Privacy Policy

Healing professionals, group practices and organizations

Effective February 15, 2023

Upheal Inc., a Delaware corporation, https://upheal.io, informs you that your personal data will be processed in the ways specified below.

What personal data do we process?

We will use your: 

Data category
Data items
Identification data
Name
Last name
Email address
Phone number
IP Address
Personal details
Language
Educational and professional data
Qualification
Role
Place of work
Recording
Audio and video
Usage data
Session date and time
Log data
Financial data (in case of sole practitioner)
Bank details
VAT number
Fiscal code

Why do we use your data?

Personal data is used on our website for the following purposes:

Purpose
Data category
Legal basic
Are you obliged to provide the data?
How long do you hold your data?
Performance of the contract
Identifying data,
educational and professional data
The performance of the contract
Yes. Failure to provide such data will result in the inability for Upheal to manage the contractual relationship
Duration of the contract
Customer management
Identifying data
The performance of the contract
Yes. Failure to provide such data will result in the inability for Upheal to provide you with the service you request
Duration of the contract
Compliance with a legal obligation (if you are a sole practitioner)
Identifying data, Financial data
Compliance with a legal obligation
Yes. Failure to provide such data will result in the inability for Upheal to comply with a legal obligation
10 years after the termination of the contract
Provision of the service, which includes: creating your account, conducting a session with your client, creating transcripts and insights of the session, storing the record of the session (optional)
Identifying data,
personal details,
educational and professional data, usage data
The performance of the contract
Yes. Failure to provide such data will result in the inability for Upheal to provide you with the service
Duration of the contract
Provision of the service 
Audio and video recording
The performance of the contract
Yes. Failure to provide such data will result in the inability for Upheal to provide you with the service
Duration of the contract
Storage of audio and video recording
Audio and video recording
Audio and video recording
Your consent which you will express by starting the video recording
No. It is always optional to provide consent for the storage of the audio and video recording
Security of the system
Identifying data (IP address) log data
The legitimate interest of Upheal in keeping the systems secure
Data is automatically collected when you use the app.
No more than 6 months

Who can we communicate your data to?

Your data will be communicated to:

  • the hosting providers, suppliers of IT services and application software, who are our data processors; 
  • public or private bodies to whom we are obliged by the law to disclose the data

To receive more information about our providers please contact us at privacy@upheal.io

Disclosure for Law Enforcement: Upheal will disclose your personal data outside the scope of these provisions only as required to do so by law or compelled by court, government or administrative agency of competent jurisdiction. Your personal data may be subject to federal and local laws that require Upheal to disclose this data in certain circumstances.

Where is your data processed?

Most of our team is based in the EU. Some of our suppliers (IT services, hosting provider) operate in the US. Therefore, it is possible that your data will be processed outside of your country/region. In this case, we inform you that the data transfer will take place only in the presence of adequate safeguards provided for by the applicable law. In particular, for transfers from the EU and the UK, where an Adequacy Decision is not applicable, we rely on the Standard Contractual Clauses provided by the European Commission (art. 46 GDPR). For further information about the data transfer you can contact Us at the email address indicated below.

How do we support you in dealing with data subject rights?

We inform you that you have the right to access and request amendment to your data.

You can obtain the erasure of your personal data under certain circumstances. You also have the right to restrict the processing of your personal data.

You can withdraw your consent at any time. 

Moreover, you can receive a copy of your personal data or ask Upheal to transmit that data to another controller, where technically feasible. 

On grounds relating to your particular situation, you can object to the processing of your personal data used for the legitimate interest of the controller.

You can lodge a complaint with the supervisory authority of your country in case you think that your rights have been breached.

If you wish to exercise one of these rights, you can contact us at privacy@upheal.io

HIPAA Compliance

To know more about how we comply with HIPAA, click here.