Skip to content
Babylon Health

Babylon Privacy Policy

Last Updated: November, 2022

Summary

  • At Babylon Inc. (“Babylon”, “we”, or “us”), we respect your privacy. It is important you trust us with your information.
  • You may be using Babylon’s services as a recipient of health care services from us. If so, the protected health information (“PHI”) that we collect about you in the context of providing those services is governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and other applicable state health information privacy laws. For our policies on how we treat PHI, please see these links: Find more information on how we manage your PHI in our Notice of Privacy Practices (NOPP)

Find out more about HIPAA

  • This Privacy Policy (“Policy”) explains what we do with the information we collect from you or about you when you access or use our website, app, or our technology products (such as Symptom Checker, Digital Care Plan, and MyHealth). It applies to the information we collect directly from or about you, or from our partner’s app or and/or website. Collectively, our website, app, and technology products, regardless of how they are accessed, are our “Services”. This can include information indicating that you downloaded a Babylon app, clicked on a page to learn about Babylon services, or started the patient registration process.
  • We will describe the information we collect, how we use it and protect it, what your rights are, and how you can contact us.

If you do not agree with our policies, please do not use the Services or provide us your information.

This Policy can be updated from time to time. We may do this without giving notice to you. You can check when our Policy was ‘last updated’ above.

Information We Collect

When you use the Services, we may, subject to our compliance with applicable laws, collect information directly from you, automatically through your use of the Services, and/or from our partners or third parties.

Information You Provide

We collect information you provide to us when you: use our Services (including Services we may offer in our partner apps and websites) contact us; or request information from or about our Services.

For example, this can include:

Information we collectExamples
Contact information:full name; phone number; email address; physical address
Demographic information:gender; date of birth
Health information:symptoms; risk factors; medications; procedures and other health related information you enter in our app or web Services, including those Services (like our symptom checker) as part of our partner or customer’ applications
Payment information:card details; when you have made a payment; records of previous payments
Other information:registration date; contact history; username and password.

*If you make a payment to Babylon, your credit or debit card details are processed by a payment provider that follows strict data security industry standards. Babylon does not store any of your credit card information, and Babylon only keeps details of the transactions on its secure servers.

Cookies or Similar Technologies

We also use 'cookies' or similar technologies. Cookies are files saved on your phone, tablet or computer when you visit a website or app. They collect information about how you use the website or app and the pages you visit. We do not use cookies on your PHI (protected health information). More information is here: find out more about cookies.

  • Device information, including IP address, device identifiers, and details about your web browser. We may collect location information unless you have disabled location services on your device.
  • Analytical information, including details about your interaction with our website, app, and electronic newsletters. Device information may be attached and added to Analytical information. This information may include information collected from the Babylon app, obtained when you clicked on a link to learn more about our Services, or collected when you began the patient registration process.
  • Diagnostic information, including web traffic logs.
  • Advertising information, including identifiers that enable us or third parties working on our behalf to target advertisements to you and measure the performance of campaigns. Your protected health information is not used for these advertising services.

Some examples of our partners who provide these technologies the purposes described are: Microsoft (Bing Ads; LinkedIn Ads); LinkedIn (LinkedIn Ads); Google (DoubleClick, Google Tag Manager, GA Audiences; DoubleClick Bid Manager, Google Dynamic Remarketing, GA Audiences),Drawbridge ; and YouTube. We have also included links to their privacy notices.

Information We Collect from Other Sources

Subject at all times to our compliance with applicable laws, we may obtain information from third parties and sources other than the Services, including: our sponsors and advertisers; advertising partners who collect information about the advertisements we place on third-party websites; companies that compile information about individuals from multiple sources; social media networks and other places where you choose to share information publicly; and/or review or feedback websites.

We might also receive some information about you and your health from other apps, devices and Services. This will only happen if you've agreed to share that data with us; for example, if you decided to share information collected from a smartwatch with our app.

We may also create aggregated, anonymized information (that won’t identify you) from the information we collect and use it for business purposes.

How we use and share your personal information

Your information is processed by us for limited and specified purposes. We use your information to:

  • provide the Services and create personalized products and services that are unique and relevant to you. For example, we may use cookies to remember your login information so you don’t have to enter it again;
  • improve our Services, including our artificial intelligence systems. This helps us deliver better healthcare to you and other Babylon users.
  • manage our business better. This could be things like fixing bugs in our app, understanding current user trends and how people use our Services, or working out what users might want in the future;
  • ensure a quality of service. For example, monitoring the security of our Services, or ensuring the safety and quality of Services. We may need to train the appropriate teams, or contact you if we have concerns resulting from your use of our Services;
  • comply with our legal obligations and to establish, exercise and defend legal claims, or enforce our Terms of Use; and
  • communicate with you. For example, we may send you marketing communications, personalize the communications and recommendations to you, and measure the effectiveness of our advertising. We may share your information with business partners, online advertising partners, and social media platforms for this purpose.

We may share your information with our service providers or our affiliated companies to offer you a service, our partner apps when you’ve signed up for Services through our partners, for legal reasons, or with your permission. Here are some examples below:

  • Affiliates. Your information may be shared with affiliated companies, which are companies related by common ownership or control, such as companies that make their clinical or artificial intelligence services available through our app.
  • Partner Apps and Websites. If you are using our Service through a partner app or website, information relating to your use of the Service (such as your use of the Symptom Checker, Digital Care Plan, and MyHealth), may be shared with our partner. Also, when it's in your vital interests, we may need to share your information with our partner in order to protect you or give you the right care. We may share information with our partner to assess the effectiveness of our Service, fix bugs, or analyze trends. If you sign up to a partner’s service, your service will be subject to our partner’s terms of service and privacy policy. Babylon will process information relating to the Services in our partner applications in accordance with this Policy, as well as the contractual agreements Babylon may have with its partners.
  • Service Providers. We may share your information with our service providers or our affiliated companies to offer you a service, or support our partner apps when you’ve signed up for Services through our partner, for legal reasons, or with your permission. We may transfer your information from the U.S. to other countries or regions to support our Services. Here are some examples below:
    • Supporting Service functionality, such as vendors that support customer service and customer relationship management, application development, and communications (e.g. via email).
    • Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal or accounting services, or supply project-based resources and assistance.
    • Analytics and marketing services, including entities that support in the distribution of marketing communications, deploy cookies, or analyze traffic on our online properties.
    • Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
    • Information technology vendors, such as entities that assist with website design, hosting and maintenance, data and software storage, and network operation.
  • Other Businesses in a Transaction or Merger. We may transfer your information to another company if we have a change of control or ownerships, or another company buys or merges with us or our group companies, or we sell, liquidate, or transfer our assets.
  • To Comply with Law. We may share your information if we believe doing so is necessary or for legal reasons, for example:if we are required by law, regulation, legal process, court order, or subpoena; in response to requests by government agencies (like law enforcement); if we think releasing information will protect against physical, financial, or other harm, injury or loss of property; or in connection with an investigation of suspected or actual unlawful activity.
  • With Your Consent. We may share your information with your consent or at your direction.

We do not sell your information to third parties for their own purposes.

Data Retention

We will retain your personal information for no longer than is reasonably necessary to achieve the specified uses described in this Policy. When determining our information retention periods, we will refer to our internal policies and procedures, our business needs, as well as our legal and regulatory obligations. For example, we may need to retain personal information in order to comply with accounting laws, or to defend legal claims. We will also consider where or not there is an ongoing use of, or need for the personal information.

Your Choices and Rights Regarding Your Information

Updating Your Account: Please use the options available in our app to update your account information.

Email Unsubscribe: If you do not wish to receive marketing information from us or wish to opt out of future email promotions from us, please contact us. Promotional email messages you receive from us will include an option to opt out of future email communications.

Ad Choices: You have options to limit the information that we and our partners collect for online advertising purposes.

You may disable cookies in your browser or mobile device using their settings menus. Your mobile device may give you the option to disable advertising functionality. Because we use cookies to support Service functionality, disabling cookies may also disable some elements of our website.

The following industry organizations offer opt-out choices for companies that participate in them: the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative.

You may use our cookie settings menu link on the Babylon home page, or you may contact us directly.

Jurisdiction-specific rights: You may have certain rights with respect to your information depending on your location or residency in the United States. Please see more information below.

How We Store and Protect Your Information

We take care to keep information we collect and maintain secure, complete, and accurate. This includes encryption of your data when it's stored in secure facilities and, where practicable, when it is in transit.

Once we have your information, we use strict procedures and security features to try to prevent unauthorized access. We will take steps reasonably necessary to make sure that your information is treated securely.

If you've chosen a password or authentication method to access the app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.

Babylon may link to other websites or services provided by unaffiliated third parties. Third-party websites or services do not fall under Babylon's privacy or security policies. We are not responsible for any third party’s collection of information and we encourage you to review their privacy and security policies before giving them any of your information.

Children's privacy

We don’t knowingly collect information online from children under the age of 16. Unless legally permissible to do so for Services under other policies or terms (please see our Notice of Privacy Practices), we will delete information related to under 16s collected.

Using the Services outside of the United States

The Services described under this Policy, are for users located within the United States. If you use the Services from outside the U.S, you may also be transferring your information outside the U.S. This means that the laws around data collection may be different from U.S. laws.

How to Contact Us and How We Verify Your Requests

You can contact us with questions about this Policy or to exercise your rights. Please contact us at [email protected], by calling us at 1-800-650-9383. You can also exercise your rights by submitting the form from the link here or on Babylon’s home page. We must verify your identity before responding to your request. We verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously.

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated.

Additional Jurisdiction-Specific Disclosures

California Consumer Privacy Act (CCPA)

(Note: The California Privacy Rights Act (CPRA) amends the CCPA and shall take effect from 1 January 2023.)

With some exceptions, the CCPA gives California residents the rights to receive certain information regarding the collection, use, and disclosure of information about them, as well as certain rights described below. You have the right to be free from discrimination or retaliation based on your exercise of your CCPA rights.

  • Request to know/access: You have the right to request to know: (i) the specific pieces of personal information we have collected about you, including sensitive personal information under the revised CCPA; (ii) the categories of personal information we have collected about you in the past 12 months; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we have sold or disclosed in the past 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the past 12 months; and (iv) the purposes for collecting and selling or sharing your personal information. You may exercise your right to request to know twice a year, free of charge.
  • Request to delete: You have the right to request that we delete the personal information we have collected from you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected or if the data is PHI protected by HIPAA. If we deny your request to delete, we will let you know why. If you choose to delete your information, understand that you may be unable to use or access certain features and services.
  • Request to opt out of sale or sharing: While we do not sell your personal information for monetary gain, you have the right to opt out of our “sale” or “sharing” of your personal information (as defined under CCPA). To exercise this right, please visit our Do Not Sell or (from 1 January 2023) Do Not Sell or Share My Personal Information link here or on Babylon’s homepage or contact us. Please be aware that your right to opt out does not apply to our disclosure of personal information to service providers.
  • Request to limit: You have a right to limit our use and disclosure of your sensitive personal information if we use such information to infer characteristics about you. To exercise this right, please visit our Limit the Use and Disclosure of My Sensitive Personal Information webpage or contact us. Your right to limit our use and disclosure of such information is subject to exception.
  • Request to correct: You have a right to correct inaccurate personal information that we have collected about you. We will use commercially reasonable efforts to correct any information that is in fact inaccurate. To exercise this right, from January 1st 2023, you can visit our Do Not Sell or Share My Personal Information link here or on Babylon’s homepage or contact us.

You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.

Certain information, such as PHI and medical information (as defined under the Confidentiality of Medical Information Act (“CMIA”)), may be exempted from the CCPA. This means that we and others may not be required to honor the rights described in this section with regard to this data.

Notice at Collection Regarding the Categories of Personal Information Collected

This Policy and this section summarizes the categories of personal information we collect and the purposes for which we use personal information. The following table summarizes the categories of personal information we collect, the categories of sources of that information, and whether we disclose, share or “sell” that information to service providers or third parties, as described by the CCPA. The table also summarizes the categories of “sensitive” personal information that we collect, the purposes for which such information is used, and whether we “sell” or “share” such information. The categories we use to describe personal information are those enumerated in the CCPA. We collect this personal information for the purposes described above in “How We Use and Share Your Personal Information” and retain personal information using the criteria described in “Data Retention” above.

We do not sell your information for monetary gain.

Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We prohibit service providers from using personal information for any purpose that is not related to our engagement.

Entities to whom we “sell” or with whom we “share” information are third parties. A company may be considered a third party because we disclose personal information to the company for something other than an enumerated business purpose under California law, because its contract does not prohibit it from using personal information for purposes unrelated to the service it provides to us, or when it provides a service to us using the personal information even if the company does not use the personal information for any other purpose. A business “shares” personal information when it discloses personal information to a company for purposes of cross-context behavioral advertising.

CategoryInformation TypeSourceWe disclose to:

We share/sell to:

[‘sell’ as defined under CCPA]

Identifiers
  • Contact information or personal characteristics (name; email address; postal address; telephone number; signature)
  • Social media handles
You; our social media pagesService ProvidersN/A
Health Information (sensitive personal information)
  • Physical or mental status or ailments
YouService ProvidersN/A
Protected Classifications and Other Sensitive Data
  • Date of Birth
  • Gender
YouService ProvidersN/A
Internet or Electronic Network Activity Information
  • IP address
  • Device identifier (e.g., MAC)
  • Advertising identifier (e.g., AAID)
  • Information provided in URL string (e.g., search keywords)
  • Cookie or tracking pixel information
  • Information about your interaction with our website, app, email correspondence, or products
  • Browsing history
  • Search history
  • Diagnostic information (e.g., crash logs, performance data)
You; our analytics and advertising partnersService Providers

Advertising partners

Note: you can adjust your cookie settings, follow the link here or on Babylon’s homepage and/or contact us for more information.

Content of Communications
  • Contents of phone calls, emails, or text messages to or from Babylon or partners
  • Contents of reviews or feedback provided on third-party websites
You; third-party websitesService ProvidersN/A

Shine the Light

California residents may also request information from us once per calendar year about any personal information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information, please contact us at [email protected]. Your inquiry must specify “California Privacy Rights Request” in the subject line of the email, and you must include your name, street address, city, state, and ZIP code.

Note: This provision is for completeness only, so that you are aware of your rights. We do not share your personal information with third parties for their own direct marketing purposes.

Nevada

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.