Privacy Policy

Last Updated 22 October 2024

1 - Introduction

At Rehuman Limited (“Rehuman,” “we,” “us,” or “our”), we are committed to protecting and processing personal data responsibly and in compliance with applicable data protection laws. This Personal Data Processing Statement outlines how we collect, process, store, and protect personal data when providing our health engagement, rewards marketplace, and loyalty program services to insurers, employers, and individual users.This statement operates in parallel with our Privacy Policy and applies to:

  • Users of our insurer-integrated engagement and rewards platform.
  • Corporate clients and insurers using our omnichannel engagement infrastructure.
  • Any third parties we engage with to process personal data securely and lawfully.

For questions regarding this statement, please contact us at info@rehuman.co.uk.

2. Roles in Data Processing

Rehuman may act as either a Data Controller or a Data Processor, depending on the nature of the services provided:

A. When Rehuman Acts as a Data Controller

Rehuman is a Data Controller when we collect and determine the purpose of processing personal data, such as:

  • Direct user registration on Rehuman’s platform.
  • Processing health engagement data from wearables connected directly by users.
  • Managing rewards transactions within our marketplace.
  • Analysing engagement trends to improve our services.

B. When Rehuman Acts as a Data ProcessorRehuman acts as a Data Processor when we process data on behalf of insurers, employers, or corporate partners, such as:

  • Processing policyholder engagement data as part of an insurer’s loyalty program.
  • Providing analytics & insights based on aggregated customer behaviors.
  • Facilitating rewards redemption through third-party marketplaces.
  • Hosting user engagement interfaces integrated into insurer or corporate apps.

When acting as a Data Processor, we only process data according to the instructions of the Data Controller (insurer, employer, or corporate partner) and ensure compliance with contractual obligations, GDPR, CCPA, and other relevant regulations.

3. Categories of Personal Data Processed

The personal data we process may include:

A. Personal Identification Data

  • Name, email address, phone number
  • User account details (login credentials, profile information)

B. Health & Engagement Data (if user connects wearables or engages with our platform)

  • Steps, heart rate, activity levels
  • Engagement history (e.g., frequency of participation in wellness activities)

C. Rewards & Loyalty Data

  • Points earned and redeemed
  • Preferred reward categories and redemptions
  • Transaction history within the rewards marketplace

D. Technical & Device Data

  • IP addresses, device type, and browser type
  • User interaction logs (e.g., pages visited, app usage patterns)

E. Payment & Financial Data (only if applicable to the marketplace)

  • Transaction details for reward purchases
  • Payment confirmations from third-party processors (e.g., Stripe, PayPal)

Rehuman does not process sensitive personal data (e.g., racial/ethnic origin, religious beliefs, or biometric data) unless explicitly required for service functionality with user consent.

4. Purpose of Data Processing

Rehuman processes personal data for the following purposes:

  • To provide and manage user engagement programs integrated with insurers and employers.
  • To enable and track rewards transactions through our loyalty marketplace.
  • To personalize user experiences by tailoring health-related engagement and incentives.
  • To generate analytics & insights for insurers and corporate clients.
  • To ensure security & fraud prevention when handling transactions.
  • To comply with legal obligations and respond to regulatory requests.

We process only the minimum amount of data required for these purposes and do not engage in profiling or automated decision-making without human oversight.

5. Legal Basis for Processing

We process personal data under the following legal bases:

  1. Consent – When users voluntarily connect wearable devices, register for accounts, or engage with rewards programs.
  2. Contractual Necessity – When fulfilling contractual obligations with insurers, employers, or business partners.
  3. Legitimate Interest – When analyzing engagement trends, enhancing user experiences, and improving platform performance.
  4. Legal Compliance – When required to process data for regulatory or tax-related obligations.

6. Data Retention & Storage

Rehuman retains personal data only for as long as necessary to fulfill the processing purposes:Data TypeRetention PeriodUser Engagement Data3 years from last interactionRewards Transactions5 years (for auditing & compliance)Health & Activity Data3 years (unless user requests deletion)Corporate Client DataRetained during active contractFinancial Records7 years (per compliance laws)After the retention period, data is securely deleted unless legally required to be retained. Users may request early deletion of their personal data.

7. Data Security & Protection

We take appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or misuse, including:

  • SSL/TLS encryption for secure data transmission.
  • Encrypted storage for sensitive information.
  • Access controls & authentication mechanisms (including role-based permissions).
  • Regular security audits to ensure compliance with best practices.

Data is stored on secure cloud environments (e.g., Google Firebase, AWS) and access is strictly restricted to authorized personnel.

8. Data Sharing & Transfers

Rehuman does not sell personal data. However, we may share data in the following circumstances:

  • With insurers & corporate clients – Aggregated data insights for engagement tracking.
  • With third-party service providers – Cloud storage, analytics, and fraud prevention vendors.
  • For legal & regulatory compliance – If required by law enforcement or governing bodies.
  • For business continuity – If Rehuman undergoes a merger, acquisition, or corporate restructuring.

Where data is transferred outside of the UK/EU, we ensure compliance via Standard Contractual Clauses (SCCs) or other legally approved mechanisms.

9. User Rights and Requests

Users have rights under GDPR, CCPA, and other applicable laws to:

  • Access their personal data.
  • Request corrections to inaccurate data.
  • Request deletion (Right to Erasure).
  • Restrict processing in certain cases.
  • Request data portability for transfer to another service.

To exercise these rights, users can contact us at info@rehuman.co.uk.10. Updates & Contact InformationWe may update this Personal Data Processing Statement periodically. Significant changes will be communicated to users and partners in advance.

📩 For any questions or data requests, contact:
Data Protection Officer (DPO) – Rehuman Limited


📧 info@rehuman.co.uk