Privacy Policy YuviTal Work

1. Privacy Policy

1.1 UVTAL Health Ltd. (“YuviTal”, “Us”, “We” or the “Operator”), respects its users’ privacy and is committed to protecting the personal information that you share with Us. 

1.2 UVTAL Health Ltd. which operates the application (“App,” “Application,” and/or the “Service”), respects the privacy of its users and is committed to protecting it and safeguarding the confidentiality of users .

1.3 The Operator will not use any data (as defined below) except in accordance with this Privacy Policy, which explains how user data is collected through the App by the Operator, the purposes for which it is collected, the types of data collected, the ways that the Operator uses such data in relation to the App and Service, and how the data is stored.

1.4 This Policy applies to Personal Identifiable Information (“PII” or “Personal Data”) as defined by the General Data Protection Regulation (GDPR) (EU) 2016/679 (“GDPR“), collected by Us via online resources and communications. PII may contain health related information as defined by the Health Insurance Portability and Accountability Act of 1996 and its attendant regulations (“HIPAA”) as “Protected Health Information” (PHI). “Non-Personal Data,” as used in this Privacy Policy, is therefore any information that does not relate to a person, cannot be used to identify a person. The Operator may also use Non-Personal Data. The limitations and requirements set forth in this Privacy Policy regarding the collection, use, disclosure, transfer, and storage or retention of Personal Data do not apply to Non-Personal Data.

2. General

2.1 Users are required to carefully read this Privacy Policy, which constitutes an integral part of the Operator’s Terms of Use.

2.2 The Operator does not collect personal data from or about a User without their explicit consent, which is provided only after the User accepts the Terms of Use and this Privacy Policy by checking the box marked “I Agree” during the App registration process.

2.3 By using the App and by checking the designated box, the User acknowledges and agrees to the terms of this Privacy Policy, including those relating to the collection and use of their personal data.

2.4 The User acknowledges that they are not legally obligated to provide the Operator with any personal data, and that any such provision is made voluntarily and with explicit consent.

2.5 The User may choose not to consent to the sharing of personal data as detailed in Section 3.1.3 (Lifestyle and Physical Activity Data). In such case, the User will not be able to benefit from certain features, such as earning coins, receiving rewards, or any functionality based on performance and goal achievement. However, the provision of the other types of data listed in Section 3 is a prerequisite for using the App, and any User who does not consent is required to discontinue use of the Service.

2.6 This Privacy Policy does not apply to third-party websites or applications that are linked through the App. Each of those websites and/or applications is subject to its own terms of use and privacy policy.

2.7 Please be aware that this Privacy Policy does not apply to the practices of any third parties to whom YuviTal may disclose Personal Information (as defined below) pursuant to the terms of this Privacy Policy.

2.8 If a User is concerned that their personal data has been collected without appropriate consent, they are encouraged to contact the Operator via email at: [email protected].

3. The Information We Collect

3.1 The personal data collected may include (“Personal Data”):

3.1.1 Personal identifiers and contact information: (a) First and last name; (b) ID; (c) Phone number; (d) Mailing address; (e) Email address; (f) Employee ID; (g) Profile picture.

3.1.2 Demographic information: (a) Age and date of birth; (b) Gender; (c) Language.

3.1.3 Lifestyle and physical activity data: (a) Step count; (b) Sleep cycle; (c) Workout habits; (d) Heart rate; (e) Weight and height.

3.1.4 Technical data: (a) Unique device ID; (b) Operating system type; (c) Operating system version; (d) IP address; (e) Logs of interactions with the Service for troubleshooting; (f) Error monitoring data; (g) Information security requirements.

3.1.5 Usage and analytics data: (a) Registration; (b) Logins; (c) App open events; (d) Video views; (e) Article reads; (f) Device and browser data: location, time zone, browser type, IP address, log files, language preferences, media access control (MAC) settings; (g) Website usage data: landing pages, exit pages, URLs, number of clicks, domain names, referring and viewed pages, viewing order, time spent per page; (h) Tracking engagement with emails, notifications, and advertisements: email opens, forwards, clicks on messages and ads sent by the Operator.

3.1.6 Consumption data: Purchase history of products made within the App.

3.2 Notwithstanding the above, the Operator reserves the right to collect additional data not explicitly mentioned in this Policy, provided it is relevant to the purposes outlined herein or required for service customization, enhancement, legal compliance, or future regulatory or technological developments.

3.3 The Operator may use cookies, web beacons, gifs, pixel tags, log files, or other industry-standard technologies (collectively referred to as “Cookies”) to automatically collect specific types of data during a User’s interaction with the App. These cookies are used solely to identify Users and improve their experience and do not include third-party cookies.

3.4 For the avoidance of doubt, any data linked to or associated with personal identifiers will be treated as Personal Data as long as such association exists. Data that is de-linked and cannot reasonably be associated with a User will be considered statistical data only, and the User consents to the Operator’s unrestricted use of such anonymized statistical data even after discontinuing use of the Service.

3.5 The Operator stores personal data for as long as reasonably necessary to operate the App and provide the Service. Some data (such as technical or operational logs) may be retained in backups or logs for longer periods. Notwithstanding the above, the User agrees that the Operator may continue to use de-identified data in accordance with this Policy (e.g., for analysis and statistical purposes) even after the User has stopped using the Service, for any reason.

4. Purposes of Data Use

The legal basis for processing your personal data under this Privacy Policy is your explicit consent, which is granted by affirmatively accepting the terms of this Privacy Policy and/or by voluntarily providing your information via the platform. The Operator shall use the data collected only in accordance with this Privacy Policy or any applicable law, and for the purposes detailed below – in whole or in part:

4.1 Identification and Personalized User Experience, including: 

For identification; identity verification; to provide access to the service promoting a healthy lifestyle or other functionality; and to enhance the quality of service and user experience through personalization.

4.2 Customer Service and User Support, including: 

To respond to user emails, inquiries, questions, comments, requests, and complaints; to provide customer service and facilitate use of the service; to provide technical assistance and support.

4.3 Data Security and Monitoring of Service Usage, including: 

To monitor usage data for investigating security incidents; to log access control events in compliance with applicable data security regulations; to identify anomalies; to implement additional security mechanisms as deemed appropriate by the Operator; to comply with data security regulations, standards, and legal requirements; to send confirmations, updates, and alerts; to assist in the administration and operation of the service; to analyze usage, trends, and malfunctions; and to prevent fraud.

4.4 Business and Analytical Uses, including: 

For the Operator’s internal business purposes, such as data analysis, audits, fraud prevention, and other internal operations; to analyze user-provided or third-party-sourced data and provide insights or recommendations based on the findings; to comply with legal and business requirements, contractual obligations with third parties, and dispute resolution; and for medical and comparative research.

4.5 Marketing and Advertising, including: 

4.5.1 To send communications via mail, email, SMS, or any other direct communication channel (including push notifications, auto-dialers, and direct marketing); to provide informational content about the Operator and its offered services, newsletters, targeted messages based on user interests, updates regarding purchased products or services (if applicable), or other offerings the Operator believes may interest the user, including partner promotions and marketing content.

4.5.2 To publicly recognize users who reach specific goals within the App by sharing limited personal information, such as the user’s name, profile image, and a description of the achievement, on the official social media accounts of the Operator or authorized third parties.

5. Sources of Data Collected About the User

5.1 Explicit User Input, including: Information entered by the user while using the application, such as performance tracking, habits, and activities; purchasing products, services, and benefits within the App. Information provided during registration, including consent to join the Operator’s mailing list. Information shared when contacting customer support or through user feedback and suggestions.

5.2 Data from Smart Devices and Wearables, including: Information actively collected and monitored by the Operator regarding the user’s physical activity and health status, available via smartphones and various wearable devices, including (but not limited to) step counters, heart rate monitors, blood pressure readings, etc. User-initiated connection is required to collect such data.

5.3 Third-Party Information, including: Information received by the Operator regarding services provided through the App.

5.4 Tracking and Usage Analysis Technologies, including: Device and browser data; Website usage data, including clicks and interactions with the user interface; Email, alert, and promotional message interaction tracking data.

6. Data Subject Rights – The User

6.1 Right of Access: 

The user may contact the Operator at any time to request access to data held about them in its database, pursuant to applicable law.

6.2 The Right to Rectification:

The user may contact the Operator at any time to request the correction of any personal data they believe is inaccurate and/or the completion of any personal data they believe is incomplete. 

6.3 Right to erasure (‘right to be forgotten’):

6.3.1 Users may close their account independently via the App settings. Closing the account does not guarantee complete deletion of all information about the user, subject to the clauses below. 

6.3.2 If a user requests full data deletion, the Operator will review and handle the request in accordance with applicable law. 

6.3.3 The Operator may retain and use personal data after account closure, as long as reasonably necessary for the original purpose for which the data was collected. This includes (but is not limited to): future analytics, legal/business compliance, contractual obligations with third parties, dispute resolution, enforcing Terms of Use, information security compliance, or account recovery. 

6.3.4 Alternatively, anonymization may be performed to ensure the data can no longer reasonably be linked to the user. 

6.3.5 Aggregate and/or anonymized information derived from the user account, user-generated content, or service usage – including metadata – may be retained indefinitely on the Operator’s servers.

6.4 Rights of California Residents

Right to Access Personal Information Collected, Disclosed or Sold: The user has the right to request that the Operator disclose specific information regarding the collection and use of their personal data over the past 12 months. Upon receipt and verification of a valid consumer request (as defined below), the Operator will disclose to the user:

6.4.1 The categories of personal information the Operator sold about the user;

6.4.2 The categories of personal information the Operator disclosed about the user.

6.4.3 The categories of sources from which the Operator collected the user’s personal information;

6.4.4 The Operator’s business or commercial purpose for collecting or selling that personal information;

6.4.5 The categories of third parties with whom the Operator shared that personal information;

6.4.6 The specific pieces of personal information collected about the user; and/or

6.4.7 If the user’s personal information was sold or disclosed for a “business or commercial purpose,” as defined under the CCPA (California Consumer Privacy Act) lists of such sales or disclosures, identifying the categories of personal information that each category of recipient purchased or obtained.

6.5 Right to Non-Discrimination

The Operator shall not discriminate against the user for exercising any of their rights under the CCPA. Unless otherwise permitted by the CCPA, the Operator shall not:

6.5.1 Deny the user goods or services;

6.5.2 Charge the user different prices or rates for goods or services, including by granting discounts or other benefits, or by imposing penalties;

6.5.3 Provide the user with a different level or quality of goods or services; or

6.5.4 Suggest that the user may receive a different price or rate for goods or services, or a different level or quality of goods or services.

6.6. Right to Opt-out of the Sale of Personal Data 

The Operator does not, under any circumstances, sell the user’s personal data to any third party.

6.7 California Shine the Light Law

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact [email protected].

7. User Rights Regarding PHI (Protected Health Information)

This section describes how Protected Health Information (PHI) may be used and disclosed, and outlines the user’s rights regarding such information.

7.1 Right to Amend

7.1.1 If a user believes that PHI maintained about them is incorrect or incomplete, they may request an amendment. This right applies for as long as the PHI is retained by or on behalf of YuviTal.

7.1.2 Amendment requests must be made in writing and submitted to: [email protected]. The request must include a reason supporting the amendment. 

7.1.3 The Operator may deny the request if: It is not submitted in writing or lacks a valid reason; The information was not created by the Operator (unless the originating entity is no longer available); The information is not part of the PHI maintained by or for the Operator; The user is not authorized to inspect or copy the information; The information is accurate and complete; The requester is not the owner or a legally authorized representative of the owner of the information.

7.2 Right to Request Restrictions

The user has the right to request restrictions on the use or disclosure of their PHI for purposes of treatment, payment, or healthcare operations. They may also request limits on disclosures to individuals involved in their care or in the payment for such care (e.g., a family member or friend).

7.3 Right to Request Confidential Communications

The Operator will communicate with the user only through the contact details provided during the registration process (e.g., the email address provided by the user).

7.4 Right to Receive a Paper Copy of This Notice

The user has the right to request a paper copy of this notice. A copy may be obtained via the Operator’s website at yuvital.com or by downloading this document directly.

8. Users may contact the Operator at any time to exercise their rights to access, rectify, or delete personal data. Requests may be sent to: [email protected]. The Operator will acknowledge the request within 72 hours and assess its implementation within 14 business days, or in accordance with legal requirements.

9. Data Sharing

9.1 The user acknowledges and agrees that their personal data and activity data stored with the Operator may be shared with its benefits providers and/or partners that deliver services on its behalf. This may include access to or processing of personal data necessary for: delivery of benefits and purchased products, invoice generation, payment collection, data processing, marketing, advertising, customer service, digital services and e-commerce, courier and mailing services, IT services, payment processing, survey providers, cybersecurity consultants, and more.

9.2 The Operator may disclose user data if required by law or in good faith when: (1) Such disclosure is necessary to comply with legal obligations or respond to court orders, warrants, or equivalent legal requests, or to protect the personal safety of an individual; (2) It is necessary to enforce the Operator’s Terms of Use, mitigate legal liability, investigate or defend against third-party claims, assist law enforcement, protect the security of the platform and service, or safeguard the Operator’s rights and assets; (3) It is required as part of legal proceedings involving the user and the Operator.

9.3 Personally Identifiable Information (PII) may be shared by the operator with third parties only when required for providing services, subject to a valid Data Processing Agreement (DPA).

9.4 Non-identifiable, anonymized, or aggregated data may be used and shared with third parties for research, analytics, business, or commercial purposes, provided that no individual user can be reasonably re-identified.

10. Direct Marketing

10.1 By engaging with the Operator, the user provides their contact details. Unless they opt out, the Operator and/or its affiliates may use this information to send promotional content and direct marketing tailored to the user’s personal characteristics.

10.2 The user may revoke consent at any time by contacting customer service in writing, updating the opt-out setting in the App, or clicking the “Unsubscribe” link included in each marketing email. Requests will be processed within no more than seven (7) business days. Revocation of consent for marketing does not affect the Operator’s ability to continue using the user’s data for the purposes outlined above.

11. Data Security

11.1 The Operator shall ensure that stored data complies with applicable privacy laws, including the Israeli Protection of Privacy Law, 5741-1981, the Protection of Privacy Regulations (Data Security), 5777-2017, the EEA-Israel Privacy Protection Regulations, 5783-2023, and other relevant legislation.

11.2 YuviTal safeguards the security of the data you send Us with physical, electronic, and managerial procedures, taking into consideration the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of processing your personal information. YuviTal complies with the GDPR and HIPAA and is ISO 27001, 27799 certified. While the Operator strives to protect users’ personal information, it cannot guarantee the security of any information transmitted to it. Therefore, users are urged to take all necessary precautions to protect their personal data when using the Internet.

11.3 All collected data will be stored on secure cloud-based database servers. The application and all stored information are protected to a high standard, and users can feel confident using the service.

11.4 The Operator applies industry-standard safeguards, including encrypted “in transit” and “at rest” data, access control mechanisms, and more.

11.5 Despite best efforts and compliance with applicable standards, the Operator cannot guarantee absolute protection against cyberattacks or data breaches.

11.6 The user accepts responsibility for the personal data they choose to disclose and understands the associated risks.

11.7 The Operator commits to storing personal data within the European Economic Area or in jurisdictions deemed adequate by the European Commission. However, data may also be subject to the laws of the country in which it is stored.

11.8 The Operator proactively implements international data protection standards (HIPAA, GDPR, CCPA) as internal compliance benchmarks (“regulation as standards”). In the event of a conflict between these standards and Israeli law, or the provisions of this Privacy Policy, the latter shall prevail.

12. Data Retention

The Operator will retain data for a reasonable period required to fulfill the purposes outlined in this Privacy Policy or as required by law. Periodic assessments are conducted to evaluate data retention policies.

13. Linked Sites and Services

13.1 This Privacy Policy does not apply to third-party websites or services linked through the App, nor to the information or content provided therein.

13.2 If a user follows a link from the App to a third-party service, their interaction is subject to that third party’s privacy policy and terms of use. The Operator is not responsible for any misuse or disclosure of personal information by third parties.

13.3 The Operator recommends that users review the privacy policies of any external websites or services they choose to use. It is the sole responsibility of such third parties to comply with applicable restrictions regarding the disclosure of users’ personal data. The user acknowledges and agrees that the Operator bears no responsibility for any improper use or disclosure of personal data by such third parties and has no control over their actions. If the user chooses to use a third-party website or service and grants it access to their personal data or user content, they do so at their own risk and sole responsibility.

14. Privacy Policy Updates

14.1 The Operator reserves the right to update this Privacy Policy from time to time, with or without notice.

14.2 When updates occur, the Operator will make reasonable efforts to publish and provide access to the updated version for review.

14.3 Continued use of the service constitutes acceptance of the policy in effect at that time. 

14.4 If the changes are not acceptable, the user must act as outlined in Section 2.5.

15. Governing Law and Jurisdiction

15.1 This Privacy Policy and any use of the Application shall be governed exclusively by the laws of the State of Israel, whether used in Israel or abroad.

15.2 Exclusive jurisdiction shall be granted to the competent courts in the Tel Aviv – Jaffa District.

16. Questions and Contact

For any questions or concerns regarding this Privacy Policy, the App, or the Service in general, you may contact the Data Protection Officer at: [email protected].

EU Representative

The Operator representative in the European Union is AI Tech&Reg. You may contact our representative at:

Address: Sofia City 1463, Triaditza district, 66 Vitosha blvd. floor 4.

Tel: +35924916200

Email: [email protected]