Skip to main content

Zevo Health Privacy Policy

Effective Date: Nov 06th, 2024

Your privacy is very important to us. Before we get to the details, check out our Privacy Label to see a summary of our privacy practices.

Privacy label

Collection and Sale of Data

Do we sell your personal information? No
Do we share your data with third-party API partners? No
Do we share aggregate information with employers? Yes  (In line with the relevant legislation for your geographic region.)
Do we use sensitive categories of data, like health information? Yes, but only with your explicit consent.
Do we delete your data when you request account deletion? Yes
Do we retain your data for as long as we need it unless you request deletion? Yes

Privacy Tools and Controls

Can you control who sees your activity and content? Yes
Can you control who sees your location-based activity? Yes
Can you request the download and deletion of your data? Yes

Tracking

Do we track your device location to provide Zevo Services to you? No
Do we track your device location while you are not using the app? No
Do we use cookies? Yes
Do we track your browsing activities on other sites? No
Do we listen to you using your device’s microphone? No

Communication

Do we give you advance notice when we make important changes to our Privacy Policy? Yes
Do we send you marketing communications with opt-out? Yes, once you have opted in.
Do we use push notifications with opt-out? Yes

For further information on how we process your information, please use the links below to jump to the listed section:

  1. Introduction
  2. Information Zevo Collects
  3. Disclosure and additional uses of your information
  4. Data Transfers
  5. Security
  6. Retention of Information
  7. Control Over Your Information
  8. Updates to Our Privacy Notice

Privacy Policy

Introduction

Our privacy policy (the “Privacy Policy”) explains the information we collect, how we use and share it, how to manage your privacy controls, and your rights in connection with our websites and the related applications and services (collectively, the “Services”). Please also read our Terms of Service which sets out the terms governing the Services.

Zevo Health (Zevo), headquartered in Dublin, Ireland, provides services to you through The Healthiest Workplace. For users of our mobile or desktop platform (the “Platform”), Zevo and/or its subsidiaries have an agreement with your employer to offer services or grant access to the application (the “Employer Agreement”). Your employer will be the controller of your personal data entered into the application, with the exception of data collected and recorded following counseling sessions, for which Zevo Health acts as the controller. Your employer will not have access to counseling-related data on the platform. They may only designate names and email addresses of employees who will have access to the application. Zevo Health processes all personal data lawfully, in accordance with the legislation relevant to your location. The information you provide to or upload onto the platform (whether personal data or not) is governed by the Employer Agreement. References to “your employer” refer to the entity that has entered into the Employer Agreement with us, regardless of whether you are legally considered an employee, consultant, or contractor of that entity.

In the case of Marketing Contacts, we are the data controller in respect of your personal data. We are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.

This policy was written in English. To the extent a translated version conflicts with the English version, the English version should take precedence. Unless indicated otherwise, this Privacy Policy does not apply to third-party products or services or the practices of companies that we do not own or control, including other companies you might interact with on or through the Services.

Questions or comments about this Privacy Policy may be submitted by mail to the address below or via email.

Zevo Health
Block C, Ardilaun Court,
112-114 St Stephen’s Green,
Dublin 2, D02 TD28
Ireland
dpo@zevohealth.com

 

Information Zevo Collects

Zevo collects information about you, including information that directly or indirectly identifies you, if you or your other users choose to share it with Zevo. We receive information in a few different ways through the use of our  Services. Zevo also collects information about how you use the Services. These are outlined below.

Account and Profile Information

We collect basic account information, including your name, email address, date of birth, gender, username, and password, to secure and provide you with access to our Services. When you choose to upload a profile picture, additional personal information is collected. We use profile contact information to respond to your support requests and comments. Additionally, we collect and store your consent regarding emergency disclosure of next-of-kin information, which would only be accessed and shared with your permission in an emergency situation.

Usage Information

When you use the Platform, we will keep a record of the details of that usage, including the date, time, location, frequency, and duration of the usage. We gather information from the surveys, photos, posts, comments, likes, ratings, reviews, and other content you share on the Services, including when you participate in groups or challenges. Other information about your use of the Platform, including the screens you have viewed, the duration spent on the Platform, and data you have uploaded to the Platform. We are not responsible for the information you choose to make public in any of the community networking features available on or through the Service.

Connected Devices and 3rd parties (Applicable to app customers only)

If you link your Zevo account to other ‘fitness trackers’ and share your activities, they will be viewable on such third-party platforms, including your location information. You should use caution when sharing information via third parties and you should carefully review the privacy practices of such third parties. We may receive or collect information about you from third parties and combine and store it on our servers with other information we may have already received or collected from you. These third-party ‘trackers’ include Garmin,  Apple, Strava, FitBit, and Google. This information will be used by Zevo solely for displaying your own personal dashboard and challenge leader board standings and is limited to steps, distance, and calories. Zevo will never share any data with one of these 3rd party processors.

3rd party trackers collect exercise information from devices and apps you connect to them. For example, you may connect your Garmin watch to Garmin Connect, and information from these devices and apps will be passed along to Zevo. Zevo is not responsible for and will assume no liability, if a business partner or other entity collects, uses, or shares any information about you in violation of its own privacy policy or any applicable laws, rules, or regulations.

We will also store any exercises you manually record or challenges you take place in. However, we will not at any time record location information with the exception of when you record an exercise session through the application.

From time to time we will work with vetted 3rd party service providers. Please remember that your browsing and interaction on any third-party website, service or application, including those that have a link or advertisement on our site, are subject to that third party’s own rules, policies, and practices, and not our privacy policy.

Online or Onsite Counseling Services

When an employee or individual signs up for therapy sessions with Zevo Health, we’ll need some basic information about them, such as their name and contact details, so that we can set up their sessions. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interests.

During therapy, we’ll also be keeping notes on anything they tell us about their mental health, their reasons for booking therapy and their history with therapy, which only the wllbeing specilists assigned can view. We’ll only keep information that they willingly share with our wellbeing specilists and that is relevant to their therapy, and rely on Article 9(2)(a) of the GDPR – Explicit Consent – to do this.

After therapy sessions, we keep anonymous records of attendance, usage details, and clinical outcomes to help improve our service, and to allow us objectively measure service effectiveness. The legal basis we rely on for this is Article 6(1)(f) of the GDPR – Legitimate Interests.

Online Sessions will be conducted via the online platforms Zoom, Google Hangouts or Whereby. You will need to access these facilities on your computer or phone which is free to download and set up a user name. Conversations are encrypted. Details of third-party providers are set out in the section below entitled “Disclosure and additional uses of your information”.

Workshop and Training

In relation to workshops or trainings which your employer has provided to you Zevo Health may send an optional post session feedback survey. These may be analyed and summarised for your employer. No personal information is requested and device identifiers are removed.

Health Information

Zevo may collect or infer health information. Certain health information may be inferred from sources such as calories burned or other measurements, including height, age, and weight or other indicators. Before you can upload health information to Zevo, you must give your explicit consent to the processing of that health information by Zevo by accepting our Privacy Policy. You can withdraw your consent to Zevo processing your health information at any time.

Payment Information

After you place an order on our website you will need to make payment for the Services you have ordered. In order to process your payment, we use Stripe, a third-party payment processor. Your payment will be processed by Stripe, which collects, uses,s and processes your information, including payment information, in accordance with their privacy policies. You can access their privacy policy via the following link: https://stripe.com/ie/privacy

Stripe’s services in Europe are provided by a Stripe affiliate—Stripe Payments Europe Limited (“Stripe Payments Europe”)—an entity located in Ireland. In providing Stripe Services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the US. For further information about the safeguards used when your information is transferred outside the European Economic Area, see the section of this privacy policy below entitled Transfers of your information outside the European Economic Area.

Technical Information and Log Files

We track visits to our website and applications and use visitor logs to compile anonymous aggregate statistics, (e.g., information such as your web requests, browser type, browser language, domain names, IP address, referring and exit pages, URLs, platform type, pages viewed and the paths you took on our website). We use this information to analyze trends, improve our design, and otherwise enhance our website and applications.

We may use cookies, both session, and persistent cookies, or HTML email correspondence to anonymously track visitors, save preferences or allow us to recognize visits from the same computer and browser. You have the option to disable cookies in your browser and still use our Platform, although your access to the site may be limited.

We work closely with third parties (including, for example, business partners, other companies within our group, subcontractors, and analytics providers) and may receive information about you from them.  Details of third-party providers are set out in the section below entitled “Disclosure and additional uses of your information”.

Employers

If you are a client user (using the Platform as a representative of your employer), we may obtain further information about you from your employer, for example, to verify your eligibility to access and use the Platform; Any comments, opinions, and/or feedback you provide to us regarding the Platform. During any trial period that you may participate in or thereafter, your employer will be asked to show that consent has been given for the sharing of your information. This information may include your name, age, company email address, company telephone number, job title, level of seniority, department, and primary office location; otherwise in the course of your employer’s use of the Applications.

Marketing Contacts

For Marketing Contacts, we will collect and process personal data that you provide us when you complete an inquiry via a website or register for a trial or otherwise contact us to request information about our products and services.  We will typically obtain contact information such as your name, employer, email address, and work telephone number.  We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history, and similar work-related background, from third-party service providers who provide contact enrichment and lead generation services to us. We shall also store and process data relating to your communications with us and your responses to our marketing emails and attendance at our events.

Disclosure and additional uses of your information

Using the information, we collect, we can deliver the service to you and honor the terms of the contract with you or your employer. For example, we need to use your information to provide you with a dashboard for tracking your exercise, activity, and other trends; to enable the community features of the services, and to give you customer support.

Zevo uses the information we collect and receive to operate the Services and to customize them for you. We also use the information we collect to process payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and communicate with you (including to send marketing and push communications) where you have not opted out of receiving such messages and notifications. Zevo may notify you about changes to the Applications and any other services of ours that you use, including informing you about new versions of the Applications and about new features, functionality, and service offerings.

We also use the information we collect to analyze, develop and improve the Services. To do this, Zevo may use third-party analytics providers to gain insights into how our Services are used and to help us improve the Services. Zevo may contact you for your feedback on our Services and help us evaluate and improve our Services, for example by acting on any information you have provided to us.

In relation to the Applications, features & functionality Zevo decides the means and purposes of the processing. However, in terms of the interface with you as an employee, your employer may make decisions about data collection and processing depending on the terms of use agreed within the relevant contracts they have with both Zevo and yourself. This does not result in any personal data being shared with your employer.

Please note that Zevo will not undertake any anonymized analysis via the application by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, wellbeing data, sex life or sexual orientation) unless this has been expressly requested or configured by your employer. Where this is the case, it is your employer’s responsibility to ensure they have obtained your explicit consent to such processing.

Your activities and activity data associated with your account are not disclosed by default. As an app user you may decide to allow others to view your summary activity data by joining an individual or team. When you interact with others in these ways, you will be displaying your data relating to the challenge or leader board (e.g., aggregate number of steps during the duration of a steps Leader board or Challenge). You can also join groups and make connections with other users. Other users will know that you are a member of that group and will see the information you share within the group.

If you are an Application user, please note that usage and activity logs provided by you during your use of the application may be collated and conveyed to your employer in an aggregated or otherwise anonymized form.  As such, your anonymity as an application user is protected by default. Please also note that we merely report the usage and activity and do not undertake any investigation or assessment into their veracity or legality. Feedback and comments provided by you during surveys are collated and conveyed to your employer in an aggregated or otherwise anonymized form. As such, your anonymity as a Survey Recipient is protected by default. Please also note that we merely report the feedback and comments and do not undertake any investigation or assessment into their veracity or legality.

From time to time we may receive a request from your employer to disclose your identity or we may consider it appropriate to disclose your identity in the absence of such a request.  We will consider this in accordance with our internal policy on revealing anonymity.  Your identity will in general only be disclosed to your employer where it is necessary to do so for reasons of substantial public interest or risk to the individual.  This is only likely to occur in exceptional circumstances.

Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.

Aggregate Information

Please note that we will not reveal your identity to an employer other than in exceptional circumstances, as explained further below in the section entitled “Categories of Recipients of Personal Data”. If agreed as part of the Employer Agreement with Zevo Health, data collected from you and other employees may be used by us in an aggregated and anonymized form for statistical and benchmarking purposes including enabling comparisons to other organizations within the same industry.

  • To facilitate the creation of and secure your account on the service.
  • To carry out our obligations arising from the Employer Agreement, Zevo may aggregate the information you and others make available in connection with the service and share it with your employer. To do this, we remove certain account information, such as your name, and combine the resulting information with similar information from other users. This includes providing your employer with reports and analysis summarising information’s provided during your use of the Application, including challenge results.
  • Use the information we collect to analyze, develop and improve the Services.
  • Use third-party analytics providers to gain insights into how our services are used and to help us improve the services.
  • Use during troubleshooting, data analysis, testing, research, statistical, and survey purposes.
  • Use as part of our efforts to keep the Application safe and secure.

Third-Party Business via API or Other Integrations

Third-party data is the information we receive from other sources. We may combine information from other sources with the information you give to us or we collect about you and use this information as specified above. You can choose to sync your activity data with Zevo. If you choose to synch activity data (such as steps, distance, etc.) from your device, you choose to participate in ‘Insights’ and you will be presented with an Insights section in your application in which you will be provided with recommendations and motivational messages, information and links to articles that may be of interest to you based upon your activity data, and a comparison of your activity data with aggregated activity data of others in the community. Should you choose to do this you the legal basis is your explicit consent, it can be removed at any time through your account. We may also engage third-party service providers to work with us to administer and provide the services. These third-party services providers have access to your personal information only for the purpose of performing services on our behalf. The types of service providers (processors) to whom we entrust personal information include service providers for (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) customer service activities; and (iv) in connection with the provision of the application. Zevo has executed appropriate agreements with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.

  • Digital Ocean provides cloud-hosted infrastructure and services used by us to operate the Applications. https://www.digitalocean.com/legal/privacy-policy/
  • Google Analytics provides Web-based Analytics services to help improve our products and services. https://policies.google.com/privacy
  • Zendesk provides the platform for customer support and case management.  https://www.zendesk.com/company/agreements-and-terms/privacy-policy/
  • SendGrid provides product tools and functionality used by us for email delivery. Note Twilio is the parent company https://www.twilio.com/legal/privacy
  • Hubspot provides marketing and CRM management and delivery services.  https://legal.hubspot.com/privacy-policy
  • Qualtrics provides survey management tools. https://www.qualtrics.com/privacy-statement/
  • Stripe provides payment processing and invoicing. https://stripe.com/ie/privacy
  • Zoom provides online video conferencing services. https://zoom.us/privacy
  • Google Hangouts provides online video conferencing services. https://policies.google.com/privacy
  • Whereby provides online video conferencing services. https://whereby.com/information/tos/privacy-policy/

We require all our third-party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

Legal

We cooperate with government and law enforcement officials and/or private parties to enforce and comply with the law. We may access, preserve, and disclose any information about you to the government or law enforcement officials or private parties as we, in our sole discretion, believe necessary, proportionate, or appropriate:

  • To respond to claims or legal processes and comply with law enforcement or security requests (including subpoenas, warrants, or court orders);
  • To protect your, our, or other’s property, rights and safety and the rights, property, and safety of a third party or the public in general;
  • To prevent or stop any activity we consider illegal, unethical, or legally actionable activity;
  • When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity;
  • If we, in good faith, believe that disclosure is otherwise necessary or advisable.

In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies or accredited third-party security firms in order that they may identify users in connection with their investigation of unauthorized activities.

 Data Transfers

For personal data subject to the GDPR, we rely on several legal bases for processing. When you have given explicit consent, which you may withdraw at any time using your account settings and other available tools, we process your data accordingly. Additionally, we process your personal data where necessary to perform our contractual obligations under the Employer Agreement, improve or optimize our services, maintain the security of our computer systems, understand usage patterns of our applications or other services, enhance the user experience, protect and defend our legal rights, and for purposes such as troubleshooting, data analysis, testing, and research.

We do not transfer any personal data outside of the EEA without appropriate safeguards. However, some third parties providing services to Zevo may process data outside the EEA (e.g., for storage). These third parties are listed in the ‘Third-Party Business via API or Other Integrations’ section of this policy. All such transfers are governed by data protection mechanisms in compliance with GDPR, such as Standard Contractual Clauses, and only reputable third parties with enforceable data subject rights and effective legal remedies are engaged.

If there are any changes to these practices, we will update this Privacy Notice accordingly. For further information about these safeguards, please contact the Zevo Data Protection Officer (DPO) via email at dpo@zevohealth.com.

Security

You will require a username and two-factor authentication (2FA) to access the Application. You must not share these details with anyone or store them in a way that may allow a third party to access them. You may also be asked to enter a company code and verify a valid company email.

We use a combination of technical, administrative, and physical controls to maintain the security of your data, including Transport Layer Security (“TLS”) to encrypt many of our Services. However, internet data transmission is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee its security during transmission, and you acknowledge that any transmission is at your own risk.

Once we receive your information, we apply strict procedures and security measures, including two-factor authentication and end-to-end encryption, appropriate to the type of personal data you provide, to help prevent unauthorized access or inadvertent disclosure.

When you purchase a service from us, we collect payment information, such as your credit or debit card details and other account and authentication information. All credit card information you provide is collected and processed directly by our payment processor, currently Stripe. We never receive or store your credit card information on our servers. Stripe is committed to compliance with the Payment Card Industry Data Security Standard (PCI-DSS). You can view the Stripe Privacy Policy here: [https://stripe.com/us/checkout/legal](https://stripe.com/us/checkout/legal).

Retention of Information

We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until your account is deleted. In addition, you can delete some items of information (e.g., profile information) and you can remove individual activities from view on the Services without deleting your account. For example, where you withdraw your consent to Zevo Health processing your health-related information, Zevo will delete all health-related information you uploaded. Following the deletion of your account, it may take up to 90 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information where deletion requests are made to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms oF service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Information connected to you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights that are valuable to Zeevo, such as statistics of the use of the Services. For example, we may retain depersonalized information to continue to improve the Services. This information will be de-associated with your name and other identifiers.

All counseling records will be maintained as required by the applicable legal and ethical standards according to the various counseling and psychotherapy professions licensing boards (e.g. The Irish Association of Counselling and Psychotherapy), of the country of operation. Recording of sessions is prohibited.  

Control Over Your Information

You have the following rights with regard to your personal information:

  • Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organization where this is technically feasible using our data processing systems. Please include your name, email, and a clear description of your request.
  • Access. You have the right to access information about the personal data we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • Right to object to processing.  You have the right to object to the processing of your personal data where that processing is being undertaken by us based on our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. As outlined, we do not use your data for direct marketing. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
  • Rectification. You have the right to request that we rectify any inaccurate personal data that we hold about you.
  • Erasure.  You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above).  Please include your full name, the email address associated with your account, and a detailed description of your data request. Such requests will be processed in line with local laws.
  • Your erasure right does not extend to information that is not personal data. Please also note that it is likely to be necessary for us to retain your personal data for the purposes of assessing and verifying data that is submitted and/or held on the Application, and your rights under applicable law to request erasure may be limited accordingly. We also reserve the right to retain your personal data in an anonymized form for statistical and benchmarking purposes.
  • Request to restriction of the processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example, if you want us to establish its accuracy or the reason for processing it.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact your employer directly if you would like to exercise any of these rights. It is your employer’s obligation to inform Zevo via dpo@zevohealth.com.

Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Application or other service, you will no longer be able to use the Application or other service following the date on which we action your request.  Please allow at least 5 working days for your request to be actioned, once Zevo is informed by your employer of the request.

If for any reason you are not happy with the way that we have handled your personal data, you also have the right to make a complaint to the relevant supervisory authority in your country.  In Ireland, the relevant authority is the Data Protection Commission.

Updates to Our Privacy Notice

This Privacy Policy may be updated periodically. Significant changes will be communicated to you, and the updated Policy will be posted on our website. If you disagree with any changes, you may stop using the Services and delete your account.

For further questions, please contact: Zevo Health DPO
Block C, Ardilaun Court
112-114 St Stephen’s Green
Dublin 2, D02 TD28
Ireland
dpo@zevohealth.com