Last modified: 6 February 2025
ERAS Holding ("we", "us", or "our") operates ERAS. ERAS is the name for our mobile application “ERAS” (the “App” or “Application” or “dApp” or “decentralized App”) as well as our websites (https://eras.life). These are the places where you can access our services.
By using our websites and the App, you understand that your data in relation with your use of ERAS and its related services is processed according to this Privacy Policy. Our Privacy Policy describes how we collect, use, and delete your data. This Privacy Policy is a part of our Terms of Use.
1. Data Controller
The entity responsible for data processing on the websites is: ERAS Holding
If you have any questions about data protection, please contact support@eras.life
2. Scope of Data Collection and Processing
Using the term “personal data” in our Privacy Policy, we mean all information relating to an identified or identifiable person. This includes your name, email address, address, health-related information or an IP address assigned to your device by your internet provider.
2.1 Account Creation
When signing in to ERAS, you create an account with an email address. This email will be used for important service updates, security information, account verification and password resets, and payment information.
You can access the App without providing any personal data. Where personal data is collected on our websites or in the App, this is always done on a voluntary basis wherever possible.
2.2. Using the Application
When using our App, we or the mobile app platform providers may collect specific information. We utilize mobile analytics tools, such as Google Play Store, App Store statistics, and Sentry crash reporting, to send crash data to developers for quick bug fixes. Platforms like Google Play and Apple App Store may also gather anonymous aggregate statistics, governed by their privacy policies. These statistics can include device types, operating systems, total installs, uninstalls, and active user counts. This data processing is based on our legitimate interest and your consent.
When using our App, you have the option to provide personal data about yourself. This may include details such as your weight, height, other information depending on the feature or mode you select to use and sensitive information like health-related information. Your sensitive information is processed exclusively for purposes that are necessary to provide you our services. This data processing is based on our legitimate interest and your consent.
2.3 Visiting Our Websites
When you access our websites, our web servers automatically collect and temporarily store certain technical information. This technical data is collected in the process, as is normally the case with every connection to a web server, without any action on your part, and it is stored by us for 12 months until it is automatically erased.
This information may include IP address of the requesting device, date and time of the access/request, operating system of your device, browser used by you (type, version and language) and other usage information about the use of our websites, including a history of the pages you visit.
This data is processed for the purpose of enabling the use of our websites (connection set-up), ensuring system security and stability on a permanent basis, optimising our offerings and services, as well as for internal statistical purposes. We may also use your IP address to help diagnose problems with our server and to administer our websites, analyse trends, and gather information that assist us in identifying visitor preferences. This data will not be passed on to third parties or used otherwise. No personal user profile is created. This data processing is based on our legitimate interest.
2.4 Newsletters and Direct Marketing
To receive ERAS newsletters, please ensure your account has your email address. Your email address is used solely for newsletter delivery, including mandatory newsletter according to applicable law. You can unsubscribe at any time.
We utilise third-party services to manage our newsletter and tracking engagement through unique links. This data helps us to improve content relevance and is not shared with outside parties. This data processing is based on our legitimate interest.
2.5 Contacting Us
We provide multiple ways to contact us and submit inquiries on our websites and in the App. When you reach out, we will process the information you provide in order to communicate with you or handle your inquiry. We may retain your inquiries and the information contained in it and use it to respond to your inquiry or to keep a record of your complaint, request, or similar concern. As always, if you wish to have us “erase” your personal information or otherwise refrain from communicating with you, please contact us at dpo@ERAS.health. This data processing is based on our legitimate interest.
Note: If you request not to be contacted via a specific email address, we will keep that address on our "do not send" list to honour your preference.
2.6 Payment and Purchase Information
You may choose to purchase goods or services from us at our websites or Third Party Items from our App. Typically, you may need to provide personal details such as your first and last name, address, country, phone number if necessary. The required fields for processing your order are clearly marked, while extra information is optional. We will use your data solely for fulfilling your order. Your payment method is provided directly by you, via our relevant website, into the PCI/DSS-compliant payment processing service, and we do not, ourselves, process or store your payment method information. Never submit your payment method information by email. We may collect shipping and billing information to fulfil your orders.
In the event of an order, we may use your provided data to send you emails about the products or services you purchased, such as receipts, updates or support. This data processing is based on our legitimate interest in managing our website effectively.
2.7 Social Media
We are present on Facebook, Instagram, and LinkedIn. Please note that any information you share with us on these platforms is at your own risk, and we cannot ensure your privacy. We have no control over other users or the platforms themselves, so your interactions are subject to the respective privacy policies of those companies. This data processing is based on our legitimate interest in managing our website effectively.
2.8 Links to Other Websites
You can choose to allow or limit third-party services associated with your account, and we may collect personal data from these services. Generally, third-party services refer to software that integrates with our services, and you can activate or deactivate those integrations as needed. Once activated, the provider of a third-party service may share specific data with ERAS. When activated, we are permitted to connect and access the information shared with ERAS based on our agreement with the provider of the third-party service and any permissions you grant. We do not collect or store passwords for any of these third-party services when linking them to your account. For example, if you enable your Gmail account to import files into your ERAS account, we might receive your Gmail username and email address, along with additional information that Gmail provides to assist with the import process. You provide a permission each time you want to import files from your Gmail account.
Our website may include links to other sites of interest. We are not responsible for their content, as these external sites have their own terms and privacy policies. Additionally, we may use third-party services to display embedded content (such as images) that could collect your information. This data processing is based on our legitimate interest in managing our website effectively.
3. Data Subprocessors
To deliver ERAS and our services, we utilize various data subprocessors who handle distinct data categories. These subprocessors strictly process data within the scope of their specific purpose and do not store data related to your account and ERAS usage, which is solely handled by us. The subprocessors are as follows:
3.1 ERAS Group Subprocessors
ERAS Holding
Purpose: Provide services in relation with the sale our goods and services, and Third Party Items
Data processing location: decentralized
Guarantees for data transfer: Standard Contractual Clauses, Data Processing Agreement
3.2 Third-party Subprocessors
Stripe
Provided by Stripe, Inc.
We use Stripe to provide services in relation with the processing of payment data
For more information about how Stripe collects and uses your data, visit the Stripe Privacy Policy
Goolge Tag Manager
Provided by Google Ireland Limited
This service enables us to manage our website tags.
For more information about Google’s privacy policy, please visit Google Privacy Policy
Microsoft Clarity
Provided by Microsoft Inc.
We use Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services.
For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement
YouTube
YouTube is provided by Google LLC.
We use YouTube to store your video player preferences.
For more information on what type of information Google Analytics collects, please visit their privacy policy page.
Instagram is provided by Meta Platforms Ireland Limited.
We use Facebook for marketing purposes to personalize the content.
For more information on what type of information Facebook, please visit their privacy policy page.
TikTok
TikTok is provided by Bytedance Technology Pvt. Limited.
We use TikTok for marketing purposes to understand your preferences.
For more information on what type of information TikTok, please visit privacy policy page.
4. Retention of Your Data
We will keep your personal data for as long as necessary to provide you with the Services or perform the purposes for which it was collected, except as stated below.
If you wish to delete your account and erase your personal data, you can do so by sending an email to hello@ERAS.health. We will process your request within 30 days of receipt. However, it may take up to 90 days to completely erase your personal data from our backup systems. If you choose to delete your account, all your personal data will be deleted, and it will not be recoverable if you create another account later.
If your account has been inactive for 12 months or more, we will retain your personal data for one year in case you decide to reactivate the Services or reinstall the Application. After one year of inactivity, we will delete your personal information. However, in some cases, we may need to retain your data to ensure a smooth experience with other Application functions.
Please note that we may retain certain personal data and other information after your account has been terminated or deleted to comply with legal obligations, resolve disputes, and enforce our agreements. While we will anonymize or de-identify your data where possible, we may still retain some personal data.
For more information about managing your information and account deletion, please visit sections Manage your information and Manage your account.
5. Security of your personal data
We have established technical and organizational measures to protect the security of your personal data. These measures include, but not limited to, encryption, access control and retention measures.
To protect your account, we recommend:
- Using a strong password;
- Never sharing your password with anyone;
- Limiting access to your devices and browsers;
- Always logging out of shared devices after using ERAS.
In case of a security breach, we will notify you via email or post a notice as required by law. We will take all necessary steps to remedy the situation according to applicable laws.
Security for Import from Gmail
Import from Gmail is an optional feature you can choose to use at any time.
When setting up your Gmail account with the App, we never request or store your password. Instead, we use OAuth authorization to access emails from your Gmail inbox securely. You retain full control over this authorization and can revoke it, at any time, directly through Google.
All data transfers between your Gmail account and our App are encrypted using HTTPS (Hypertext Transfer Protocol Secure), ensuring secure communication. The App scans email headers in search of test information and parses their content if found. We do not store any results of such a search or any content, except those you select to import. If you have tests in your Gmail box, they will be listed for you to select which ones you wish to import into your ERAS account securely. All communication between your email account and the App is always secure.
6. Your Rights
Under applicable data protection laws, you have the following rights regarding your personal data:
Right of Access
You can request information about whether we are processing your personal data and, if so, what specific data we hold.
Right to Rectification
You have the right to correct any inaccurate personal data and to complete incomplete data in our records.
Right to Erasure
You can request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected. However, we may retain your data if required by law or contractual obligations.
Right to Restriction of Processing
You can request that we limit the processing of your personal data under certain legal conditions.
Right to Object
You have the right to object to the processing of your personal data at any time, in accordance with applicable laws.
Withdrawal of Consent
You may withdraw your consent for data processing at any time, which will not affect the legality of prior processing. Note that this may affect your ability to use our services.
Right to File a Complaint
Please be aware that these rights may have exceptions. We may need to continue processing your data to fulfill contracts, comply with legal obligations, or protect our legitimate interests. As such, we may partially or fully deny certain requests.
For questions about data protection or to assert your rights, please contact us using the information in Section 1 of this Privacy Policy. We may require identification to process your requests.
7. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time. The most current version will be available on our website.