Privacy Policy

(Compliant with UK Data Protection Laws & the General Data Protection Regulation (EU) 2016/679)


Date: 15 January 2025

 
Controller Details

Havu Health Coaching Ltd (the "Controller") provides Havu Health services. The Controller's registered address is: Havu Health Coaching Ltd, Inkeroistentie 3A, 00950 Helsinki, Finland.
Email: info(at)havuhealth.com

 

Data Processed and Data Sources

We may process the following types of personal data, including health and wellness-related data, collected during surveys or other communications: physical and mental symptoms, fatigue, energy levels, resilience, exercise habits, dietary habits, relationship habits, environment and nature relations, sleep habits, personality traits, body composition, weight, and body functioning.

Data that may be processed on our digital platforms (Havu Health website, Havu Health online store, Havu Health app, and communications between clients and Havu Health coaches): client’s name, ID (pseudonymous), email address, and other contact information, purchase data, billing details, feedback provided in surveys, communications between clients, coaches, and the platform administrators, newsletter subscriptions, digital service usage analytics.

Sources of data: All personal data is obtained directly from the data subject (except communication between the data subject and the wellness coaches).

The processing of personal data and obtaining consent is a prerequisite for participation in coaching programs.

Independent coaches performing wellness coaching are separate data controllers and handle personal data provided to them by Havu Health for their own purposes. (For more on data sharing, see "Recipients of Personal Data.")

Facebook Data Handling: Havu Health maintains a coaching group on Facebook with clients. This group is managed jointly with Facebook as a co-controller. Participation is voluntary and not intended for processing personal data related to the coaching program. All data within the group is provided by the data subject, and Facebook processes this data in accordance with its privacy policy.

Cookies: Havu Health uses cookies on its website, online store, and survey tools. These technologies are set by the service administrators and their partners to help improve the user experience and for other defined purposes. Similar identifiers are also used in the Havu Health app. You can learn more about the cookies and their purposes in the cookie policies of the respective digital services.

 

Purpose of Data Processing and Legal Basis

Consent-Based Processing: storing survey data (which may include health data); evaluating the client’s suitability for coaching programs; personalizing coaching (only by the coaches); measuring coaching effectiveness; arranging consultation calls; subscribing to newsletters; analyzing and personalizing digital services usage.

Contract-Based Processing: registration of clients and purchases; maintaining basic client information; ensuring the functionality of the Havu Health app; other client-coach communications (e.g., email); billing; managing the Facebook group data; direct marketing for those who have subscribed to newsletters or participated in coaching, unless they opt out.

Legitimate Interest-Based Processing: anonymizing data for statistical purposes; analyzing app usage and feedback to improve the coaching program.

 

Retention Period of Personal Data

Personal data will generally be deleted no later than six months after the termination of the agreement. If the client withdraws consent, data processed on consent basis will be deleted as soon as possible. Exceptions include email addresses, which are kept for five years for electronic direct marketing purposes, and billing data, which is retained for six years plus one additional year in compliance with accounting laws.

 

Recipients of Personal Data

Havu Health may share personal data with the coach who is providing individual coaching, to the extent necessary for the delivery of the coaching program. Coaches are provided with the client’s data at registration and any other data provided or updated by the client in surveys.

Personal data may be transferred to processors located outside the European Economic Area (EEA) for the technical execution of services. Appropriate safeguards, such as EU Commission-approved standard contractual clauses, will be put in place for these transfers. Data is, where possible, pseudonymized before being shared.

 

Rights of Data Subjects

  • Right of Access: The data subject has the right to request a report of their personal data.

  • Right to Rectification/Erasure: The data subject has the right to request the rectification or deletion of their personal data. However, please note that the right to erasure may be limited by applicable legislation (e.g., accounting laws).

  • Right to Data Portability: The data subject has the right to transfer their personal data to another controller in a machine-readable format.

  • Right to Withdraw Consent: The data subject can withdraw their consent at any time.

    • Note: If consent is withdrawn, participation in the coaching program will no longer be possible.

  • Right to Object: The data subject can object to the use of their data for direct marketing purposes.

  • Right to Lodge a Complaint: The data subject can lodge a complaint with the supervisory authority (e.g., the Information Commissioner’s Office (ICO)) if they believe their personal data has been processed unlawfully.

To exercise any of the above rights, please contact us via email at info(at)havuhealth.com.