Privacy Policy
Welcome to iSTRONG Application, a mental health application dedicated to providing quality counseling and support services operated by Actualiz Co.,Ltd.. This Privacy Policy is designed to inform you about how we collect, use, store, and protect your personal information. Your privacy and the security of your data are of utmost importance to us, and we are committed to maintaining the highest standards of confidentiality and compliance with applicable data protection laws.
At iSTRONG Application, we understand the sensitive nature of mental health information. Therefore, we take extra care to handle your personal and health-related data with the utmost respect and confidentiality. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of the information we receive from you through our application.
By accessing or using our services, you agree to the terms and conditions outlined in this Privacy Policy. We encourage you to read this policy in its entirety to understand our practices regarding your personal information and how we will treat it.
If you have any questions or concerns about our Privacy Policy or our data handling practices, please feel free to contact us at following address and information.
Actualiz Co.,Ltd. (Head Office)
189/81 Thep Rak Road, Tha Raeng, Bang Khaen, Bangkok 10220
Tel. +662 0268949
Email: contact@istrong.co
1. Data Collection and Storage
1.1. Types of Data Collected
-
We collect personal identification information, which includes names, surnames (with an option for anonymity), dates of birth, employee IDs, and other identifying details necessary for account creation and personalization.
-
To facilitate effective communication and service delivery, we gather contact details such as email addresses, phone numbers, and mailing addresses.
-
Information related to the user’s preferences and settings within the app is collected, aiding in customizing and enhancing the overall user experience.
-
We collect comprehensive health-related data, which encompasses past and present health conditions, symptoms, treatment history, and other vital medical information. This includes notes, assessments, and outcomes from counseling sessions and interactions, as well as personal health metrics input by users about their mental and physical health status, lifestyle choices, and other relevant health details.
-
To ensure service compatibility and effective troubleshooting, we collect technical and device data. This includes the type of device used, operating system, app version, device identifiers, and other pertinent technical information. Additionally, we monitor how users interact with the app, such as the features they use, session duration, app navigation paths, and overall frequency of use.
-
We keep records of communication between users and our support team, any feedback provided, and interaction data from within the app. This also includes content created or shared by users within the app, such as posts in community forums, user comments, or shared stories.
-
Our app utilizes cookies and similar technologies to understand user preferences, analyze app usage patterns, and provide a tailored app experience.
-
Given the sensitive nature of our mental health services, we handle categories of sensitive data with enhanced security and privacy measures. Such sensitive data is collected strictly with explicit user consent and is safeguarded with utmost care.
1.2 Methodology of Data Collection
-
During account creation and profile setup, users provide personal details such as name, age, department, and contact information. This is fundamental for personalizing the user experience and service delivery.
-
We collect information entered by users while interacting with various features of the app, including during counseling sessions, feedback forms, or health assessments.
-
Data is gathered through direct communications with users via email, in-app messaging, or customer support interactions, enabling us to address user needs and improve service quality.
-
We automatically collect data on user interactions with the app, including pages visited, session duration, and frequency of use. This analytics help us in understanding user behavior and preferences.
-
Technical data from the user’s device, such as operating system, device model, IP address, and other relevant hardware information, is collected to optimize app performance and ensure compatibility.
-
We use cookies and similar technologies to collect data regarding app usage patterns, preferences, and customization settings. Users have the option to manage their cookie preferences within the app.
-
Integration with Virtual Meeting Apps
-
Our app integrates with virtual meeting applications for video calling in counseling sessions, enhancing the user experience with secure and efficient video consultations.
-
Essential user data is shared with these platforms, strictly limited to what is necessary for conducting video or voice counseling sessions, such as user contact details and appointment schedules.
-
Explicit user consent is obtained before any data sharing with virtual meeting platforms. Users can opt in or out of this feature and manage their settings related to these integrations within the app.
-
All video sessions conducted through integrated platforms are encrypted and secured. We offer guidelines for maintaining privacy and security during these sessions and provide comprehensive information about the integration, including data usage and user benefits.
-
-
We ensure that explicit user consent is obtained for all data collection, especially for sensitive information. Users are informed about the specific data being collected and its intended use.
-
Users are encouraged to provide accurate information and keep it updated for effective service delivery. They can update their personal information at any time through the app's settings or by contacting our support team.
-
Special attention is given to the collection of health data, ensuring it is done with the utmost care and strictly with explicit user consent.
1.3 Storage and Handling of Data
-
All data, including personal and health information, is encrypted both in transit and at rest to ensure security and confidentiality. This robust encryption safeguards data from unauthorized access and potential breaches.
-
Our data is stored in secure data centers located in Thailand. These facilities employ both physical and electronic safeguards and are monitored continuously to ensure the protection of your data against unauthorized access and environmental hazards.
-
Access to personal data within our organization is strictly limited to authorized personnel. Employees and contractors with access privileges are bound by confidentiality agreements and receive training in data protection and privacy. Regular security audits and vulnerability assessments are conducted to uphold the safety and security of our data storage and handling practices.
-
Users can access, review, update, or correct their personal information via the app. This capability empowers users to ensure the accuracy and up-to-dateness of their data. Additionally, upon request, we facilitate the export of user data in a commonly used format, enabling users to transfer their information to other services if desired.
-
Regular data backups are performed to prevent loss due to technical failures, cyber-attacks, or other unforeseen events. These backups are securely encrypted and stored. We have a comprehensive disaster recovery plan to quickly restore services in case of major incidents, minimizing impact on users.
-
Our data retention policies are clearly defined and communicated. We retain personal data only as long as necessary for service provision or as required by law. Upon the end of the necessity, data is securely disposed of or anonymized to prevent reconstruction or reading.
-
Our practices comply with all applicable data protection laws, including PDPA, GDPR, HIPAA, and other regional regulations. We maintain transparency in our data handling and are accountable for the data under our care. Regular updates to our practices are made in line with new regulations and technological advancements.
-
We respect user rights as outlined in data protection laws. These include rights to access, correct, and delete personal data, and the right to object to or restrict certain processing types. Continuous monitoring of changes in data protection laws ensures our practices remain compliant.
-
Proactive steps are taken to ensure data accuracy and currency. Users are provided tools to easily update their personal information and are encouraged to regularly review and update their profiles, especially regarding health status or contact details, to enhance service effectiveness.
-
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. This includes providing our services, complying with legal obligations, or for other legitimate business purposes. The duration of data retention is determined based on the nature of the data, the purpose of its collection, and any applicable legal or regulatory requirements.
-
In line with our contractual agreements with customers, we commit to retaining personal data for at least one year after the termination of a customer's contract. This practice ensures that we meet our obligations and provide continued service excellence even post-contract.
-
Upon the expiration of the retention period, or upon a user's request where applicable, personal data is securely deleted or anonymized. We adhere to industry-standard processes for secure data deletion, ensuring that the data cannot be reconstructed or read. This approach is an integral part of our commitment to respecting user privacy and protecting their personal information.
-
Our data retention policies are regularly reviewed and updated to ensure compliance with current laws and relevance to our business practices. We are dedicated to handling all personal data lawfully and ethically, respecting user rights as outlined in data protection laws. This includes rights to access, correct, and delete personal data, and to object to or restrict certain types of processing.
2. User Consent
-
When users register for an account or start using our application, we obtain explicit consent to collect, use, and forward their personal and health-related information as outlined in this Privacy Policy.
-
We ensure that users are fully informed about the types of data collected, the purposes for which it is collected, and how this information will be used and shared. All such information is provided in clear, easily understandable language.
-
Consent specifically covers the collection of personal identification data, health information, and other relevant details necessary for the effective provision of our services.
-
We also obtain user consent for sharing data with trusted third-party service providers, partners, and as required by law, ensuring transparency in all our data handling practices.
-
Special attention is given to sensitive data categories such as health and medical information. We obtain separate, explicit consent for the collection and processing of these types of data, recognizing their sensitive nature.
-
Users have the full right to withdraw their consent for the collection, use, and sharing of their data at any time. To exercise this right, users can simply send an email to contact@istrong.co indicating their desire to withdraw consent. Upon receiving a request for consent withdrawal via email, we will promptly process the request in accordance with our data handling procedures. Users should be aware that withdrawing consent may affect the availability and quality of certain services provided by the app. It's important for users to understand that withdrawing consent may impact their ability to use some or all of the services offered by the app. We will provide clear information on any service limitations or changes that occur as a result of consent withdrawal. We are committed to ensuring that all users are fully informed about how their consent withdrawal will affect their use of our services. Our team is available to address any questions or concerns regarding the process and implications of withdrawing consent.
-
Should there be any changes to our data collection and usage practices, we will promptly communicate these changes to users. Additional consent will be obtained if necessary to ensure ongoing compliance.
-
Our consent forms and processes are regularly reviewed and updated to ensure they align with legal standards and best practices in data protection and user privacy.
3. Data Minimization
-
We strictly adhere to the principle of data minimization, collecting only the data essential for the effective functioning of our app and the provision of mental health services. This approach includes limiting the collection of sensitive personal information to what is strictly necessary.
-
Our data collection is focused and specifically aligned with the app’s functionality. Essential information such as name, age, and contact details are gathered at account registration, avoiding any unnecessary personal details unless they are directly relevant to our counseling services.
-
Users have the option to limit the amount of data they share. We offer opt-out choices for additional data collection features and use only essential cookies for basic functionalities, subject to user consent.
-
Health-related data collection is strictly relevant to the counseling services offered. We avoid collecting unrelated health information, ensuring data collection is pertinent to user needs.
-
Unnecessary personal data is not collected in app features or feedback forms. For instance, mood tracking gathers only mood ratings and relevant notes. Where personal identification isn’t necessary, data is anonymized.
-
Data is retained only as long as necessary for its intended purpose, including legal compliance and service provision. Regular reviews ensure data is not kept longer than necessary, with secure deletion practices implemented for data no longer required.
-
Additional care is taken in data collection from minors, ensuring minimal data collection and mandatory parental or guardian consent.
-
All collected data is used strictly in line with its collection purpose. We limit data sharing, ensuring any shared data aligns with data minimization principles.
-
Our app’s technical architecture and operational practices are built around data minimization principles, ensuring user privacy and security.
4. User Permission Settings
-
Users can access, review, update, or correct their personal information within the app at any time, maintaining control over their data.
-
Users have the option to request the deletion of their personal data, to which we respond promptly and in compliance with legal obligations.
-
We utilize explicit consent mechanisms, especially for sensitive data like mental health information, ensuring users are fully informed and agreeable to such data collection.
-
Users can easily opt-out of non-essential communications and manage cookie preferences through the app and website settings. This includes accepting, rejecting, or customizing cookies, providing control over their online data.
-
Clear information about the types and purposes of cookies used by the app is provided, enabling informed decisions by users.
-
We employ robust security measures to protect user privacy and permission settings from unauthorized access or changes.
-
The app’s privacy and permission settings are regularly reviewed and updated to reflect best practices and legal requirements. Users are promptly notified of any changes within the app and via email, ensuring they are always informed and can adjust settings as needed.
-
Our commitment to transparency involves keeping users informed about changes that could affect their data privacy. We encourage users to regularly review their settings and stay updated with our Privacy Policy.
5. Account Sign-In
-
Users sign in with a username and password, essential for verifying identity and securing account access. For enhanced security, users can opt for OTP verification sent to their registered mobile number.
-
Corporate users from specific organizations are provided with pre-assigned usernames and passwords to streamline service access. Other organization employees verify their work email to create personalized passwords, with some having the option to change passwords based on their organization's policy.
-
We implement robust security measures, including password encryption and secure storage, to protect all user credentials from unauthorized access.
-
Additional security measures for corporate users include advanced standards for generating pre-assigned credentials and enforcing strong password policies.
-
A secure account recovery process is available for users who forget their passwords. This process involves identity verification through registered mobile numbers or email, ensuring rightful account access.
-
The app features automatic logout after inactivity, with adjustable duration settings. Users can manage active sessions and remotely log out from other devices for enhanced security.
-
Users can deactivate or permanently delete their accounts. Upon deletion, we retain necessary data as required by law or for legitimate business purposes for at least one year after the contract ends, and securely erase other personal information.
6. Data Use and Sharing
-
The personal and health-related data we collect are primarily used to provide and enhance the counseling services offered by our app. This includes personalizing the user experience, managing user accounts, providing customer support, and analyzing user behavior and preferences to improve app functionality and develop new, user-centric features.
-
Our app offers various self-assessment tools, including daily mood checks, stress, EQ, Burnout, Resilience, and personality tests, to help users manage their mental health more effectively. The health data gathered from these assessments are used to deliver personalized counseling experiences. We also track user interactions with different app features, like articles read and topics of interest, to tailor content and improve the overall user experience.
-
We may share data with trusted third-party service providers, such as virtual meeting platforms, who perform specific services on our behalf. These providers are strictly bound by confidentiality agreements and have access only to the data necessary for their tasks. Any disclosure of personal information to public authorities, such as courts or government agencies, will occur only if required by law.
-
For users employed by an organization, we provide employers with aggregated test scores and results at the company or department level, and insights on counseling session topics, all in an anonymized and aggregated form to aid organizational development and wellbeing initiatives. Individual user data remains confidential.
-
Anonymized or aggregated data may be utilized for research, analytics, employer’s mental health program development, or statistical purposes. We ensure that this data cannot be linked back to any individual user. Users may voluntarily participate in health research, with their data being anonymized to protect privacy.
-
Users have the right to withdraw their consent for data sharing at any time via the app settings or by contacting our customer support. We communicate clearly to users about the usage and sharing of their health data, especially regarding employer reporting.
-
If data is transferred to countries outside of the user’s location, we ensure compliance with legal and regulatory requirements and provide appropriate data protection.
-
In all instances of data sharing, we implement robust security measures to protect data from unauthorized access, disclosure, alteration, or destruction.
-
Users have the option to opt-out of specific data collection and sharing features, affirming their control over personal information.
7. Children’s Privacy
-
Our app is accessible to users of all ages. However, we have implemented age restrictions for certain features. Specifically, the ability to make appointments and access counseling services is restricted to users who are 20 years old and above.
-
Individuals aged 20 and above can independently use all features of the app, including the ability to make appointments and access counseling services. During registration, these users are responsible for providing accurate age information.
-
Users under the age of 20 are permitted to access the app but require parental permission to make appointments and use counseling services. We implement measures to verify parental consent for these underage users. This may include requiring a parent or guardian to co-sign the registration or provide explicit consent, either through the app or via direct communication with our team.
-
Step of verification
-
When a user schedules a counseling appointment, we ask for their age. This step is crucial to identify users under 20 years old.
-
For users under 20, upon detecting their age during the appointment scheduling process, we initiate a verification procedure. Our team will contact these users to confirm if parental consent has been obtained for using our counseling services.
-
If we cannot verify parental consent for underage users, we will cancel the scheduled counseling appointment. This policy ensures adherence to legal requirements and the safety of underage users.
-
We encourage and expect active involvement from parents or guardians in the underage user’s interaction with our app. This includes granting consent and overseeing the use of counseling services.
-
Parents or guardians can reach out to us at any time regarding concerns or queries about their child’s use of the app through our dedicated communication channel.
-
-
We take extra precautions to protect the privacy and data of users under the age of 20. Data collection and processing for these users are conducted with heightened care and strictly in compliance with applicable laws. We limit data collection to what is necessary for providing the service and ensure that no excessive data is collected.
-
Parents or guardians are encouraged to actively participate in their child’s interaction with the app. This is especially important in terms of giving consent and monitoring the use of counseling services. We provide a dedicated communication channel for parents or guardians to express concerns, provide consent, or receive information about their child’s usage of the app.
-
If we become aware that a user under the age of 20 has made an appointment or accessed counseling services without the necessary parental consent, we will take immediate steps to rectify the situation in accordance with legal requirements.
-
Parents or guardians can contact us at any time with any concerns regarding their child’s use of the app. We are committed to ensuring a safe and secure environment for all underage users.
8. Location Services
-
Our app does not track or require access to users’ geographical location. We prioritize user privacy and have intentionally designed our services to operate without the need for location tracking or location-based data.
-
In line with our strong commitment to user privacy, we assure our users that their physical location will not be monitored, stored, or utilized by our app at any point during their interaction with our services.
-
This approach is part of our broader strategy to protect the privacy and security of our users’ data, ensuring that they can use our app with full confidence in the safeguarding of their personal information.
Contact
For any queries, concerns, or feedback regarding our services or our Privacy Policy, users are encouraged to contact our customer support team. The necessary contact details, including our email address contact@istrong.co, are readily available within the app and on our website at istrong.center for ease of access.
We greatly value and welcome feedback and queries from our users. All communications are treated with the utmost confidentiality and are instrumental in our efforts to continually improve our services. We are committed to responding promptly to user inquiries and feedback, aiming to ensure a satisfactory and supportive experience for all our users.
If users have specific concerns regarding data privacy or the handling of personal information, they are invited to contact our Data Protection Officer directly. The contact details for our Data Protection Officer are provided within the app and on our website for convenience and transparency.
Last update on October 30, 2023, Version 2.0