Privatlivspolitik

# Privacy Policy for JolaHealth **Last updated:** 17 June 2026 This Privacy Policy explains how **JolaHealth** (“JolaHealth”, “we”, “us”, or “our”) processes personal data when businesses use our platform to manage clients, bookings, appointments, and communications, including communications through connected Meta Business accounts. JolaHealth provides software services to businesses. Our customers may use JolaHealth to manage their own clients, bookings, messages, and business communications. ## 1. Role of JolaHealth For client, booking, appointment, communication, and Meta Business data processed through the JolaHealth platform, **JolaHealth acts as a data processor**. The business customer using JolaHealth is the **data controller**. This means the business customer decides why and how personal data is processed, including what client data is collected, how it is used, what messages are sent, and which Meta Business assets are connected. JolaHealth processes personal data only on behalf of the business customer, according to the customer’s instructions, and for the purpose of providing the JolaHealth service. ## 2. Business customer responsibilities Each business customer is responsible for ensuring that it has a valid legal basis for processing personal data through JolaHealth. This includes responsibility for: * Informing clients and end users about how their data is processed * Obtaining consent where required * Ensuring that WhatsApp, Messenger, Instagram, Facebook, email, SMS, or other communications comply with applicable law * Respecting opt-out, deletion, access, and objection requests * Ensuring that client data entered into JolaHealth is accurate, relevant, and lawful * Ensuring that any health-related or sensitive personal data is processed lawfully ## 3. Information processed by JolaHealth JolaHealth may process the following categories of personal data on behalf of business customers. ### 3.1 Client and booking data This may include: * Client name * Email address * Phone number * Booking or appointment details * Date, time, duration, and location of appointments * Booking status, cancellations, confirmations, and reminders * Client notes or preferences * Communication history ### 3.2 Meta Business and messaging data When a business customer connects its Meta Business account to JolaHealth and grants permissions, JolaHealth may process data made available through Meta’s APIs, depending on the permissions approved by the business customer. This may include: * Meta Business account information * Facebook Page information * Instagram business account information * WhatsApp Business account information * Business profile details * Message threads and message content * Sender and recipient identifiers * Phone numbers, names, profile information, and contact details where available * Message timestamps and delivery information * Media or attachments sent through supported messaging channels * Conversation metadata * Page or business settings required to provide the service JolaHealth only accesses Meta data that the business customer has authorized and that is necessary to provide the requested service. ### 3.3 Technical and usage data To operate and secure the service, JolaHealth may also process technical data such as: * User account information * Login and authentication data * IP address * Device and browser information * System logs * API usage logs * Error reports * Security logs ## 4. Purpose of processing JolaHealth processes personal data only to provide, maintain, secure, and improve the service for business customers. This includes: * Managing clients and customer records * Managing bookings, appointments, and schedules * Sending booking confirmations, reminders, updates, and service messages * Synchronizing messages and communications from connected channels * Allowing businesses to read, respond to, and manage messages * Accessing and managing authorized Meta Business assets * Supporting customer service workflows * Maintaining account security * Preventing unauthorized access, misuse, or fraud * Providing technical support * Complying with lawful instructions from the business customer JolaHealth does not sell personal data. ## 5. Meta Business account connection A business customer may choose to connect its Meta Business account to JolaHealth. By doing so, the business customer authorizes JolaHealth to access and process the Meta data and permissions selected during the Meta authorization flow. These permissions may allow JolaHealth to: * Access business account information * Access Facebook Page or Instagram business information * Access WhatsApp Business account information * Access, read, manage, and respond to messages * Manage customer communications * Retrieve business profile and contact information * Process conversation and messaging metadata * Use Meta APIs to provide booking, client management, and communication features The business customer may revoke JolaHealth’s access through Meta Business settings or by contacting JolaHealth. If access is revoked, some JolaHealth features may stop working, including message synchronization, client communication, automated replies, booking notifications, and other Meta-connected functionality. ## 6. Sub-processors JolaHealth may use trusted third-party service providers, known as sub-processors, to provide the service. Sub-processors may include providers of: * Cloud hosting * Database storage * Infrastructure * Messaging infrastructure * Payment processing * Analytics * Security monitoring * Customer support tools * Email delivery JolaHealth requires sub-processors to apply appropriate technical and organizational security measures and to process personal data only for the purposes required to provide the service. ## 7. International data transfers Personal data may be processed in countries outside the country where the business customer or client is located. Where required by applicable data protection law, JolaHealth uses appropriate safeguards for international transfers, such as standard contractual clauses or other lawful transfer mechanisms. ## 8. Data retention JolaHealth retains personal data only for as long as necessary to provide the service to the business customer, comply with the customer’s instructions, meet legal obligations, resolve disputes, and maintain security. Business customers may request deletion of their account or data by contacting JolaHealth. Some data may remain in backups, logs, or records for a limited period where necessary for security, legal compliance, fraud prevention, or service continuity. ## 9. Data deletion and revoking Meta access Business customers may request deletion of their JolaHealth account and associated data by contacting: **[[email protected]](mailto:[email protected])** Business customers may also revoke JolaHealth’s access to Meta Business assets through their Meta Business settings. After access is revoked, JolaHealth will no longer be able to access new data from the connected Meta Business account. Some previously processed data may remain in JolaHealth where necessary for legal compliance, backup, security, or legitimate operational purposes, unless deletion is requested and legally permitted. ## 10. Security JolaHealth uses appropriate technical and organizational measures to protect personal data, including: * Access controls * Authentication and authorization measures * Encryption where appropriate * Secure data storage * Logging and monitoring * Restricted staff access * Vendor security reviews * Procedures for handling security incidents No system can be guaranteed to be completely secure, but JolaHealth works to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. ## 11. Data subject rights Clients and end users may have rights under applicable data protection law, including the right to access, correct, delete, restrict, or object to processing of their personal data. Because JolaHealth acts as a data processor, clients and end users should generally direct privacy requests to the business customer that controls their data. JolaHealth will assist the business customer in responding to such requests where required by applicable law or agreement. ## 12. Health-related and sensitive data JolaHealth may be used by businesses in health, wellness, beauty, clinic, or appointment-based industries. Depending on how a business customer uses the service, personal data processed through JolaHealth may include health-related or other sensitive personal data. The business customer is responsible for ensuring that any sensitive personal data is collected and processed lawfully, fairly, securely, and only when necessary. JolaHealth processes such data only on behalf of the business customer and according to the customer’s instructions. ## 13. Confidentiality JolaHealth restricts access to personal data to personnel and service providers who need access to provide, maintain, secure, or support the service. Personnel and service providers with access to personal data are subject to confidentiality obligations. ## 14. Changes to this Privacy Policy JolaHealth may update this Privacy Policy from time to time. The latest version will be made available on our website. If we make material changes, we may notify business customers through the platform, by email, or by other appropriate means. ## 15. Contact For questions about this Privacy Policy or JolaHealth’s processing of personal data, please contact: **JolaHealth** Email: **[[email protected]](mailto:[email protected])** Address: **Sunekaer 9, 5471 Soendersoe, Denmark** Website: **blizworks.com**