Rewellth’s Privacy Policy in accordance with HIPAA and GDPR. 

GLOSARY: 

    Term or Section Description or Definition
    Personal Data Any information related to an identified or identifiable natural person.
    Consent Explicit and informed agreement of the user for the processing of their personal data.
    Cookies Small text files that are stored on the user’s device to collect data about their interaction with the website or application.
    Third Parties Companies or individuals who are not the user or the owner of the website or application, with whom personal data can be shared under certain conditions.
    Breach (Security Breach) Unauthorized access to computer systems resulting in the exposure or potential exposure of personal data.
    Commitment to Health Information Privacy and Security: A HIPAA-Based Approach Describes the organization’s dedication to protecting health information in compliance with HIPAA regulations.
    Privacy Practices of ‘Xelentium Global Health Initiatives’: Protecting Your Health Information according to HIPAA Details specific practices to safeguard health information under HIPAA guidelines.
    How We Protect Your Health Information: Privacy Policies aligned with HIPAA Outlines the methods and policies used to protect health information, aligning with HIPAA standards.
    Our Privacy Practices and Your Health Information: Compliance with HIPAA A statement of adherence to HIPAA rules concerning the management of health information.
    Privacy Policy for Protected Health Information (PHI) under HIPAA A policy document detailing how PHI is handled to ensure compliance with HIPAA.
    Notice of Privacy Practices: Compliance with HIPAA Standards A document that communicates the privacy practices in place, showing compliance with HIPAA standards.
    Ensuring the Privacy of Your Health Information: A Commitment to HIPAA Guidelines Emphasizes the commitment to maintaining the privacy of health information as per HIPAA guidelines.
    Privacy and Data Protection Policy: HIPAA Compliant Approach Discusses the overall approach to privacy and data protection in line with HIPAA compliance.
    Handling of Protected Health Information (PHI): Privacy Policies in Compliance with HIPAA Describes the protocols for managing PHI in compliance with HIPAA regulations.

    Introduction :

    At Rewellth, we value the transparency and control our users have over their personal data. Therefore, consent for the collection and use of data is given explicitly and voluntarily through our platform. Users can provide their consent upon registration and are free to withdraw it at any time, ensuring their autonomy and respect for their privacy. This approach reflects our commitment to data protection and our users’ trust.

    At Rewellth, we prioritize your privacy and security. We implement advanced security measures, such as 256-bit SSL encryption to protect data in transit and AES encryption for data at rest. Our security infrastructure is complemented by regular audits and robust security practices to prevent unauthorized access and ensure the integrity of your information. Key Term Definitions

    • Health Personal Information (PHI): At Rewellth – hub Our platform keeps personal data and can only be handled by that means. similarly, the Health Personal Information (PHI), which refers to confidential and sensitive medical data. This information does not handle outside the REWELLTH – HUB platform.
    • Cookies: Cookies are essential tools that help improve your experience on our platform. You have total control over the use of cookies through your browser settings, where you can accept, reject, or delete cookies as you prefer, thus ensuring greater management of your privacy.

    Implemented Security Measures:

    At Rewellth, we are firmly committed to protecting the Privacy of Health Personal Information (PHI) of our users. As part of this commitment, we apply the following technologies and security practices to ensure PHI both in transit and at rest:

    • Data Encryption in Transit: We use 256-bit SSL encryption to ensure that all data transmitted between our users and our servers are protected against unauthorized access.
    • Data Encryption at Rest: The information stored on our systems is protected using AES encryption, ensuring that sensitive health data remains secure and accessible only to authorized users.
    • Secure WebRTC Services for Video Consultations: Our video consultations rely on the WebRTC service, which employs robust security measures to protect data transmission. This includes:
      • Secure Connections: Each established session is secure, using secure tokens that are regenerated for each session. Random AES keys are generated at the start of the media connection and are renewed periodically to increase security.
      • Encrypted Data Transmission: We use Transport Layer Security (TLS) to encrypt all voice and video data. We employ the SRTP protocols for media traffic encryption and DTLS-SRTP for key negotiation, ensuring data integrity and verification through the use of AES encryption with 128-bit keys.
      • These measures strictly align with the standards set by the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), reinforcing our commitment to the security of our users’ health information.
      • Commitment to Security and Privacy in accordance with HIPAA and GDPR

    At Rewellth, our mission is to ensure the maximum security and privacy of the Health Personal Information (PHI) of our users. This commitment is based on strict compliance with the most demanding global regulations, including the Health Insurance Portability and Accountability Act (HIPAA) of the United States and the General Data Protection Regulation (GDPR) of the European Union.

     

    Implementation of Security Technologies and Practices:

    • Advanced Encryption: We use 256-bit SSL encryption for data protection in transit and AES encryption for data at rest. These encryption technologies not only meet but exceed the security standards established by HIPAA and GDPR, ensuring that all health information remains private and secure.
    • Secure WebRTC Services for Video Consultations: Our use of WebRTC services for video consultations incorporates secure connections and encrypted data transmission, using protocols such as SRTP and DTLS-SRTP. These measures ensure the confidentiality and integrity of real-time communication, essential for the protection of PHI requirements under HIPAA and GDPR.
    • Specific Examples of PHI Protection:
    1. Secure Authentication: To access the platform, users must go through a robust authentication process. This additional layer of security prevents unauthorized access to PHI, aligning with HIPAA’s “Minimum Necessary Access” and “Strong Authentication” principles.
    2. Role-Based Access Control: Our platform assigns specific permissions to users based on their roles, ensuring that only authorized personnel can access PHI. This approach complies with GDPR’s “Privacy by Design” rule and HIPAA’s “Privacy Rule.”

    By implementing these and other advanced security measures, Rewellth is committed to protecting the health information of our users, respecting and complying with the most rigorous international regulations on privacy and data security.

     

     

     

    Data Collection At Rewellth

    Our dedication to privacy and security is fundamental, especially when collecting indispensable personal information such as name, surname, contact, and email. This information is collected through our Rewellth-HUB platform and on our website www.rewellth.com, with the primary purpose of enriching our services and improving communication with users. This process is carried out with maximum integrity and transparency, always in strict compliance with current privacy laws to ensure the total protection of our users’ data. Moreover, we treat Health Personal Information (PHI) with the utmost care and respect, ensuring that its collection is conducted under your informed consent. We implement advanced security measures, in accordance with HIPAA regulations, to protect your PHI, ensuring it is used exclusively for authorized purposes and within a flawless security and privacy framework. Our commitment is to maintain a safe environment where your privacy is our highest priority, facilitating a secure and reliable user experience.

    Consent to Receive Notifications: As part of our commitment to your medical care, you agree to receive notifications and important communications related to your care through Rewellth-HUB. These notifications may include, but are not limited to, appointment reminders, health status updates, and informational messages about our services. We commit to sending these communications exclusively through our platform, ensuring your privacy and confidentiality in accordance with this Privacy Policy. We will not share your contact information or use your data to send communications through third parties without your explicit consent.”

    Focus on User Benefit :

    It is relevant to emphasize that our privacy policies not only adhere to legal obligations but are also designed to directly benefit the user. At Rewellth, we recognize the importance of user trust and satisfaction as fundamental elements. By safeguarding the privacy of personal data, we are enhancing the overall user experience by providing a safe and reliable environment. Additionally, by maintaining total transparency in our data collection and use practices, we are strengthening user trust in Rewellth as a provider of health and wellness services. We are committed to ensuring that our users have a clear understanding of how their data is managed and how this contributes to a more positive experience on our platform.

    Privacy of Minors: At Rewellth, we are committed to protecting the privacy of minors. We do not intentionally collect personal information from minors without the explicit consent of their parents or legal guardians. We rigorously comply with applicable laws and regulations regarding the protection of minors’ data and take additional measures to ensure their privacy and security on our platform. We encourage parents and guardians to actively participate in and monitor minors’ internet use, thus ensuring a safe and positive experience on Rewellth.

    Education and Security Recommendations for Users:

    At Rewellth, we prioritize Your online safety and privacy. To protect your personal information, we recommend using strong passwords and changing them regularly. Periodically review your account data to ensure they are up-to-date and accurate. Be alert to suspicious emails to avoid falling victim to phishing scams. Take proactive steps such as setting up security alerts on your account and familiarizing yourself with the privacy control tools available on our platform.

    Express Consent:

    At Rewellth, consent is the cornerstone of our interaction with your data. You grant your consent explicitly upon registration and can withdraw it at any time. This transparent process ensures you are informed and in control of how your data is used.

    User Consent and Control Policy :

    At Rewellth To reinforce our privacy policy at Rewellth, we include clear provisions on consent. Upon registration and before any additional data collection, we ask users to actively express their consent, either by checking a box or selecting an acceptance button. This ensures their ongoing understanding and agreement with our data handling practices. Moreover, we provide options for users to review, modify, or withdraw their consent at any time, thus reinforcing our commitment to their autonomy and privacy.

    Commitment to Periodic Review: At Rewellth, we commit to keeping our Privacy Policy up-to-date, regularly reviewing it to reflect any changes in our business practices, the adoption of new technologies, or applicable legislation that may affect the protection of our users’ personal data. This commitment involves conducting annual reviews, as well as additional reviews in case of significant changes in our operations or relevant legislation. We ensure that any significant updates to our Privacy Policy are communicated clearly and directly to our users, guaranteeing their right to be fully informed. This transparent and timely communication process ensures that Rewellth users always have access to the most current information on how we protect their personal data and how they can exercise their privacy-related rights. Our goal is to ensure that our privacy practices not only comply with current regulations but also reflect our ongoing commitment to the security and trust of our users.”

    Data Retention Period : Data Retention Period and International Data Transfer

    At Rewellth, we retain your personal data only for the time necessary to provide you with our services, fulfill our legal obligations, and keep you informed about scientific or technological advances that may arise and be of direct interest or benefit to you. This retention period is adjusted to the specific needs of the services you requested, our legal obligations, and applicable regulations, always ensuring the protection and confidentiality of your data.

    To be more specific: For active services and health monitoring: Your data will be retained as long as our contractual relationship lasts. This includes the time necessary for the provision of medical services, treatment follow-up, and appointment management. Legal obligations and regulations: Depending on the applicable legislation, the retention period may vary, adjusting to what is stipulated by relevant data protection and privacy laws. Communication about scientific advances: If you opt to receive communications about relevant scientific or technological advances, we may retain your contact information beyond the termination of our active services, for a maximum period of 5 years after your last interaction with us. This timeframe has been established considering the relevance and potential value of such information for your wellbeing. We commit to periodically reviewing and adjusting our data retention criteria to align them with best practices and regulations in data protection. You have total control over your data, with the freedom to update your communication preferences or withdraw your consent at any time, through the mechanisms we provide on our platform.

    International Data Transfer: International Data Transfer: At Rewellth, the security and privacy of personal data are a priority, regardless of geographical borders. We strictly adhere to international data transfer regulations to ensure a level of protection equivalent to that of our jurisdiction. Our technological infrastructure, with servers and cloud solutions distributed by each country of operation, eliminates the need for internationally transferring Health Personal Information (PHI) and other personal data, allowing us to process and store the information locally and in accordance with local laws. Only in exceptional situations, and always with your explicit consent, could international transfers of non-PHI personal data be carried out, handling them with utmost care. We commit to respecting all relevant data protection regulations in these transfers, ensuring the protection of your privacy rights at all times. This commitment underscores our dedication to keeping you informed and in control of your health and wellbeing, while providing maximum security for your personal data. The privacy and security of your data are our top priority at Rewellth. We tirelessly work to implement the best practices and technologies in data protection, ensuring that your information is safe with us, regardless of borders. Moreover, at Rewellth, we commit to maintaining total transparency with our users regarding any international data transfer, informing in advance about the nature, purpose, and destination of such data. We strongly believe in keeping our users fully informed about how and where their data is processed, reinforcing our trust relationship and ensuring their right to make informed decisions about their personal information

    Security Practices and Privacy Education:

    Introduction: At Rewellth, we consider the security of personal data and privacy education as fundamental elements in protecting our users’ information. Our commitment goes beyond complying with data protection regulations and includes collaborating so that users take active measures to protect their personal information. In this section, we present a series of recommendations and resources that strengthen account security, data management, and awareness of potential threats, thus reinforcing our commitment to our users’ privacy and security.

    Account Security: “We strongly recommend that our users use strong and unique passwords for their accounts at Rewellth, complying with established security standards. Additionally, we suggest changing their passwords periodically as an extra measure of protection.” Data Review: “We urge users to regularly review the personal information stored in their accounts to ensure its accuracy and update. This contributes to maintaining data integrity and complying with our information quality policies.”

    Privacy Control: We inform our users about the tools and settings available on Rewellth to manage the visibility and access to their personal data. We provide them the ability to control and customize their data privacy according to their preferences.

    Security Alerts: We recommend that users set up alerts or notifications on their accounts to monitor any suspicious activity. This measure helps to detect and respond quickly to potential threats to their data security.

    Phishing Education: We provide guidance to our users on how to identify and avoid phishing emails and other forms of social engineering designed to gain unauthorized access to personal information. We encourage vigilance and awareness of potential threats.

    Contact for Questions: “We make a direct contact channel available to our users, such as a support email address, so they can raise questions or concerns related to the privacy and security of their data. We are committed to offering assistance and clarifications in a timely manner. at legal@rewellthl.com

    Right of Objection and Rectificationn : In addition to the rights of access, modification, and deletion, users have the right to object to the processing of their data and to correct any inaccurate information they may identify in their profile.

    Term and Procedure: Users of Rewellth have the right to object to the processing of their personal data and to rectify any inaccurate information they identify in their profile. The exercise of these rights must be carried out following the procedure below:

    • Users wishing to object to the processing of their data or rectify inaccurate information must submit a written request, clearly stating the reason for the objection or the required correction.
    • The request must be sent to the email address provided in our privacy policy or to the postal address indicated in the same document. legal@rewellth.com
    • The company will respond to these requests within a maximum period of 5 to 8 business days from the receipt of the complete and valid request.
    • If the request is rejected or cannot be fully complied with, a reasoned explanation will be provided to the user.

     

    Data Retention: During the objection or rectification process, the personal data subject to such request will be suspended in its use, unless the user specifically requests otherwise or it is required to be maintained in compliance with applicable regulations.

     

    Response and Notification: The company will respond to objections and rectification requests within the established timeframe, notifying the user about the actions taken concerning their request.

     

    Follow-up: A record of the objections and corrections made will be maintained, and this record will be available to users who request it.

     

    Collaboration and Commitment: Privacy and data protection are fundamental at Rewellth, and we value our users’ trust in our practices. Therefore, we encourage them to contact us with any concerns so that we can address their concerns effectively and satisfactorily. We are committed to providing a service that meets the highest standards of privacy and data security.

    Prohibition of Discrimination: It is guaranteed that the exercise of the rights of objection and rectification will not result in any discrimination or unfavorable treatment by the company.

     

    Clarification of Consequences: It is important that users understand that exercising these rights could lead to limitations in the provision of certain services if certain necessary data is corrected or deleted.

     

    Clear Language: All information and procedures related to the exercise of these rights will be communicated clearly and easily understandable for users, so they are informed about how to exercise these rights and what they can expect in terms of response and resolution of their requests. In case of any dissatisfaction, you could communicate to legal@rewellth.com

     

    Responsibility

    The policy clearly establishes Rewellth’s responsibility in case of non-compliance with data privacy and how complaints or claims will be handled. We implement a procedure that starts with changing the access key and contacting us at legal@rewellth.com; the request will be responded to between 5 to 15 business days.

     

    Notification Procedure for Security Breaches : We have established a detailed procedure to notify users about any security breach that may occur and take immediate action to remedy the situation.

     

    User Responsibility for the Use of Access Credentials : At Rewellth, we emphasize the importance of the security and privacy of our users’ data. As such, it is the exclusive responsibility of the user to maintain the confidentiality of their access credentials, including, but not limited to, their username and password. The user commits not to share these credentials with third parties and is solely responsible for all activities that occur under their account.

     

    Use by Third Parties and Minors  : The user acknowledges that any access and use of their account by third parties, including minors, are at their own risk and responsibility. In the case that the user allows a minor to use their access credentials, the user assumes full responsibility for all actions taken by the minor within the Rewellth platform and any consequences arising from such use. Rewellth is not responsible for unauthorized access to their account resulting from the shared use of credentials or access by minors.

    Access and Use of Services by Minors with Supervision of Parents or Legal Guardians

    • Use Restriction: Rewellth is designed for users of legal age according to the applicable legislation of the country where the user resides. Access and use of our services by minors are restricted and only allowed under the explicit supervision and consent of a parent, mother, or legal guardian.
    • Responsibility of Parents or Guardians: By allowing the use of Rewellth’s services by a minor, the parent, mother, or legal guardian accepts and assumes full responsibility for the minor’s activities within our platform.
    • Consideration of Fraudulent Access: Any registration or access by a minor without appropriate consent will be considered fraudulent access. Users, by accepting our terms and conditions, acknowledge this condition and agree to waive any legal claim against Rewellth related to such access.

    Consequences of Improper Use of Credentials :

    The user agrees that any improper use of their access credentials, including access and use by third parties or minors, may result in the violation of their personal data privacy and/or the information of other users, as well as potential legal actions against them. The user commits to immediately notify Rewellth in case of suspicion of any unauthorized use of their account or any other security breach.

    Consumer Privacy Rights : We comply with local data privacy laws and allow users to exercise their privacy rights according to applicable regulations. Effective Date The privacy policy comes into effect from today; any future changes will be notified to users transparently.

    Updates to Privacy Policies: To ensure that users are always aware of updates to our Privacy Policy, we have implemented a clear and direct process. Whenever significant changes are made to our policy, we will require users to review and accept the new version upon re-entering the platform. This approach ensures total transparency and ensures that all users give their informed consent continuously, reaffirming our commitment to their privacy and security.

    Acceptance of Responsibility : By accepting the terms of this Privacy Policy, the user confirms their understanding and agreement with these conditions, acknowledging their responsibility in protecting their access credentials and assuming the consequences of their use by third parties, including minors. Rewellth reserves the right to take the necessary measures to protect the integrity of the platform and the security of all its users’ data. For any concerns or need for assistance related to the security of your account, please contact us at legal@rewellth.com

    Contact Information :

    If you have questions or concerns related to privacy, do not hesitate to contact us at legal@rewellth.com For more information about the terms and conditions, please consult this link https://rewellth.com/en/terms-and-conditions/

    (abre en una nueva pestaña)