Welcome to Jonda! Jonda is a cloud-based service by Jonda Health Pte. Ltd. (“Jonda,” “we,” “us,” “our”) that helps you to store, manage, create and share your health information and medical records (collectively, the “Health Data”) securely using cryptographic end-to-end security.
At Jonda, we are committed to protecting the privacy of your Health Data.
Please note that our app may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our app or sites and to read the privacy policies of other sites that may collect your personal data.
1. How we secure your Health Data
Our commitment is to make privacy and security available to you to manage your Health Data. That’s why we use cryptographic end-to-end security to protect the Health Data you share, store and create on Jonda.
We encrypt all and every transmission containing personal data using, among others, Secure Socket Layer technology (SSL) and apply additional encryption on the Health Data uploaded and stored in protected storage folders (the “Encrypted Data”).
We never collect or store your Health Data, unique encryption keys (“Security Token”) and passwords in an unencrypted or invertible form. The Encrypted Data can only be decrypted by you, except when you authorise us or a third-party to exchange or share data. To the best of our knowledge, Jonda is unable to decrypt the Encrypted Data and accordingly, cannot access it, unless you authorise us to do so.
However, when creating your account and using the Services, you may also submit some non-encrypted data, including personal data (for more details, please refer to the section on “Account Information” below).
2. What information we collect
2.1. Where we refer to “personal data”, we mean data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, and any other data falling within the definitions of “personal data” or “personal information” in the applicable laws relating to privacy and data protection.
2.2. Account information. When you sign up for and use the Services, you may provide us with information about you for account creation and maintenance (“Account Information”). Such Account Information may include, as applicable and/or as required or permitted under applicable laws, items such as your name, profile photo, email address, address, date of birth, gender, race or ethnicity, device identifiers, IP address, password, location, payment information and other information pertaining to your transactions on the Services, and information about your medical providers. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary in order to use certain Services.
2.3. Profiles. If you decide you want to create multiple profiles under your Jonda account that may relate to other individuals, you may provide us with certain personal data of those individuals, such as their names, in order to fulfil your request for such profiles. You represent and warrant that any disclosure of another individual’s personal data by you to Jonda for the purpose of creating profiles under your Jonda account is within the scope of the consent validly given by that individual to you or which you may validly provide on behalf of that individual.
2.4. Your Health Data. Jonda provides a technology service that allows you to upload, store, create and share your Health Data securely. As part of the Service, you may choose to provide us with your Health Data as follows: (i) your health information and medical records typically by taking a photo, scanning or uploading a file; (ii) other information about your health, such as information about your medical condition(s), how you are feeling or pain management; and (iii) data from wearables or diagnostic equipment, among others. Jonda consolidates and encrypts such Health Data and converts them into encrypted structured standardized digital data. Jonda is unable to decrypt your Health Data as your Security Token is held by you on your compatible device. We are not responsible or liable for the completeness or accuracy of the information in your Health Data.
2.6. Payment and billing information. When you pay a third-party for your subscription package for the Services (e.g. on an app store like the Apple App Store) your payment information is directly collected and controlled by that third-party. However, we receive invoice receipts from third-parties for your subscription purchase and these receipts are stored by us as we have to keep them for internal accounting and tax purposes and to comply with our legal obligation as per any applicable laws, audits, claims, legal proceedings and/or investigations.
2.7. Product interaction and feedback. We may collect responses to surveys that we invite you to complete, search queries within the Services, and transactions you make regarding the Services. We collect product interaction and feedback that you provide us through our Services to provide you with the Services, improve and enhance our Services, and conduct research and analytics.
2.8. Other information. We collect any other information you choose to include in communications with us, for example, when sending a message or submitting information through a webform.
3. How we use information
3.1. Jonda will use your information to create and manage your Jonda account, and may also use your information for any or all of the following purposes:
(a) To perform obligations in the course of or in connection with our provision of the Services to you;
(b) To help us create, develop, operate, deliver and improve the Services, and when necessary, for loss prevention and anti-fraud purposes, and account and network security purposes;
(c) To verify your identity;
(d) To send important notices regarding the Services, including software updates, changes to our terms, conditions and policies;
(e) To respond to, handle and process queries, requests, applications, complaints, and feedback from you;
(f) To manage your relationship with us;
(g) To process payment or credit transactions;
(h) To send marketing information about our products or Services, including notifying you of our marketing events, initiatives and promotions;
(i) To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
(j) Any other purposes for which you have provided the information; and
(k) Any other incidental business purposes related to or in connection with the above.
3.2. Jonda does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.
3.3. Jonda may access information about your use of the Services in order to create aggregate usage data for both internal use and, in some cases, public dissemination. Such statistics will not contain any personal data about you or any other Jonda users.
4. When we disclose information to third parties
4.1. We may disclose your personal data and / or Account Information (excluding any Encrypted Data):
(a) Where such disclosure is required for performing obligations in the course of or in connection with our provision of the Services to you;
(b) To third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 3.1 above for us;
(c) To our affiliates or otherwise within our corporate group for the purposes of providing the Services or with your consent where required by applicable law;
(d) To comply with valid legal processes including subpoenas, court orders or search warrants, and as otherwise authorised by law;
(e) To professional advisors, such as auditors, law firms and accounting firms;
(f) In connection with a bankruptcy, merger, acquisition or sale or other business transaction, involving all or a portion of our assets or business, and user information will also be transferred as part of or in connection with the transaction;
(g) To enforce any applicable terms of service; or
(h) When you request us to share certain information with third parties;
4.2. The purposes listed in clauses 3.1 and 4.1 above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
4.4. It is worth noting that we will not disclose and we have no ability to disclose your Encrypted Data, unless you authorise us to access them and make the relevant disclosure.
5. Transfer of personal data to a foreign country
5.1. We store your information on our servers, and on the servers of the third-party service providers which we engage, which are located in Singapore, and we keep or transfer information to and from Singapore for storage and processing.
5.2. Aside from that mentioned in clause 5.1 above, we generally do not transfer your personal data to countries outside of your country of residence. However, if we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the applicable laws relating to privacy and data protection.
6. Your controls and choices
6.1. We provide you the ability to exercise certain controls and choices regarding our collection, use and disclosure of your personal data. In accordance with applicable law, your controls and choices may include:
6.1.1. Access to and correction of personal data. If you wish to (i) access the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (ii) correct or update any of your personal data which we hold about you, you can access the personal data we hold about you by logging into your account. If you believe we hold any other personal data about you, you may submit your access or correction request via email to our data protection officer at the email address provided below. In case you have made your subscription via an app store, then you may have to request for access to or correction of your subscription / personal data on the relevant app store platform as per their applicable processes. For the avoidance of doubt, please note that we do not have access to your Encrypted Data, unless you have authorised us to access the same.
6.1.2. Data portability. In some jurisdictions, the applicable law may entitle you to request copies of personal data that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). You can issue such a request by contacting us using the information below. In case you have made your subscription via an app store, then you may have to request for access to your subscription / personal data or portability of your subscription / personal data on the relevant app store platform as per their applicable processes.
6.1.3. Withdrawal of consent. For data that we collect and process based on consent obtained from you, you may withdraw your consent at any time, by selecting preferences available on our app, on your device, or by contacting us using the information below. We shall review your request and may ask you to verify your identity. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Services to you. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.
6.1.4. Data erasure. In certain jurisdictions where you have the legal right to request for the erasure of your personal data, you can request that we erase your information and close your Jonda account by contacting us using the information below. The erasure of your information will result in your subscription being terminated without any refunds. In case you have made your subscription via an app store, then you will have to unsubscribe yourself from the relevant app store platform and / or request for the erasure of your personal / subscription data on the relevant platform as per their applicable processes. Please note that if you request for the erasure of your personal information, we may retain some of your personal information as necessary for our legitimate business purpose, such as fraud detection and prevention and enhancing safety, or to the extent necessary to comply with our legal obligations.
6.1.5. Objection to processing. In certain jurisdictions where you have the legal right to object to the use of your personal data with respect to certain types of processing, you may object by changing your preferences, or disabling cookies and other tracking technologies. If you wish for us to cease or restrict processing of your personal data then, unless the Services allow you to select available preferences, you should cease to use the Services. In case you have made your subscription via an app store, you may have to object to the processing of your subscription / personal data on the relevant app store platform as per their applicable processes.
6.2. We may need to collect and process personal data by law, or under the terms of a contract we have with you. If you choose not to give us this personal data or if you wish for us to cease or restrict processing of such personal data, it may delay or prevent us from providing the Services to you or providing you with further access to your Jonda account.
7. Integrity and retention of information
7.1. You must keep your Account Information accurate, complete and up-to-date.
7.2. Jonda will retain personal data about you as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and it is no longer necessary for legal or business purposes.
8. Cookies and other tracking technologies
8.1. A cookie is a small text file that can be stored on and accessed from your device when you use the Services, to the extent you agree. Other tracking technologies work similarly to cookies and place small data files on your devices or monitor your website activity to enable us to collect information about how you use the Services. The information provided below about cookies also applies to these other tracking technologies.
8.3. Most websites, mobile devices and apps automatically accept cookies but, if you prefer, you can change your browser, device or app settings to prevent that or to notify you each time a cookie is set. Please note however, that by deleting or disabling cookies used on our Services or website, you may not be able to take full advantage of our Services or website.
9. Children’s privacy
9.1. We do not knowingly permit any person who is under 16 years of age to register for an account. If we become aware that any person less than 16 years of age has been registered for an account, then we will take the appropriate steps to delete the relevant account and any information provided with respect to that account.
9.2. If you are above the age of 16, you will be able to create multiple profiles under your Jonda account, which may include profiles for individuals under the age of 16. Where you create a profile for an individual under the age of 16, you represent and warrant that you may validly act on behalf of that individual for the registration, creation and management of that individual’s profile, as well as for the collection, use or disclosure of that individual’s personal data.
10. Jurisdiction-specific provisions
10.1. European Union
10.1.2. For the purpose of applicable data protection laws, we are the data controller.
10.1.3. Your information will be processed on the basis of the following legal bases:
10.1.4. Your rights. If you are located in the EEA or the UK, you have certain rights in relation to personal information about you:
(a) Access: You have the right to access information we hold about you, how we use it, and who we share it with.
(b) Portability: You have the right to receive a copy of the information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
(c) Correction: You have the right to correct any personal information about you we hold that is inaccurate.
(d) Erasure: In certain circumstances, you have the right to delete the information we hold about you.
(e) Restriction of processing to storage only: You have the right to require us to stop processing the information we hold about you, other than for storage purposes, in certain circumstances.
(f) Objection: You have the right to object to our processing of personal information about you.
(g) Objection to marketing: You can object to marketing at any time by opting-out using the unsubscribe / opt-out function displayed in our communications to you.
(h) Withdrawal of consent: You have the right to withdraw your consent at any time.
10.1.5. Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law.
10.1.6. To exercise any of these rights, you can contact us using the information provided below. We will respond to requests to exercise these rights without undue delay and we will use reasonable efforts to respond within one month of receipt of the relevant request (though this may be extended by a further two months in certain circumstances).
10.1.8. Retention of personal information. We will retain personal information about you as follows:
(a) Where you have authorised us to access and share or exchange your Health Data, we will retain your Health Data for as long as you keep your account open or as needed to provide you with the relevant Services;
(b) Your Account Information for as long as you keep your account open or as needed to provide you with our Services;
(c) If you contact us, we will keep your data for as long as you keep your account open or as needed to provide you with our Services;
(d) Your Usage Information for as long as you keep your account open and as long as it is needed to provide our Services and usage metrics; and
(e) We will also retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies.
10.2. If you live in another part of the world not specifically mentioned here, please contact our data protection officer using the information provided below.
11. Changes to this policy
12. Contact us