General Data Protection Regulation (GDPR)

At Lola Health Ltd., the privacy and security of your data is our top priority. GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. At Lola Health, our entire organization is hard at work ensuring that our own practices are GDPR-compliant. But equally important to us is helping you, our partners and customers, understand what the GDPR means for your businesses and build compliant processes of your own.

Section Explanation

ICO Information

 Organisation name: Lola Health Ltd
Reference: ZB752885

Individual in charge of GDPR

 Ricky Thomas, CISO
Data Protection Officer Ricky Thomas, CEO
Purpose of Processing Continuous monitoring and evidence collection of security controls mapped to various compliance frameworks to streamline audit preparation and to efficiently remediate security and compliance gaps. For more details, see Lola Health's Privacy Policy (https://lolahealth.co/pages/privacy-policy).
Lawful Basis of Processing and Consent

Under Article 6 of GDPR (https://gdpr-info.eu/art-6-gdpr), it falls under:

- Consent: Via SAS Agreement and Opt-in of Terms and Conditions. The removal of consent will be done upon request or via the Lola mobile App.

- Contract: Via contracts with clients which give Lola Health permission to manage their Data for the purpose of helping them achieve Data Privacy and Security Compliance.

- Legitimate Interest: It is in the legitimate interest of clients to share their data with Lola Health for the purpose of helping them achieve Data Privacy and Security Compliance. For more information, see the Lola Health Privacy Policy (https://lolahealth.co/pages/privacy-policy)
Withdrawal of consent (or opt out) Opting out can be done via the Lola mobile app (data deletion request) or by emailing mydata@lolahealth.co.
Cookie Policy Cookie Policy
Deletion Policy Deletion of data for clients is available via request done inside the Lola mobile app or by contacting mydata@lolahealth.co. Data Deletion on the website (lolahealth.co) for visitors can be done by contacting mydata@lolahealth.co.
Data Access / Modification / Portability Customers can access, modify, and download their data directly through the Lola mobile app. Website visitors may request a copy or update of their data by contacting mydata@lolahealth.co.
Data Protection Info Lola Health operates a secure, hybrid database architecture: a single-tenant database supports the Lola mobile app and customer test results, while Shopify hosts website-related order and customer data. We employ industry best practices to ensure security, confidentiality, availability, and processing integrity.
Notification of Data Breach Lola’s data breach notification process is outlined in our Incident Response Policy, available upon request.