Defined terms in this privacy policy have the same meaning as in the applicable Terms of Service.
Hello Hilma AB (“Hello Hilma”, “we”, and “us”) provides the Bryohm Platform to facilitate the connection and interaction between the Advisors and End-Users. When you use the Platform, you entrust us with your personal data. This privacy policy explains how we collect and use your personal data and cookies. It also describes your rights towards us and how you can exercise them. We will only use the personal data you provide in accordance with this privacy policy and the General Data Protection Regulation (EU 2016/679), commonly referred to as the “GDPR”.
Hello Hilma is the data controller for personal data processed in accordance with this privacy policy, unless stated otherwise. Notwithstanding the aforementioned, when an Advisor processes personal data outside the Platform, for example to keep a journal, the Advisor is the data controller for the personal data processed outside the Platform (if any).
1. Your consent
1.1 In conjunction with the counselling services and your use of the Platform, you may – but are in no way required to – disclose health data and other sensitive personal data (hereinafter referred to as “Health Data”). To enable processing of your Health Data by us and/or the Advisor, we need your consent. By checking the “I consent” box during account sign-up or as otherwise asked when using the Platform, you give your consent to processing of your Health Data.
1.2 We will only process Health Data with your consent for the explicit purposes instructed below as indicated under the field “Legal Basis” with the text “Your consent”.
1.3 It is optional for you to consent to our processing of your Health Data.
1.4 If you do not consent, you may not be able to use all parts of the Platform, nor provide us with any Health Data when using the Platform.
1.5 You may at any time withdraw your consent, as instructed in the Platform. If you withdraw your consent, we will cease to process your Health Data. Withdrawal of consent does not affect the lawfulness of our processing of your Health Data prior to your withdrawal.
2. Collection of personal data
2.1 You may choose to provide us with your personal data. This includes information submitted when you use the Platform or if you contact us. We will process the following categories of personal data that you give us:
2.2 When you create an account: email address, password.
2.3 When you choose to add and/or edit your user account details (you are free to decide what personal data to provide under this section, if any): name, date of birth, gender, phone number, photo.
2.4 If you give your consent: Health Data, namely health related personal data you share with an Advisor in conjunction with counselling (if any).
2.5 If you use the Platform as an Advisor: name, company details, photo, credentials, experiences, language, field of practice, education, particulars regarding your counselling services (such as fees) and other personal data you choose to provide as information about you as an advisor.
2.6 If you take part in counselling services through the Platform: the particulars regarding the session, including account details of the End-User and Advisor, time and date of the session, length of the session, payment details relating to the session.
2.7 If you contact us or we need to contact you: We may ask for additional personal data other than as informed above, in order to assist you.
3. Personal data that we collect
3.1 We may collect the following categories of personal data using cookies (as further instructed below) when you use the Platform:
A) Device information: We will use cookies to collect information about the device you use to access the Platform.
B) How you use the Platform: We will collect information on how you use the Platform, such as information regarding how often you visit the Platform and which Advisors you are interested in.
4. Personal data that we receive for payment purposes
4.1 We will process personal data that we collect via Stripe for payment purposes. The following categories of personal data may be collected: Particulars regarding payments made to/from Stripe, such as amount paid, name, identifier.
5. How we use and keep your personal data
5.1 We use your personal data to be able to provide the Platform and fulfil our commitments to you and the company you represent (if any). We process personal data as described in the chart below.
PURPOSE OF THE PROCESSING | LEGAL BASIS | CATEGORIES OF PERSONAL DATA | HOW LONG WE KEEP YOUR PERSONAL DATA |
To create your account. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (a)
| The shortest of:
|
To provide the Platform to you and to administer your account. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (a) – (b) 3.1 (b) | The shortest of:
|
To enable you to disclose Health Data to your Advisor in conjunction with counselling. | Your consent | As informed in Section(s): 2.1 (c)
| Health Data is generally not stored or accessible by Hello Hilma. Health Data is only processed momentarily. |
If you use the Platform as an Advisor. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (d) – (e)
| The shortest of:
|
To ensure that content is presented in the most effective manner for you and for your device. | Fulfil our contractual obligations towards you. | As informed in Section(s): 3.1 (a) | During the active session. |
To provide you with recommendations and information about available counselling services. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (a) – (b) 3.1 (b) | The shortest of:
|
To facilitate the connection and interaction between End-User and Advisor through the Platform. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (a) – (e) 4.1
| For as long as the parties have ongoing interactions on the Platform. Calls (video, voice) are not retained by Hello Hilma and are only processed momentarily. |
To send you information regarding us, your use of the Platform and information relating to Advisors. | Fulfil our contractual obligations towards you. | Your e-mail address, as well as informed in Section(s): 2.1 (a) – (e) 3.1 (b) | For as long as we send out such information and you hold an active account. |
To provide assistance if you contact us. | Fulfil our contractual obligations towards you. | As informed in Section(s): 2.1 (a) 2.1 (f)
| For as long as is necessary to assist you. |
To understand user behavior and preferences. | Our legitimate interest. | As informed in Section(s): 2.1 (a) – (b) 3.1 (a) – (b) | For six (6) months. |
To administer payments through the third-party payment provider. | Fulfil our contractual obligations. | As informed in Section(s): 2.1 (a) – (e) 4.1 | The longer of:
Notwithstanding the above, data needed to comply with applicable law will be kept for a longer time period. |
To comply with applicable law, such as bookkeeping laws and anti-moneylaundering laws. | Comply with applicable law | 2.1 (a) – (e) 4.1
| As long as necessary or mandated to comply with applicable law, such as for bookkeeping purposes (i.e. 3 or 7 years, depending on the type of data). |
In addition to what is stated above, to administer our business, protect our legal rights and develop our services. | Our legitimate interest. | 2.1 (a) – (e) 4.1 In certain cases, additional personal data may be processed.
| As long as necessary or mandated to protect our legitimate interests. |
5.2 Your personal data will be deleted or anonymized by us when the processing is no longer necessary for the purposes stated above, except if required by applicable laws. In such case, we keep the data only as long as necessary or mandated by law for such purpose, such as for book keeping purposes.
5.3 Hello Hilma has a legitimate commercial interest in providing its services to its End-Users and Advisors. Hello Hilma considers that there is a relevant and appropriate relationship between Hello Hilma and you (the registered data subjects). It is optional to use the Platform. Hello Hilma only performs personal data processing that data subjects reasonably can expect. Therefore, Hello Hilma considers that Hello Hilma can perform the personal data processing as described above based on the legal basis of legitimate interest.
6. Sharing of personal data and health data with advisors
6.1 If an End-User chooses to interact with an Advisor, Hello Hilma will make End-User’s personal data available to such Advisor through the Platform. We will make available to the Advisor relevant parts of the personal data you have chosen to provide as described in the sections 2.1 (a) – (b) and 4.1 (a). Further, if you give your consent to the processing of Health Data, you may also make available to the Advisor your Health Data during a session, as described in section 2.1 (c).
6.2 If an Advisor extracts any personal data (including Health Data) relating to you from the Platform, the Advisor will be the data controller for such collection and processing of personal data. If you have any questions regarding an Advisors processing of personal data outside of the Platform, contact the Advisor.
6.3 We will only share personal data under Sections 6.1 to the extent necessary to fulfil our contractual obligations with you and, additionally, with your consent, as the case may be.
7. Subcontractors
7.1 We use subcontractors to provide the Platform. When doing so we may transfer your personal data to subcontractors for the performance of our contractual obligations towards you and for the other purposes described in this privacy policy. We use the following subcontractors:
Subcontractor name | Provided from | Transfer mechanism | Platforms provided |
Amazon Web Services EMEA SARL | EU/EEA | Not required | Hosting and data storage |
Stripe, Inc | EU/EEA. Transfer to the U.S may take place occasionally. | Standard contractual clauses | Payment services provider |
LiveKit, Inc | EU/EEA | Not required | Video call functionality |
Octa, Inc. | EU/EEA | Not required | MFA (Multi Factor Authentication) |
Intercom, Inc. | EU/EEA | Not required | Support administration |
Oderland Webbhotell AB | EU/EEA | Not required | E-mail services |
Firebase (Google) | EU/EEA | Not required | Cross-platform messaging |
Apple | EU/EEA. Transfer to the U.S may take place occasionally. | Not required | iOS app notifications |
Google Maps | EU/EEA. Transfer to the U.S may take place occasionally. | Not required | Maps |
7.2 Some of the subcontractors may process your personal data on our behalf with are located outside the EU/EEA (in a third country), as indicated above. In such case, we are committed to protect your data and comply with applicable data protection laws and will therefore put in place adequate safeguards to protect your personal data, such as the EU Commission’s Standard Contractual Clauses, or transfer the personal data to subcontractors certified in accordance with an established transfer mechanism.
7.3 We may disclose necessary personal data to authorities such as the police, tax agencies or other authorities if we are required by law or you have agreed to it. An example of legally required sharing is for the purposes of anti-money laundering and counter-terrorist financing. Personal data may also be disclosed in conjunction with legal proceedings, mergers & acquisitions or transfer of the assets of Hello Hilma.
8. Cookies
8.1 We use cookies when providing the Platform, to enhance and facilitate your experience, and to create statistics regarding your use of the Platform. A cookie is a small text file that contains text information which is saved on your device. We use two types of cookies, session cookies that expire when you close the browser, and permanent cookies which are stored until they expire.
8.2 More information is available through the cookie consent solution on the Platform, in conjunction with your visit to the Platform. If you do not want to accept cookies, you may adjust your web browser settings either to not accept cookies or to indicate when a cookie is used. Please note, by disabling cookies some features on the Platform might not work as intended.
9. Your rights
9.1 You may at any time withdraw your consent, as instructed in the Platform. If you withdraw your consent, we will cease to process your Health Data. Withdrawal of consent does not affect the lawfulness of our processing of your Health Data prior to your withdrawal.
9.2 You have a right to access your personal data. Therefore, you may request a transcript of records if you would like to know and verify your personal data stored and processed by us. The request must be made in writing including a verification of you, and sent to the address below.
9.3 We take all reasonable steps to ensure that your personal data is correct and up-to-date. You have the right to correct inaccurate or incomplete information about yourself. If you believe that your personal data stored by us is incorrect, please notify us and provide us with the correct data.
9.4 You have the right to request the deletion of your personal data insofar as this personal data is no longer necessary for the purpose it was collected (“right to be forgotten”). However, certain legal obligations prevent us from immediately deleting all your data, such as obligations in accounting laws, tax laws and anti-money laundering laws. Data that must be preserved for legal reasons will be blocked from use for any other purposes than meeting such legal requirements.
9.5 You have the right to object to our processing of your personal data. The effect may be that you are no longer able to use the Platform. If you object, we will stop the processing of your personal data.
9.6 You have a right to data portability. In case you want to utilize such right, please contact us by using the information below.
9.7 If you have any inquiries regarding our processing of your personal data, please contact us. If you are displeased with our processing of personal data, you may file a complaint with the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten), www.imy.se, or with the equivalent authority in the EU-member state where you live.
10. Updates to this policy
10.1 We may occasionally update this privacy policy. If we make significant changes, we will notify you of the changes through the Platform or through other means, such as email. To the extent permitted under applicable law, by using the Platform after such notice, you accept the updates.
10.2 We encourage you to periodically review this privacy policy for the latest information on our privacy practices.
Contact information
If you have any questions regarding our processing of your personal data, or any question, complaint, or claim, please contact us at:
Hello Hilma AB
Org. no: 559435-5611
E-mail: [email protected]
Address: Katarina Bangata 79, 116 42, Stockholm, Sweden