LinkedIn image
Howdy
Book Demo
version 3.0

Privacy Policy

When using the services of Howdy ApS (referred to as “we”, “us” or “ours”) through the Howdy technology platform (“Howdy”), we will process your personal data.

This Privacy Policy (referred to as “Policy”) outlines how your personal data is processed.

1. Data Responsibility

We are the data controller responsible for the processing of your personal data as described in the below.

Our contact information:

Howdy ApS
Njalsgade 76,
2300 Copenhagen S
CVR: 35395539
Phone no.: +45 888 777 00
Email: gdpr@howdy.care
Website: www.howdy.care

2. Processing of Personal Data

Overview of processing activities and personal data processed.

Enrolment in Howdy until you consent

Purpose

To enrol you in Howdy and thereby deliver the services as agreed with your employer. To send you invitations to enrol through the reminder engine.

Personal data

  • Name (first name and surname)
  • Contact information (work email and mobile number)
  • Your employer
  • Your role (manager or employee)
  • Your job title
  • The health scheme that you are covered by through your employer
  • Your organisational information (including department, unit, division, work location, manager)
  • Your employer’s branch code
  • Your employment date
  • Your birthdate
  • Your ZIP and city
  • Your gender

Source

These are received from your employer. We periodically receive updates from your employer.

Legal basis

(GDPR art. 6 (1)(f)). Our legitimate interest is to provide services to your employer based on our agreement with them. We do this by sending you questionnaires (if you consent) and getting you in touch, if required, with a Response Team and sending wellbeing statistics to your employer and using generic statistics to improve our service.

Retention

See chapter ‎3.

Processing of your answers to questions in Howdy

Purpose

To evaluate your wellbeing and assess whether the Response Team should be activated

Personal data

Common information:

  • Password
  • A copy of your consent to enrolling in and using Howdy
  • Preferred way of communication
  • When you last answered or partially answered a questionnaire in the modules Howdy Wellbeing and Howdy Body
  • Your answers of questions in the module Howdy Wellbeing
  • Reminders sent to you
  • Name (first name and surname)
  • Contact information (work email and mobile number)

Special categories of data in the form of health information:

  • Your answers to the questions in the module Howdy Body
  • Development of your wellbeing and pains over time, i.e. the development in the score you receive upon answering the questions in Howdy
  • The scores relating to your wellbeing (produced using profiling based on your answers in Howdy). Whenever you provide answers in Howdy Wellbeing you will receive a score (green, yellow or red as well as a number on a scale from 0 to 100). In Howdy Body you receive a score based on the level of pain experienced in specific areas on a scale of 0-10.

Source

The personal data concerning your answers and wellbeing are received directly from you when you answer the questions in Howdy.

Legal basis

Your explicit consent to process general personal data (GDPR art 6(1)(a)) and special categories of personal data (art 9(2)(a))

We do this by sending you questionnaires and getting you in touch, if required, with a Response Team and sending wellbeing statistics to your employer and generic statistics to improve our service.

Retention

See chapter ‎3.

Employer feedback questions (not health related)

Purpose

If your employer has chosen to add the specific module of Howdy in which your employer may define specific feedback questions, your personal data is processed for the purpose of assessing the answers to the questions and provide your employer with statistics.

Personal data

  • Your answers to the questions defined by your employer
  • When you last answered or partially answered a questionnaire defined by your employer
  • Reminders sent to you reminding you to answer the questions
  • Name (first name and surname)
  • Contact information (work email and mobile number)
  • Preferred way of communication

Source

The personal data are received directly from you when you answer the questions in Howdy.

Legal basis

Your consent to process general personal data (GDPR art 6(1)(a))

Retention

See chapter ‎3.

Interaction with the Response team

Purpose

Some of the modules in Howdy additionally include a proactive Response Team that contacts you with the objective of advising you on how you can seek help, if – based on your answers in Howdy – you are considered to have low wellbeing, are experiencing pain or in any other way qualify to be contacted by the Response Team.

It is voluntary for you whether you wish to interact with and provide information to the Response Team.

After completing a conversation with our proactive support team, you may be asked to complete a voluntary evaluation of the conversation. The purpose is partly to give you the opportunity to provide feedback and partly to improve our service.

Personal data

Common information:

  • Name
  • Contact information

Special categories of information in the form of health information:

  • Your answers in Howdy and dates of answering
  • Special categories of data in the form of health information (information about your mental wellbeing, physical pains etc. and developments therein as derived from or reported by you in your answers)
  • Case notes taken by the Response Team during the conversations with you, e.g., regarding any arrangements or agreements made with you regarding follow up
  • Reason codes noted by the Response Team based on the conversation with you
  • Date and time for your conversations with the Response Team as well as the name of the person you have been in contact with.

Source

The personal data is received directly from you when you answer the questions in Howdy or during your interaction with our Response Team.

Legal basis

Your explicit consent to process general personal data (GDPR art 6(1)(a)) and special categories of personal data (art 9(2)(a))

If you live in the Asia Pacific region, a qualified partner has been chosen to handle the Response Team. Howdy ApS has secured a legal basis for the transfer by entering a contract with the chosen partner that includes “Standard Contractual Clauses”.

If you live in the United States, a qualified partner has been chosen to handle the Response Team. Howdy ApS has secured a legal basis for the transfer by entering a contract with the chosen partner that includes “Standard Contractual Clauses”. Be aware that our services are not covered by the United States Health Insurance Portability and Accountability Act.

Retention

See chapter ‎3.

Providing Statistics to your Employer

Purpose

To provide anonymous statistics to your employer.

Statistics will be based on your personal information, but always anonymous so they cannot be tracked back to you. This means that statistics will never be with categories so it can be deducted who falls into that category. It will also not be visible in the statistics whether you have enrolled in the program or not, and whether you had or have cases or not with the Response Team.

Personal data

Common information:

  • Your answers to the questions in the modules Howdy Wellbeing and Howdy Feedback
  • Your employer
  • Your place in the organisation
  • Your employer’s Branch code
  • Your role (manager or employee)
  • Your age
  • Your seniority
  • Your gender
  • Your ZIP code and city

Special categories of information in the form of health information:

  • Your answers to the questions in the module Howdy Body
  • The scores relating to your wellbeing (produced using profiling based on your answers in Howdy)
  • Cases and reason codes

Source

The personal data concerning your answers and wellbeing and cases are received directly from you when you answer the questions in Howdy and your interaction with the response team.

Legal basis

GDPR art. 6 (1)(f). Our legitimate interests to provide anonymous statistics to your employer based on our agreement.
Your consent to process special categories of personal data (art 9(2)(a))

Retention

See chapter ‎3.

Improvement and Development of Howdy

Purpose

Personal data are used to produce anonymous statistics in order to improve our service, develop new relevant services as well as ensuring that we deliver the best possible service to you, your co-workers and employees of our other customers.

Personal data

Common information:

  • Your answers to the questions in the modules Howdy Wellbeing and Howdy Feedback
  • Your employer
  • Your place in the organisation
  • Your employer’s Branch code
  • Your role (manager or employee)
  • Your age
  • Your seniority
  • Your gender
  • Your ZIP code and city

Special categories of information in the form of health information:

  • Your answers to the questions in the module Howdy Body
  • The scores relating to your wellbeing (produced using profiling based on your answers in Howdy)
  • Cases, case notes and reason codes

Source

The personal data concerning your answers and wellbeing and cases are received directly from you when you answer the questions in Howdy and from your interaction with a Response Team

Legal basis

GDPR art. 6 (1)(f). Our legitimate interests to improve and develop our services
Your consent to process special categories of personal data (art 9(2)(a))

Retention

See chapter ‎3.

Security and Support

Purpose

Ensure security and monitoring activities in the platform, errors, intrusion, etc.

Managing cases for you or on your behalf.

Personal data

User behaviour including:

  • IP-addresses
  • Unique User ID
  • Initiation of and finalizing answering questions
  • Creation of case with the Response Team (date)
  • Request for log-in (date)
  • Enrolment (date)
  • Reminders sent (date)
  • System error occurred while using the system
  • Other information provided in managing a support case.

Source

Directly from you through your use of Howdy

Legal basis

Our legitimate interests in ensuring that the systems are running safely (GDPR art 6(1)(f))

Retention

See chapter 3.

We utilise profiling

We utilise profiling to offer the different services in Howdy. Profiling is done by an automated run-through of your answers and awarded points. Where possible, we use an underlying professional frame of reference, such as the WHO-5 to measure wellbeing and calculate a wellbeing score.

If the profiling of your answers uncovers a need for contact, our Response Team will conduct an individual and specific evaluation of your information and will, on that basis, decide if there is a need for counselling from a health professional.

It is our Response Team who conducts a professional evaluation of the information you provide us with and converts your information into reason codes and notes that are stored in our database.

It is necessary for us to utilise profiling to be able to give you the full benefits of Howdy.

3. Data Retention

Your personal data is generally deleted when your employer removes you or when the relationship between your employer and us has ended (whichever comes first).

When you withdraw your consent, we anonymise your answers and cases, so they cannot be traced back to you, but can be used in statistics. We delete the case notes (through your interaction with the Response team) though.

Security log entries are deleted 60 days after they are created.

Support cases are delete one year after your employer removes you or one year after the relationship between your employer and us has ended (whichever comes first).

4. Recipients

We do not transfer your personal data to others.

Statistical information shared with your employer

Your employer can choose to receive statistics or not. If they choose to receive, they can setup how they would like to breakdown statistics through Howdy. It is very important to us that your employer cannot identify the person behind a wellbeing report.

Data processors

We use data processors to store and process personal data on our behalf in accordance with this Policy and the applicable legislation. These data processors all act in accordance with the instructions they have received from us.

The Response Team is in most cases handled by personnel employed by us. However, in some cases the Response Team may be handled by one of our partners who act as data processor on our behalf and according to our instructions.

5. Transfer of personal data to third countries

Howdy is hosted on servers located within the EU/EEA and thus your personal data is generally processed within the EU/EEA.

In certain limited cases we may transfer some your personal data to countries outside the EU/EEA (third countries). In such cases we will always ensure that appropriate safeguards are in place, e.g., by using the standard contractual clauses as adopted and published by the European Commission.

You have the right to obtain a copy of these clauses and safeguards. See chapter ‎6 on how to exercise this right.

6. Your rights

To exercise any of your rights below, reach out to us using the contact information under chapter 1. Your rights are not absolute and may have to be balanced with the rights of others as well as the rights subject to some exceptions as a matter of law.

You have the right to gain access to your personal data

At any given time, you have the right to access your personal data. This means that you can request:

  • Our reasons for processing
  • The categories of the processed personal data
  • Recipients or categories of recipients to whom we transfer your personal data
  • The period of time that we keep your personal data
  • The source of the personal data
  • Whether we profile the personal data
  • Contractual clauses or guarantees for our transfer of personal data to third countries.
  • A copy of your personal data

You may have the right to data portability

You may be entitled to data portability and thereby receive your information in a structured, commonly utilised, machine-readable format. This only applies where all of the following criteria are met: i) the legal basis for our processing is your consent or our contract with you, ii) the processing is carried out by automated means, and iii) the information has been provided by you about yourself.

You have the right to get inaccurate personal data corrected

If you are under the impression that the personal data we process about you is inaccurate or incomplete, you have the right to have them corrected.

You have the right to request deletion of your personal data

When you do not want us to process your personal data any more, you have the right to ask us to delete your personal data.

You have the right to object to our processing of your personal data

You have the right to object to our processing of your personal data. This right only applies insofar as the legal basis for the processing is based on our legitimate interests or public interest. If we cannot demonstrate compelling legitimate grounds for continuing the processing, we will make sure to stop the relevant processing of your personal data.

You have the right to request that the processing of your personal data is restricted

Under certain circumstances you have the right to have the processing of your personal data restricted.

You have the right to withdraw your consent

Where the processing of your personal data is based on your consent you have the right to withdraw your consent at any given time. You can do that in the app or by sending an email to opt-out@howdy.care. A withdrawal of consent will imply that we can no longer deliver our services to you. However, the withdrawal does not affect the legality of the processing of your personal data that took place prior to the withdrawal.

You have the right to complain to a supervisory authority

If you wish to make a complaint about our processing of your personal data, you also have the right to reach out to a supervisory authority. Below you will find contact information for the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Phone no.: +45 33193200
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk

7. Amendments to this privacy policy

This Policy is reviewed on a continuous basis to make sure it is up to date. Thus, we reserve the right at any given time to amend this Policy and in case any material amendments are made we will inform you in the app. The applicable Policy is accessible on Howdy at any given time.

This Policy version 3 was last amended in February 2021 and replaces any previous versions.