Privacy Policy

Last updated September 2021.

This is the Privacy Policy of Floe Interactive Limited, a company registered in the Republic of Ireland under company number 633892 whose registered office is at The Black Church, St. Mary's Place, Dublin 7, D07 P4AX, Ireland (“Floe Interactive Limited”, “we,” or “us”).

Floe Interactive Limited is committed to protecting your privacy and the privacy of your personal information. This Privacy Policy explains the use of information collected via the frankie.health and floe.app websites, and related applications, online services and mobile applications provided by Floe Interactive Limited (collectively, the “Services”). Our Terms of Use together with this Privacy Policy (collectively, the “Agreement”) govern your use of the Services.

The Agreement applies to any registered or a non-registered patient or other user of the Services (“User”), including a doctor, therapist, coach, or other healthcare specialist, professional or provider using the Services in connection with a healthcare-related practice or other organisation (“Service Provider”).

BY USING OR OTHERWISE ACCESSING THE SERVICES, AND/OR BY REGISTERING WITH US, YOU AGREE TO THIS AGREEMENT. IF YOU DO NOT AGREE, YOU CANNOT USE THE SERVICES.

PLEASE SEE OUR TERMS OF SERVICE REGARDING YOUR LEGAL RIGHTS IN ANY DISPUTE INVOLVING OUR WEBSITES, SERVICES, TERMS OF SERVICE OR PRIVACY POLICY.

This Privacy Policy may be revised or updated by Floe Interactive Limited from time to time in its sole discretion. Where appropriate, Floe Interactive Limited will provide notice to you as provided in the Terms of Use. By continuing to access or use the Services after the effective date of any such change, you agree to be bound by the modified Privacy Policy.

1. Introduction

About the Privacy Policy

Floe Interactive Limited engages with users across different countries and jurisdictions, and therefore for simplicity, within this Privacy Policy the term “Personal Information” is an umbrella term covering:

  • Any information that can readily be associated with a particular individual;
  • UK/EU Users - Any information deemed to be personal data within the meaning as set out in the General Data Protection Regulation (2016/679), together with the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 (the “Data Protection Legislation”); and
  • US Users - “Protected Health Information” (“PHI”) within the meaning as set out in Health Insurance Portability and Accountability Act (“HIPAA”) and subsequent laws and regulations.

We collect and maintain a range of data in order to provide Services to you and maintain safe and secure Services. Access to your Personal Information is limited to (a) Floe Interactive Limited employees and subcontractors who help with our business operations (such as to host our website platform, provide payment, billing or similar services, or perform anti-fraud functions), and (b) Service Providers with whom you elect to share information (such as a doctor).

2. Information We May Collect

Personal Information, is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you when you engage with us. Whenever we collect personal data about you, we must have a legal ground to do so.

Identity and contact information when you contact us or engage us for the provision of Services

Includes:

  • Name
  • Email address
  • Address
  • Telephone number
  • Username
  • Password
  • Medical history/PHI

We collect this information when you contact us or engage us for the provision of Services. This information allows you to receive Services and to contact you in respect of those Services.

Our lawful basis for this is to perform our contract with you – we require this information to be able to provide Services or with the customer service issue you have raised.

We will then use your name and email address to send you information about your matter or issue raised (including to provide you with updates on changes to this Privacy Policy or security information). Our lawful basis for using your name and email address in this way is to provide you with relevant information relating to the security of your online account, to ensure you have up-to-date information on how we handle your Personal Information data, and to perform our contract with you (as we have outlined above).

If you choose not to provide this information, we will be unable to provide you with Services.

Identity and contact information when you register as and provide Services as a Service Provider

Includes:

  • Name
  • Email address
  • Address
  • Telephone number
  • Username
  • Password
  • Job title
  • Qualifications/credentials/ professional accreditation
  • Membership to governing bodies
  • Professional /employment history

We collect this information when you register to and provide Services to Users.

Our lawful basis for this is to perform our contract with you – we require this information so you can provide Services to Users.

If you choose not to provide this information, you will be unable to provide Services.

Information provided when you sign up to our promotional material (Marketing Data)

Includes:

  • Name
  • Email address
  • Telephone number

We you make a payment on our website, we collect payment card details through our third party payment provider, currently Stripe Inc, and Stripe’s privacy policy will apply to the payment you make. We do not have sight of your payment card details.

Technical Data

Includes:

  • Internet protocol (IP) address
  • Your login data
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform and other technology on the devices you use to access our Services.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Services provide.

Cookies Data

Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our Website. Please refer to our Cookie Policy at https://www.frankie.health/legal/cookie-policy for information about cookies and how we use them and what kind.

This information is necessary for us to perform our contract with you, i.e. to give you access to the service our Services provides.

Information That We Do Not Collect

We do not collect, store or record any audio or video data created between Users, Service Providers and anyone else using the Services for video and/or voice communication. The audio and video data is encrypted and not accessible to us or any third party.

US Users - HIPAA and Protected Health Information

HIPAA provides specific protections for the privacy and security of your PHI and restricts how it may be used and disclosed. Notwithstanding any statements about the use of your Personal Information more generally in this Privacy Policy, Floe Interactive Limited will only use and disclose your PHI as authorised by you and/or your Service Provider(s) in accordance with applicable law.

To that end, before any PHI that you provide is shared with a Service Provider, you may be asked to affirmatively authorise Floe Interactive Limited to do so. By providing such authorisation, you are permitting Floe Interactive Limited to release your Personal Information, including PHI, to those specified Service Provider(s) pursuant to HIPAA. Your authorisation is entirely voluntary, but without authorisation, Floe Interactive Limited will not be able to share your information with selected Service Providers.

3. How we use your information

We maintain appropriate physical, electronic, standard security practices, including encryption, passwords and physical security measures, and managerial procedures to protect the security and confidentiality of your Personal Information. Only a limited number of our internal staff are authorised to access, delete or modify your data. We will make reasonable efforts to ensure that your privacy interests are protected.

Our use of PHI is restricted as described above.

4. Sharing of information

We are not in the business of selling Personal Information about our users to third parties without your consent.

We may disclose your information in the following cases:

  • If we want to sell our business, or our company, we can disclose it to the potential buyer;
  • We can disclose it to other businesses in our group, as defined in the UK Companies Act 2006;
  • We may contract with third parties/subcontractors to supply our Services to you on our behalf. These include cloud services used to send emails and technology providers that assist in providing our services to you;
  • We may share Personal Information (including PHI) with selected Service Provider(s) where we are authorised to do so;
  • We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety or rights; or
  • We can exchange information with others to protect against fraud or credit risks.

Parties with Whom You May Choose to Share Your Information

If you voluntarily share or submit any information to be shared with other parties or the public, or link it to any social media platforms or the public, that information may become available to those parties or the public.

Using and Sharing Anonymised Data

We may de-identify and anonymise Personal Information so it is no longer associated with any individual(s) in order to use it for other purposes, such as aggregating the data for statistical analysis.

5. Protection of your information

By registering for and using our Services, you consent to the transfer of your Personal Information to anywhere where we, our contractors, or Service Providers maintain facilities for the use of your information as described in this Privacy Policy.

Although we implement reasonable administrative, physical and electronic security measures designed to protect your Personal Information from unauthorised access, we cannot ensure the security of any information you transmit to or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information. To the extent the law of your jurisdiction allows for notification of a breach via e-mail or conspicuous posting through the Services, you agree to accept notice in that form.

If you live in the EEA, you have certain rights in relation to your information that we process. While some of these rights apply generally, others apply only in certain circumstances. To exercise your rights or to submit a question, you can email us at dpo@frankie.health.

  • Access. You have the right to request a copy of your information that we process. You may exercise this right in "Privacy Settings" section in your user account. If you require additional access, please email us at dpo@frankie.health.
  • Correction. If you discover that we hold inaccurate information about you, you have a right to ask us to correct that information. You can correct account information by logging into your account. For other corrections, please email us at dpo@frankie.health.
  • Erasure. You have the right to request that we delete your information. We may refuse this request if (a) the information is still necessary for the purposes that we collected or processed it or (b) we still have a legal basis to process it, even after you’ve withdrawn consent. You can exercise this right in the “Privacy Settings” section of your user account or you can email us at dpo@frankie.health.
  • Restriction. You have the right, in some cases, to restrict the processing of your information, such as where you have exercised your right to object and we are reviewing your objection. For more information, please email us at dpo@frankie.health.
  • Objection. You have the right to object to us using your information based on our lawful bases described above. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object by using the unsubscribe link in such communications, changing your account settings or, if you do not have an account, you can email us at dpo@frankie.health.
  • Portability. You have the right in some cases to port your information from us to a new data processor. We can refuse this request if (a) our processing is not based on your consent or our contract with you, or (b) the data are not stored electronically. You can exercise this right through the “Privacy Settings” section in your user account to download your data in XML format. Alternatively, you can email us at dpo@frankie.health.
  • Withdraw consent. You can withdraw your consent to processing at any time by deactivating your account through the frankie.health website or by e-mailing dpo@frankie.health. Withdrawing your consent does not affect processing that has already occurred. Where you withdraw your consent, we will no longer process your information based on your consent. We may process your information if another legal basis applies, for example, if we are legally obligated to store certain records or if your withdrawal of consent was limited to certain processing activities.
  • Complain. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or the Data Protection Commission in Ireland (https://www.dataprotection.ie/) . We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

You may be able to modify certain features in your Account profile page. In addition, please note the following :

  • If we offer any communications by text message, you may opt-out of receiving text messages by replying “STOP” to any text message received. In all promotional emails, you will be given the opportunity to opt-out of receiving such messages in the future by clicking on the link at the bottom of the email that says “unsubscribe.” It may take up to ten (10) business days for us to process your opt-out request.
  • Even if you have unsubscribed from receiving promotional emails from us, we may send you other types of important email communications without offering you the opportunity to opt-out of receiving them, such as announcements about the Services and administrative notices (e.g., account verification, payment confirmations, technical and security notices).

6. Retention of data

Information we collect may be retained indefinitely, but we may elect to only retain such information to the extent necessary for business and legal purposes. If you cease being a User, we may retain your Personal Information in the event you wish to rejoin the Services, and for anti-fraud and other purposes.

7. Change of control

We may share Personal Information with companies under common control (such as a parent company or subsidiary) to be used in a manner consistent with this Privacy Policy. If part or all of Floe Interactive Limited or our assets is transferred to another organisation, your Personal Information may be among the items transferred. The recipient will have to honour the commitments we have made in this Privacy Policy.

8. Amendment to this policy

We may need to update our Privacy Policy periodically to reflect changes in the types of information we collect, the means we use to collect information, or our usage of collected information. We will make reasonable efforts to alert you to any material changes when they occur. Changes will generally take effect immediately upon posting to our Services.

9. Children’s privacy

We do not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow such persons to register for the Services. The Services and their content are not directed at children under the age of 16. In the event that we learn that we have collected Personal Information from a child under age 16 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us.

10. How we respond to do not track signals

We do not track our users over time and across third party websites to provide targeted advertising. We do not respond to Do Not Track (DNT) signals and handle all Personal Information consistent with our Terms of Service and this Privacy Policy.

11. Other websites and services

The Services may be embedded within, or contain links to, other websites or services that we do not own or operate. We are not responsible for the practices employed by such websites or services, including the information or content contained within them. Your use of any third-party website or service is subject to that third party’s own rules and policies, not ours.

You agree that we are not responsible for and do not have control over any third parties that you authorise to access your Personal Information (which authorisation may include PHI). If you are using a third-party website or service and you allow them to access your Personal Information you do so at your own risk.

12. International considerations

We have developed data practices designed to assure information is appropriately protected but we cannot always know where Personal Information may be accessed or processed. While our Services are maintained and operated in Ireland, we may transfer Personal Information outside of Ireland if necessary. As described above, we may employ contractors to perform functions on our behalf, and if Personal Information is accessible to a third party or to our employees outside of Ireland, we will seek assurances that such information is safeguarded adequately, in accordance with this Privacy Policy and applicable laws.

In certain cases, we transfer and store certain information outside the EEA, such as to the United States. In such cases, we use a legal mechanism known as “standard contractual clauses” to protect information transferred outside the EEA. Standard contractual clauses refer to contracts between companies transferring personal information that contain standard commitments, approved by the European Commission, protecting the privacy and security of the information transferred. To request a copy of the clauses, please email us at support@frankie.health.

13. How to contact us

Please direct questions or concerns about this Privacy Policy or the Services to us at support@frankie.health.