Website Privacy Policy

Effective date: 05/01/25
Last updated: 05/10/25

Welcome to Livel Health Hub (“Livel,” “we,” “us,” or “our”). This Privacy Policy describes how we collect, use, disclose, transfer, and store information about you when you use our website, mobile applications, or other services (collectively, “Services”). It also describes your privacy rights and how to exercise them.

We take your privacy seriously. We aim to be transparent about what data we collect, why, and with whom we share it. Please read this policy carefully.

If you have any questions, concerns, or requests regarding your personal data, you can contact us using the contact details in Section 14 below.

2.1 Scope
This policy applies to all individuals (“you,” “your”) who access or use our Services, or whose information we collect in connection with providing Services (e.g. patients, visitors, users, clients, health professionals, etc.).

2.2 Data Controller / Responsible Entity
For purposes of applicable data protection and privacy laws (e.g. GDPR), Livel Health Hub (or the legal entity owning and operating the Services) is the data controller (or joint controller, as applicable) of your personal data collected through the Services, unless specified otherwise.

If you are located in the European Economic Area (EEA) or United Kingdom (UK), Livel Health Hub is the controller (or joint controller) as defined under the EU General Data Protection Regulation (GDPR) and UK GDPR.

In certain jurisdictions, you may also have a right to lodge a complaint with a supervisory authority; see Section 12 below.

We collect multiple types of information to provide, improve, and personalize our Services. Broadly, we collect:

• (a) Information you provide to us directly
  
  • Account registration data (e.g. name, email, phone, address)
  • Profile or health details you voluntarily submit (e.g. medical history, symptoms, medications)
  • Messages, communications, feedback, support requests, forms
  • Payment or billing information (if applicable)
  • Device identifiers or push token (for mobile apps)
  • Any other content, images or documents you upload
• (b) Information collected automatically when you use the Services
  
  • Usage and log data, such as pages visited, timestamps, interaction events, features used
  • Device and technical data: IP address, browser type and version, operating system, device model, language, screen resolution
  • Unique identifiers, cookies, local storage, pixel tags, and other tracking technologies (see more in Section 5)
  • Location data (if you permit it)
• (c) Information from third-party sources
  
  • Partners, analytics providers, advertising networks, social media platforms that share data with us (where you have permitted them)
  • Publicly available sources
  • Aggregated or anonymized data
• (d) Inferred, derived, or aggregated data
  
  • Profiles, user segmentation, interest or behavioral profiles
  • Predictions, scoring, machine learning-based insights
• (e) Sensitive or special categories (if applicable)
  In certain jurisdictions, health / medical information is considered special category data. Where we collect such data, we will do so only with appropriate additional protections (e.g. your explicit consent or other permitted legal basis).

Where you are in the EEA or UK, we rely on one or more of the following legal bases to process your personal data:

• Consent: Where you have given explicit consent (e.g. for optional features, marketing, certain health data).
• Performance of a contract: When processing is necessary to provide you with Services or fulfill our agreements.
• Legitimate interests: For our business operations, analytics, improving the Service, fraud prevention, advertising (provided they don’t override your rights).
• Legal compliance: Where required by law, regulation or court order.
• Vital interests: In rare cases (e.g. medical emergencies).

Where we rely on “legitimate interests,” we will conduct balancing tests and ensure appropriate safeguards.

5.1 How we use cookies and tracking
We use cookies, web beacons, pixel tags, SDKs, local storage, and similar technologies to collect usage, performance, and behavioural data. These help us:

• Remember your settings and preferences
• Enable basic functionalities (e.g. login, session management)
• Analyse and improve our Services
• Provide personalised content, recommendations, and targeted advertising
• Prevent fraud, detect abuse, and maintain security

5.2 Cross-device tracking & ad targeting
We may combine or match data from multiple devices or sessions (e.g. your phone, tablet, and desktop) in order to provide a consistent experience and personalised content or ads (“cross-device tracking”). We may also engage in targeted advertising or retargeting by:

• Sending you ads on third-party platforms based on your interests or behaviour
• Allowing third-party advertising networks to track you across other websites or apps
• Using hashed/anonymous identifiers (e.g. device IDs or hashed email) to match you across contexts

You may opt out or limit such tracking via privacy settings, device/OS-level settings, or cookie consent tools (see Section 8). Also, third-party ad networks may provide opt-out mechanisms (e.g. ads settings).

5.3 Third-party cookies and tracking
We may permit third-party service providers (analytics, ad networks, social networks) to place cookies or tracking technologies through our Services. We do not control these third parties’ practices, but we require them to adhere to privacy and data protection standards.

5.4 Your control over cookies / tracking
You can manage or block cookies via your browser settings or mobile device settings. You may also use our cookie consent banner or settings to disable non-essential cookies. However, disabling cookies may impair some features of the Services.

We use the information we collect for purposes including:

• Providing, maintaining, and improving the Services
• Authenticating users, managing accounts, and supporting user features
• Personalisation and recommendations (content, health tips, services)
• Analytics, reporting, and insights to understand usage
• Fraud detection, security, abuse prevention
• Customer support, communications, and notifications
• Complying with legal obligations
• Marketing, promotions, advertising, retargeting (if you consent or don’t opt-out)
• Research, machine learning, and innovation (e.g. model training)

We may also use aggregated or anonymised data for any lawful purpose without restriction.

7.1 Categories of recipients
We may share your personal data with:

• Affiliates, subsidiaries, or related entities
• Service providers, contractors, vendors (e.g. hosting, analytics, email, payment processors)
• Advertising networks and ad tech partners
• Health professionals or consultants (if required to provide the health-related Services)
• Business partners or collaborators
• Regulatory, judicial, or law enforcement authorities (in compliance with legal obligations)
• Potential acquirers, investors, or successors in business transactions (mergers, acquisitions)
• Other users, to the extent enabled by features (e.g. messaging, forums)

7.2 Purpose and limitations
We share data only for permitted purposes, under strict contractual and organisational safeguards. We require third parties to treat your data per applicable laws, not to use it beyond specified purposes, and to maintain security.

7.3 International transfers
Because we or our providers may operate globally, your data may be transferred to, processed in, or stored outside your country or region (e.g. outside the EEA or UK). In such cases, we will ensure appropriate safeguards (e.g. Standard Contractual Clauses, binding corporate rules, adequacy decisions) or obtain your explicit consent as required by law.

7.4 Anonymisation / de-identification
We may also share aggregated, anonymised, or de-identified data that cannot reasonably be re-identified to you.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Access / Right to know: Request a copy of the personal data we hold about you
• Correction / Rectification: Request correction of inaccurate or incomplete data
• Erasure / Deletion (“right to be forgotten”): Request deletion of data under certain conditions
• Restriction of processing: Ask to limit our use of your data
• Data portability: Obtain your data in a structured, machine-readable format, or transfer it to another controller
• Object to processing: Object to our processing under certain legal bases (e.g. for direct marketing or legitimate interests)
• Withdraw consent: Where processing is based on consent, you can withdraw at any time (but this does not invalidate past lawful processing)
• Right to complain to a supervisory authority: If you believe we have violated applicable law

To exercise these rights, please contact us at the address in Section 14. We may require verification of identity before fulfilling your request.

Options and preferences (e.g. marketing opt-out, cookie settings) are also available in your account settings or via a preference centre.

9.1 Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. Measures may include encryption, access controls, secure storage, network protections, and regular audits and assessments.

9.2 Retention
We will retain your personal data only as long as necessary for the purposes for which we collected it (or as required by law). Afterward, we will securely delete, anonymise, or aggregate it.

9.3 Minimisation & accuracy
We take steps to collect only the data necessary for the stated purposes. We also endeavour to keep the data accurate and up to date, allowing you to correct or update your information.

Our Services are not intended for children under [13 / 16 (as applicable in relevant law)]. We do not knowingly collect personal data from children without parental or guardian consent. If we become aware that we have collected data from a child without valid consent, we will take steps to delete it promptly.

If you believe that we may have collected information from a child, please contact us (see Section 14).

We may update this Privacy Policy from time to time (for new features, legal changes, or operational needs). When we make changes, we will revise the “Last updated” date above and may provide notice (e.g. via email or in-app notification). We encourage you to review this policy periodically to stay informed.

Your continued use of the Services after changes become effective constitutes acceptance of the revised policy (unless you opt out where permitted).

This Privacy Policy is governed by the laws of [Insert jurisdiction, e.g. Malta / EU / your country], without regard to conflict of law provisions.

To the extent permitted by applicable law, any dispute arising from or relating to this policy or your data shall be resolved by [negotiation / mediation / arbitration / courts of jurisdiction, etc.].

If you are in the EU / EEA / UK, you also retain the right to lodge a complaint with your local supervisory authority.

• Automated decision-making / profiling: We may use automated means, algorithms, or models to analyse or predict preferences, health risk factors, or outcomes. Where required by law, you have the right to request human intervention or contest decisions.
• Health / medical data: Because health data is sensitive, we treat it with heightened safeguards and only process it with your explicit consent (unless otherwise permitted by law).
• Third-party integrations: When you connect third-party services (e.g. fitness trackers, health apps), we may access and import data from them, subject to your consent and their permissions.
• Business transfers: In case of merger, acquisition, or sale of assets, user data may be transferred to a successor entity (subject to confidentiality commitments).
• No rights in open APIs: If a third party accesses our APIs or integrations, such access is subject to our developer / partner agreements and subject to user consent.
• International users: Users outside our primary jurisdiction should note that their data may be transferred cross-border; we will apply protective safeguards.

If you have questions, requests, or complaints about this Privacy Policy or our data practices, please contact:

Livel Health Hub
2, 135 Kyle Buildings, Triq il-Mediterran, St Julians, STJ 1870
Email: pa@livelhealthhub.com
Phone: +356 79999751

If you are located in the EU / EEA / UK and wish to lodge a complaint, you may also contact your local Data Protection Authority.

By using our Services, you acknowledge that you have read and understood this Privacy Policy, and you consent to our collection, use, and sharing of your personal data as described herein (to the extent permitted by law). Where required, you will be asked to give explicit consent (e.g. for health data, cookies, marketing).