

Introduction

1.1 Healthblock Inc. and Healthblock Hong Kong Limited (Healthblock, the Company, we, us, or our) prioritizes the privacy of its customers and treats all personal and private data provided to us as confidential. Healthblock pledges to comply with the requirements of the Personal Data (Privacy) Ordinance of Hong Kong (the Ordinance) and, where practicable as a matter of best practice, internationally recognised standards of Personal Data privacy protections.

1.2 The Healthblock technology platform and related software tools such as the Blockdoc App and the whole of our Service (as defined in the Terms of Use) are engineered to minimize collection of information about you. We further provide you with access to software functions that allow you to wipe information from our servers. For example, you can access the 'Wipe Account' function on the mobile app's 'Account' page.

1.3 When Healthblock collects Personal Data, Healthblock will provide you with a Personal Information Collection Statement (PICS) on or before the collection in an appropriate format and manner (e.g. in the same paper form or web page that collects the personal data or in the Terms of Use).

The Application of This Policy

2.1 The term Personal Data in this Policy refers to personal data which is capable of identifying you as an individual, as defined in the Ordinance. This Privacy Policy (Policy) applies to all Personal Data and information regarding any user of our Services (as defined in the Terms of Use).

2.2 This Policy gives effect to Healthblock's commitment to protect customers' personal information and has been adopted by Healthblock. Nothing in this Policy shall limit your rights under the Ordinance.

Collection and Use of Personal Information

3.1 Prior to Healthblock collecting Personal Data, you will be asked to voluntarily supply information Healthblock needs to provide the Services requested. Personal Data may be collected, used, disclosed and retained to: Provide the Services listed in the Terms of Use to you; Improve our security and, correspondingly, the security of your Personal Data; Respond to your requests for information and services; Comply with any law, legal or regulatory requirement; or Comply with any governmental, judicial or administrative direction or order.

Types of Personal Data We Collect and/or Process

4.1 The types of Personal Data that Healthblock processes include, if you have provided them to Healthblock: an electronic address (the 'Device Token') and the language setting of your phone, if you have elected to receive notifications from us; Health Information (as defined in the Terms of Use) such as genetic sequencing results; and if you request us to share information with your doctor, you will need to provide us with your name and your doctor's name and address, otherwise we will not know where to send the information and your doctor will not know for which patient the information is for.

4.2 In respect of the Health Information, we will only use it for the purpose listed in Clause 3.1 in accordance with accordance with Clause 5.4 below.

Disclosures and Transfer of Your Personal Information

5.1 In providing services to you, it may be necessary for Healthblock to disclose, transfer, use, process and store your Personal Data to/at our offices, affiliates, operations and business partners. Healthblock may share your Personal Data with: companies which are in the same group of companies as Healthblock, such as subsidiaries, parent companies and other affiliates; and third parties that Healthblock uses to deliver its services and the website, as well as help Healthblock run its business.

5.2 Healthblock only discloses, transfers, use, process and store your Health Information with regard to: our Partners and the Providers (as these terms are defined in the Terms of Use), as we will need to collect the Health Information to the extent that you have provided your Health Information to them; and third parties where you have specifically authorised us to do so. For example, we may provide you with an option to allow you authorise us to share your Results (as defined in the Terms of Use) and Health Information to a registered medical practitioner of your choice. In such a case we would share your results and Health Information with that registered medical practitioner. You are responsible for all possible consequences resulting from your sharing (or authorising us to share) with others access to your Results and Health Information.

5.3 In accordance with the Ordinance, Healthblock takes steps to ensure any and all of the aforementioned third parties protect the Personal Data entrusted to it and use Personal Data for purposes only as specified by Healthblock. This includes ensuring that such third parties are bound by contractual duty to keep confidential any Personal Data they come into contact with against unauthorised access, use and retention, and to only use the Personal Data for authorised purposes.

5.4 Healthblock reserves the right to disclose any Personal Data and information Healthblock holds on you if Healthblock: is compelled to do so by a court of law; is requested to do so by a governmental entity; and/or determines it is necessary or desirable to comply with the law.

5.5 Healthblock also reserves the right to retain information collected and to process such information to comply with accounting and tax rules and regulations, as well as, for safety and security assessments as Healthblock may deem necessary.

5.6 Healthblock may share aggregated and anonymised demographic information with business partners, affiliates or other entities. This aggregate and anonymised information is not linked or traceable to any personally identifiable information about you.

5.7 For the purpose of providing the Services to you, we may transfer your name and contact details outside AWS Asia Pacific (Hong Kong) to additional servers and infrastructure in the United States. Although we believe the data protection laws for that region are substantially similar to, or serves the same purposes as, the Ordinance, you nevertheless consent to the transfer of your Personal Data to AWS servers in US East (N. Virginia), United States.

ENSURING SECURITY OF PERSONAL DATA

6.1 Healthblock retains Personal Data collected for as long as it may be necessary to fulfil the purpose (including any directly related purpose) which the information was initially collected for.

6.2 To maintain the accuracy of your Personal Data, as well as preventing unauthorised access to and ensuring the correct use of your Personal Data, Healthblock carries out appropriate physical, technical and administrative protective measures to control and safeguard the collection, access and disposal of the Personal Data Healthblock collects. These measures are subject to ongoing review and monitoring. In particular, we use industry-standard security (e.g. to provide end-to-end encryption) and also advanced techniques such as secure multiparty computation to protect your Health Information and your Results, both when they are transferred from our Partners to us and when we transfer them to you. Your Health Information and your Results also remain encrypted with industry-standard security when they are at rest with us. This encryption is designed to ensure that neither we nor third parties have access to your Results; subject to Clause 5.4 above, you alone decide with whom you share your Results.

6.2.2 We impose access controls to our physical premises. Access is limited to authorised personnel, based on their job functions and roles. Our access control measures include multi-factor authentication.

6.2.3 We require all of our employees to complete security and privacy training on a regular basis.

6.2.4 If you use our in-app customer support function, we will identify you through a random number so that we can respond to your questions without requiring you to disclose your identity.

Links to Third Party Sites

7.1 We may provide links that will direct users to third party operated sites or content that are not owned or managed by Healthblock. Personal Data submitted to or obtained by third parties will not be under the protection of this Policy. Healthblock shall not be responsible for any loss, misuse or alteration of Personal Data arising from access of any third party operated sites.

How to Access or Correct Your Personal Information

8.1 You are entitled to access, correct, or delete any Personal Data relating to your profile held on our database. You may access or delete your Personal Data via the appropriate options in the user interface.

8.2 If you wish to submit a request for correction of your Personal Data, or in the event that the user interface does not provide the options you require in relation to your Personal Data, please submit any such requests in writing and addressed to our Privacy Compliance Officer at [email protected].

8.3 When submitting your request, please provide contact information and the User ID (located at the 'Account' page of the app) so Healthblock can attend to your enquiry.

Cookies

9.1 Some of Healthblock's webpages may use 'cookies' to enhance customers' experience on our website. Cookies are small pieces of information transmitted from our web server and automatically stored on your computer's browser to record your preferences. Cookies, by themselves, do not disclose personally-identifiable information unless you choose to provide such information to us.

9.2 Healthblock also uses cookies to understand site usage for our own research purposes. Most web browsers automatically accept cookies. You may choose not to accept cookies by changing your browser settings to block them, but if you do so you may find that certain features on the Healthblock website will not work properly.

Miscellaneous

10.1 This Policy may be modified from time to time. Any changes to this Policy will become effective upon posting of the revised Policy on the Healthblock website at www.blockdoc.com. Healthblock will also endeavour to notify you of any modifications to this Policy by directly notifying you via email or other methods of communication.

10.2 This policy is governed by and shall be construed in accordance with the laws of Hong Kong Special Administrative Region.

10.3 This Policy is written in the English language and may be translated into other languages. In the event of any inconsistency, the English version shall prevail.

Back Top