Last Modified: April 26th, 2020
Introduction: our commitment to your privacy
Our vision at K is to provide you with free access to relevant health information based on data collected from outside Indonesia. Our ability to offer you relevant health information is based on your agreement to share with us your specific symptoms, and your information such as your age and gender. Only when K knows this information about you, it is able to compare you to similar people outside Indonesia and tell you what they were diagnosed with and how they were treated. The more specific information you give us about you and your symptoms, the more accurate and relevant information we are able to provide you with.
The security of your personal information and your privacy are extremely important to us. When you share your personal information with us, we apply high security standards to our operational practices and work in compliance with all applicable privacy laws. We are compliant with the European Data Protection Regulations (“GDPR”), which are very progressive laws governing data protection, and, although they do not give rights to our users in Indonesia, set high standards in regards to your data which we endeavor to follow (to read more about your rights that stem from our GDPR compliance, click here). It is our intent to be at the forefront of data privacy and protection.
Our commitment to your privacy also means that we will use your data only to improve our services and to provide them to you. We will never sell your personal information to anyone. You will never see advertisements on our service that were tailored to you based on the information you provided us.
Using K anonymously
We believe everyone should have the right to know more about their health, even when they want to remain completely anonymous. It is your choice whether you want to use K anonymously, or whether you want to create a user account, that requires you to provide us with your email address and phone number.
When you use K anonymously, you need to provide a username (you may choose any name you’d like) and tell us your age and gender. Giving K information about your age and gender enables our AI models to ask you the right questions about your symptoms, and provide you with contextual results to your specific case. Note that when you use K anonymously and do not create a user account, you will not be able to recover your information in case you uninstall the app or lose your phone, and you may not be able to use all our service.
Creating a secure user account
You may create a user account which we will verify through your email and an SMS sent to your phone. This option gives you an extra layer of privacy, as you can log out of your account at any time. Having an account also gives you the ability to access your information when you log on from another device (for example, when your phone is lost or broken), and to use all of our services that are available in your location. When you create an account you may also add information about your medical history, chronic conditions or smoking habits. When you add this information to your profile, K is able to provide you with more accurate results relevant to you and your case, and they are saved so you don’t have to enter them each time you use the app.
What types of information do we collect?
We collect non-personal information, which is un-identified and non-identifiable, both about users who use K anonymously and about users who create an account. This information mainly consists of technical and aggregated usage information, such as browsing activities, non-identifying information regarding the users’ devices, operating system, internet browser, and similar information.
We also collect personal information, which is information that identifies an individual or may, with reasonable efforts, cause the identification of an individual. This information may include your name, phone number, date of birth, gender, location, IP address, billing information (name, physical billing address, payment method and transaction details), email address, and in some instances, a copy of your identity card or other government-issued personal identification for identity verification purposes.
Personal information may also be related to your health, such as information about your illness, symptoms and their potential causes, medical history, test results, and any other personal health information.
How do we use the information we collect?
We are using the information we collect for the following purposes:
- To provide you with relevant health information: The main reason we collect personal information is to enable K to give you relevant information about your health based on non-Indonesian data. K is not a medical advice or diagnosis. K asks you detailed questions about yourself and your symptoms only to compare your case with people outside Indonesia who share your age, gender, and symptoms. Sharing your information with the app enables K to provide you with relevant health information based on what thousands of doctors outside Indonesia did for people like you when they were in your situation.
- To make K smarter: We may use the information we collect in order to improve our AI models, so that we are constantly improving the information we provide our users. When you are using K, you are not only learning from people like you, they are also learning from you and your experiences. Over the long term, this growing repository of health experiences and clinical decision-making will accelerate medical research and improve our understanding of human disease. The information we use to improve our machine learning algorithms and technology is always used in an aggregated and anonymized way, and can never be traced back to you.
- To enable the use of our service: We may also use the information we collect in order to operate and customize our services; for example, to remember information about you so that you will not have to re-enter it when using our app, or to provide you with customer assistance and technical support.
- To contact you: We may use the information to be able to send you promotional content about our services by e-mail, text messages, push notifications and similar forms of communication from us or our partners (acting on our behalf). If you do not wish to receive such promotional messages, you may notify us at any time at firstname.lastname@example.org, or follow the “unsubscribe” or “STOP” instructions contained in the promotional communications you receive.
- As part of our user support: We may also contact you with important information regarding our services, such as in event a certain service is temporarily suspended for maintenance, to reply to your support inquiries. It is important that you are always able to receive such messages. For this reason, you are not able to opt-out of receiving such service unless you are no longer a user of the services. These types of messages are not encrypted, however, if we need to share information with you of a sensitive nature, we will direct you to log into the app in order to receive such information securely.
- For other legitimate interests: We may also use your personal information to enhance our data security and fraud prevention capabilities and tools, to support legitimate interests that we have as a business (such as for by identifying user trends) and to comply with any applicable laws and regulations or in connection with legal proceedings. We may also use your personal information in other ways for which we provide specific notice at the time of collection or for which you may in the future consent.
For the avoidance of doubt, the consent given herein is considered a consent contemplated under Indonesian Government Regulation No. 71 of 2019 regarding the Provision of Electronic System and Transaction (Peraturan Pemerintah No 71 tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik) and Minister of Communication and Informatics Regulation No. 20 of 2016 regarding Personal Data Protection in Electronic System (Peraturan Menteri Komunikasi dan Informatika No. 20 tahun 2016 tentang Perlindungan Data Pribadi Dalam Sistem Elektronik) (“MOCI Reg 20/2016”) as the same may be amended, supplemented or superseded from time to time.
How do we collect information?
- Information you share with us: We collect the information you provide to us, for example when you create an account, contact us directly or write to us on social media platforms. This information may include personal information including information relating to your health.
- Information we collect automatically: When you visit or use our app or website, we may gather, collect and record information about it. We do this ourselves or with the help of third-party services, including through the use of “cookies” and other tracking technologies, as further detailed below. This information may include your IP address (which may also be associated with your domain name or the domain name of your internet service provider), data relating to your use and navigation, unique identification numbers associated with your mobile device or our mobile application and your approximate geographical location.
- Information we receive from third parties and social media: We cooperate with third parties who help us operate K. From time to time, we may receive information about you from those third parties (such as Apple’s Healthkit or Fitbit).
When and with whom do we share your personal information?
- Third party service providers: We may share personal information with certain service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, communications and content delivery networks (CDNs), data and cybersecurity services, billing and payment processing services, session recording and remote access services, performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors. Click here to see the list of our third party service providers.Such service providers may have access to personal information according to their particular roles and purposes, and may only use the information for such purposes.
- Affiliates, Subsidiaries: We may share personal information with our own affiliates, subsidiaries, or any other member of the K Health group company, including our and their employees, contractors and service providers.
- Development, Transactions, Liquidation: We may share personal information with third parties in connection with a business or application development, transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or related or similar proceedings.
- Law Enforcement, Legal Requests and Duties: Where permitted by local data protection laws, we may disclose your personal information pursuant to a legal request, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
- Protecting Rights and Safety: Where permitted by law, we may share your personal information with others if we believe in good faith that it will help protect the rights, property or personal safety of K, any of our users, or any member of the general public, with or without notice to you.
We will comply with any applicable laws and regulation in relation to any cross-border data transfer that may occur during the sharing and/or disclosure of your personal information, including coordinating and submitting all required reports to the Indonesian Minister of Communication and Informatics as may be required under MOCI Reg 20/2016
With whom do we not share your personal information?
- We will never sell your personal information to anyone.
- We will never share your personal information with advertisers. We only share usage information stripped of both identifying information and any personal health-related information that helps us optimize our marketing campaigns.
When do we share non-personal information?
Information that cannot be traced back to an individual is non-personal information, such as anonymized or aggregated information. We may transfer, share, disclose or otherwise use anonymized, aggregated or other non-personal information in our sole discretion and without the need for any further approval from you. You accept that we own all the aggregated and anonymized data collected or created by us, and you consent to our use of such anonymized, aggregated or other non-personal information in any manner our discretion.
What about information you want to share with others?
K enables you to share your personal information with others, including healthcare providers, friends and contacts via social media, via our app or otherwise. Please use caution when sharing your personal information with others. The information you share will be shared according to your instructions and actions, and we have no control over what happens with your information once you share it with others, and you hereby acknowledge and agree that we have no liability for any use which they may make of your information once you share it.
How long do we keep your personal information?
We will keep your personal information in an encrypted form for as long as your user account is active, in order to allow you to have access to your information and to provide you with our services.
We may continue to retain your personal information even after you deactivate your user account or stop using K, as reasonably necessary to fulfill our purposes as we explained above and to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests. However, we always delete the information if you have not been using the app at all for twelve months subject to your request of erasure of personal information (if any).
When your personal information is no longer required, we will ensure it is securely deleted.
Your GDPR rights in relation to your personal information
The GDPR-related rights which we grant you are the following:
- The right to be notified of your personal information.
- The right to receive a copy of your personal information, as historically provided to us.
- The right to request the correcting of any inaccurate or incomplete personal information. You also have the right to update and alter your personal data from time to time, including by means of providing a supplementary statement.
- The right to request the permanent deletion of any or all your personal information from our servers (unless there is a legitimate and legal reason for which we are unable to do so, in which case we will inform you of this in writing).
- The right to restrict or object to the processing of any personal information.
- The right to withdraw consent.
- The right to file a complaint with your local supervisory authority (in case of Indonesia, the Ministry of Communications and Informatics) for data protection (but we still recommend that you contact us first).
In order to receive information about your personal information, or exercise any of your GDPR-related rights, please contact us at email@example.com.
Before disclosing the requested personal information, we may ask you for additional information in order to confirm your identity and for security purposes. We will ordinarily not charge you any amount in relation to the exercise of your rights, nevertheless, we reserve the right to charge a fee that reflects that administrative cost where permitted by law (e.g. if your request is unfounded or excessive).
Please note that if you exercise your right to be forgotten, or ask us to stop processing your information, the deletion of your personal information will be irreversible and non-retrievable, and you will not be able to use our services.
How old do you have to be to use K?
At present, all our services at K are not designed for anyone under the age of 21. Furthermore, we do not knowingly collect or solicit any information from anyone under the age of 21. If we learn or are informed that we unintentionally collected personal information from an individual under the age of 21, we will delete such information. If you believe that we might have any information regarding a person under the age of 21, please contact us at firstname.lastname@example.org. We also assume that anyone using K services can make a binding contract.
Where is the information stored?
Who has access to your personal information?
Your personal information may be processed or accessed by K staff, including our employees, contractors and service providers in the US or elsewhere. Our staff members that have access to personal information and sensitive data are specifically trained and are granted only the minimal access rights required to perform their duties. We have detailed internal privacy and security policies and procedures and perform periodic training of our staff to ensure that they are all aware of our security and privacy procedures.
What security measures do we take to secure the data?
We care deeply about the security of your information, and we maintain high standards of physical, administrative, and technological safeguards to preserve the integrity and security of all information collected by us.
We use encrypted transportation of any data when it is transferred from the app to our servers, and we encrypt the data while it is stored in our database servers.
We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and third party services for further enhancing the security of our services and protection of our users’ privacy.
Please note that regardless of the measures and efforts taken by K, we cannot and do not guarantee the absolute protection and security of your personal information we hold. In the event that any information under our control is compromised as a result of a breach of security or a technical failure, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
We, together with our marketing, analytics and technology partners, use certain monitoring and tracking technologies (such as cookies, beacons, pixels, tags and scripts) on our website, certain partner sites and social networks. These technologies are used in order to maintain, provide and improve our services on an ongoing basis, and in order to provide our users with a better experience. Such technologies enable us to maintain and keep track of our users preferences and authenticated sessions, to better secure our services, to identify technical issues, user trends and effectiveness of campaigns, and to monitor and improve the overall performance of our services.
In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the user’s preferences (such as regarding default settings), monitoring performance of our services, and generally providing and improving our services.
If you would prefer not to accept cookies, most browsers will allow you to adjust your settings to notify you when you receive them, automatically reject them or disable existing ones. Depending on your mobile device and operating system, you may not be able to block and delete all cookies.
Deleting cookies does not delete Local Storage Objects (LSOs) such as Flash Objects and HTML5 Local Storage or Session Storage. If you use Google Chrome, You can learn more about locally stored data in your browser, and how to control at: https://www.google.com/chrome/privacy/.
Please note that deleting our cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of our services, or may otherwise adversely affect your user experience.
How do I manage cookies?
Most web browsers let you choose whether to accept cookies. Most also let you delete cookies already set. The choices available, and the mechanism used, will vary from browser to browser. Such browser settings are typically found in the “options”, “tools” or “preferences” menu. You may also consult the browser’s “help” menu. For example:
- Cookie settings in Internet Explorer
- Cookie settings in Firefox
- Cookie settings in Chrome
- Cookie settings in Safari
There are online tools available for clearing all cookies left behind by the websites you have visited, such as www.allaboutcookies.org. Usually, deletion of cookies will anonymize the information associated with the pixel and a website will not receive any further associated information.
In order to promote our app and services, we use platforms such as Facebook for online campaigns.
For example, we may use Facebook’s “Custom Audience Tool” to display interest-based ads promoting our app. We do not share personal information with Facebook, but given that Facebook knows the identity of their users, they may link the fact you clicked on our ad with your identity. Further, we report app events to Facebook to help optimize our campaigns, but we do not share with Facebook the meaning of such events. In other words, Facebook will receive information about your usage of the app (for example “User X completed apple” which means something about your usage of the app to us, but not to Facebook) but not any personal, medical or health related content. If you do not want to receive interest-based ads on Facebook, you can adjust your ad preferences through your Facebook settings. We use the same approach with other ad partners, such as Google; we will never share your personal information with any of them.
Choice of law and Dispute resolution
Please contact us also if you have any issues regarding our use of your personal information.
You may also contact us by mail at:
Attention: Privacy Officer
298 Fifth Ave., Seventh Floor
New York, NY 10001, USA