Privacy Policy


Basic Information

The data controller is Hilbi Health s.r.o., Company ID: 51 031 060, Tax ID: 212 058 0033, VAT ID: SK212 058 0033, with registered office at A. Dubčeka 3558/78, Holíč 908 51, Slovakia, registered in the Commercial Register of the District Court Trnava, Section: Sro, Insert No.: 40665/T (hereinafter referred to as the "Operator"), contact email: [email protected], contact phone number: +421 911 413 010.

The Operator processes personal data in accordance with Act No. 18/2018 Coll. on the Protection of Personal Data and on the amendment and supplementation of certain laws, as amended, and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.

The Operator processes the personal data of individuals that they provide within the Hilbi application/platform (hereinafter “Hilbi”), which are necessary for the use of Hilbi itself or for the proper provision of services within Hilbi.

For the purpose of using Hilbi, it is necessary for the client to provide their name, surname, email address, address, and phone number. For the proper provision of services, in some cases, additional personal data from clients are required, namely birth number, health insurance company, age, and place of residence.

The user hereby agrees to receive SMS messages from Hilbi containing one-time verification codes (OTP) to the mobile number provided by the user. Messages may be charged according to the mobile operator’s tariffs. The user understands that consent is voluntary and may be withdrawn at any time by sending STOP or by contacting Hilbi.

For the purpose of using Hilbi, it is necessary for the service provider to provide their name, surname, title, assigned doctor number, office, address, email address, doctor code, phone number, and provider code.

For the purposes of using Hilbi, financial information about the client’s payment and purchase history is also processed, which is collected and stored to ensure the proper provision of services within Hilbi.

In the course of using services provided by service providers through Hilbi, the client will, for the purpose of full and proper provision of the service by the service provider, provide data relating to health, personal data concerning the physical or mental health of a person, including data on the provision of healthcare or services related to healthcare, which reveal information about the health status of the data subject. These data are provided through Hilbi exclusively to service providers, with the client giving consent for processing such personal data directly to the service providers through separate steps in Hilbi conditioned by an SMS key. Service providers process these data in accordance with the law and their legal and moral obligations. The Operator therefore does not process such health-related data of the data subject, does not have access to these data, and only enables, through Hilbi, the mutual provision of these data between service providers and, where applicable, their employees and the client, under strict security conditions of data encryption for the health data of the data subject.

Within the use of Hilbi or the services within Hilbi, individuals are also entitled to provide optional data that help to provide services more efficiently.

When paying by card and through a payment service provider, communication with the payment gateway server occurs via the payment gateway interface directly in the application, but outside the reach of Hilbi. Therefore, data on the payment card of the individual are not sent to the Operator but are transmitted directly to the payment gateway provider in a secured manner. The payment gateway then forwards data to the respective banking institution, again within a secured data transfer.

The Operator does not sell personal data outside the European Union. In the event that the Operator intends to provide personal data of a data subject to a third party, the Operator will inform the data subject in advance, including specifying to whom the personal data are being provided.

Automatically Processed Personal Data

When visiting Hilbi, the Operator may collect certain information, such as IP address, date and time of access to the website, information about the web browser, operating system, or language settings of the data subject. When accessing via a mobile phone through the Hilbi application, the Operator may also process information about the mobile device of the data subject, such as device data, application crash logs, etc. The Operator is also entitled to process information about the behavior of data subjects on websites or the Hilbi application (e.g., which links within Hilbi are visited). Information about the behavior of data subjects within Hilbi is, however, anonymized for maximum privacy and therefore cannot be assigned to a specific data subject.

Cookies

The Operator uses cookies, namely technical, functional, and analytical.

  • Technical cookies serve to ensure that Hilbi functions correctly, particularly regarding registration, login, use of services, etc.
  • Functional cookies mainly serve so that a registered user does not have to log in repeatedly and does not have to repeatedly set preferences for using Hilbi. In this case, the password of the data subject is always encrypted.
  • Analytical cookies help the Operator improve Hilbi to make services and usage more efficient. Analytical cookies are collected via scripts and are subsequently anonymized; after anonymization, these are no longer personal data subject to regulation, as they cannot be assigned to a specific data subject.

The insights from these cookies are also used for advertising purposes, where based on these data, advertising may also be displayed on other websites, which the Operator considers relevant to the data subject.

By using the Hilbi website, the data subject agrees to the use of Hilbi cookies. The data subject has the right to express disagreement with the use of some or all cookies; however, if functional cookies are refused, the operation of some Hilbi features may be impaired.

Purpose and Scope of Personal Data Processing

The Operator processes personal data of the data subject primarily for the purpose of proper service provision. The Operator also processes personal data in connection with user support (inquiries, comments, complaints, processing of personal data, etc.). In this context, for the purposes of providing services through service providers within Hilbi, personal data provided directly to the service provider are necessary, without which certain services could not be provided. The Operator processes personal data of data subjects also in connection with registration and the creation of a user account, without which it is not possible to use Hilbi given the nature of the provided functionalities. Personal data of data subjects are also processed for marketing purposes, such as email marketing, i.e., email commercial communications sent based on the consent of the data subject, from which it is possible to unsubscribe as described in these terms, or via a direct link contained in the email containing the commercial communication. Furthermore, telemarketing, i.e., marketing calls performed for the purpose of offering services and related marketing communication, is conducted based on prior consent to the processing of the telephone number.

The Operator also processes personal data in connection with the evaluation of services provided to the data subject by the service provider after the data subject purchases or uses the services within Hilbi. Evaluations may be provided based on the Operator’s request as well as on the data subject’s own initiative.

1. Collection and Use of Contact Lists

Purpose of collection: Hilbi collects and imports users’ contact lists to improve the social features of the application. By accessing contacts, Hilbi can identify and display people from the imported contacts who are already registered in the Hilbi application. This feature allows easy connection and communication with these individuals via individual messages within the application.

Use of collected contacts: Imported contacts are used exclusively for displaying registered users in the application and enabling communication between the user who imported contacts and these contacts. Additionally, it allows sending invitations to people from the contact list to join the Hilbi application.

2. Collection and Use of Images

Purpose of collection: Hilbi allows uploading images to create personal profiles and personalized content. These images may be used to create documentation or personalized content reflecting the client’s preferences and identity.

Use of collected images: Uploaded images are stored in secure storage and may be shared with selected professionals based on electronically signed agreements between the client and the provider. These agreements may be revoked by the client at any time, after which the images will no longer be shared. The client has full control over who can view and access the created content. Exceptions may apply, e.g., a profile picture that is public.

3. Collection and Use of Files

Purpose of collection: Hilbi allows uploading and storing files to create personalized documentation. This documentation may be customized according to the client’s needs and preferences.

Use of collected files: Uploaded files are stored in secure storage and may be shared with selected professionals based on electronically signed agreements between the client and the provider. These agreements may be revoked by the client at any time, after which the files will no longer be shared. The client has full control over who can view and access the created content.

Data Security and User Control

Data Security: Hilbi takes the security of personal data seriously. All collected contacts, images, and files are securely stored and access is limited to authorized users only.

User Control: The user has full control over their data, including the ability to manage, share, or delete uploaded content at any time.

Legal Basis for Processing Personal Data

The legal basis for processing personal data is primarily the conclusion of a contract with the data subject and the services provided based on it. For proper service provision, it is necessary to process the personal data of the data subject, in varying scope depending on the nature of the service provided.

Additionally, the Operator processes personal data in connection with the legitimate interests of the data subject, particularly regarding the provision of relevant content to the data subject, i.e., data processed automatically and via cookies.

Transfer of Personal Data to Third Parties

In these cases, we provide your personal data to third parties:
Clients are provided services via Hilbi, which are also provided by third parties other than the Operator, namely service providers, experts, and their teams. For these services, the above-listed data of data subjects are provided with their consent, in the scope of name, surname, birth number, and phone number.

The Operator does not have data on payment cards used by data subjects to pay for services (unless stored), these data are held only by the secure payment gateway, payment service provider, and relevant banking institutions. Data on the payment card used are therefore not sent to the Operator but are securely transmitted directly to the payment gateway provider and the payment service provider. The payment gateway and payment service provider further transmit data to the respective banking institution within secured data transfer.

Payment gateway provider:
Stripe, Inc.
354 Oyster Point Boulevard
South San Francisco, California, 94080, USA

Verification service provider:
Sum and Substance Ltd.
30 St. Mary Axe, EC3A 8BF
London, England
ID: 09688671

In the case of sending commercial communications (e.g., via email or SMS) or telemarketing, a third party may be used for sending or calls. This third party is bound by confidentiality and may not use your personal data for any other purpose.

In legally required cases, the legal system or state authority (e.g., Slovak Police) may require the Operator to provide the personal data of the data subject, and the Operator will comply within the legal timeframe.

Retention Period of Personal Data

Personal data are processed at least for the duration of the contractual relationship.

In the case of processing personal data based on consent, personal data are generally processed for 7 years, or until withdrawal of such consent.

This also applies to the subscription of commercial communications, where personal data are also processed for 7 years or until the objection to further sending and processing.

Personal data necessary for proper service provision or for fulfilling all our obligations, whether arising from the contract or applicable legal regulations, may be processed regardless of the consent of the data subject for the period set by the relevant legal regulations (e.g., tax documents for at least 10 years).

Data obtained through the user account or otherwise are processed for the duration of the use of services via Hilbi and usually 5 years after account deletion. Subsequently, usually only basic identification data and data on why the user account was deleted or data forming part of operational backups are stored for a reasonable period.

Cookies including user behavior are stored for 30 days, with older data available in anonymized form in Google Analytics.

Security of Personal Data

Personal data of data subjects are stored in accordance with applicable legal regulations, using appropriate technologies to prevent unauthorized access and misuse of processed personal data.

The Operator regularly monitors the level of security and, as needed, continuously improves the level of protection. All communication within Hilbi is encrypted. Login credentials are encrypted, and all data are stored only on servers in secure data centers with limited, carefully controlled, and audited access.

The Operator makes efforts reasonably expected to take such security measures which, considering current technology, provide adequate protection. Security measures are regularly updated.

Rights and Obligations of the Data Subject

Regarding personal data, the data subject has the right to withdraw consent for processing personal data at any time, the right to correct or supplement their personal data, the right to request restriction of processing, the right to raise an objection or complaint against processing of their personal data, the right to access personal data, the right to request transfer of personal data, the right to be informed of a personal data breach, and under certain conditions, the right to deletion of certain personal data processed in connection with the data subject (“right to be forgotten”).

The data subject has the right to adjust and supplement the provided personal data, which can be done within the user account, via the contact form, email at [email protected], or via Hilbi.

The data subject has the right to correct personal data if they are incorrect, via the contact form or email at [email protected] or via Hilbi.

The data subject has the right to request an overview of their personal data, via a request for personal data summary, either via contact form, email at [email protected], or via Hilbi.

Please note that information about your payment card is not stored with the Operator, but with the payment gateway provider (third party). Therefore, this data cannot be deleted by us, and it is necessary to contact the payment gateway through which the payment was made.

Except in cases mentioned in these terms, the data subject has the right to delete personal data in the following cases:

  • Personal data are no longer needed for the purposes for which they were processed,
  • Consent, based on which the data were processed, has been withdrawn and there is no other legal reason for their processing,
  • The data subject has raised an objection to processing personal data and upon assessing the objection it appears that in the specific situation the interest of the data subject outweighs the interest of the Operator in processing such personal data,
  • Personal data are processed unlawfully,
  • If a special legal regulation imposes this obligation,
  • If the data relate to children under 16 years of age.

In case of a deletion request, the data subject requests the deletion of their Hilbi account and related data at: https://hilbi.com/support/delete-account. The data subject who requests the deletion of their personal data then sends a written request for deletion, either via contact form, email at [email protected], or via Hilbi.

The data subject also has the right to raise objections if there are specific reasons against processing provided or obtained personal data, either via contact form, email at [email protected], or via Hilbi.

The data subject also has the right to request that the Operator restrict the processing of their personal data in the event that the data subject has contested the accuracy of the personal data, personal data were processed unlawfully, the Operator does not need the personal data for fulfillment of contractual obligations, or the data subject has raised an objection.

The data subject also has the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, in case personal data are processed in violation of the law. The Operator, of course, prefers that any discrepancies in the processing of personal data be resolved first with the Operator, either via the contact form, email at [email protected], or via Hilbi.

These Privacy Policy terms, including their components, are valid and effective as of February 25, 2026, and are available electronically on the Hilbi portal/application.

Contact

Hilbi Health Global, a.s.

Námestí 14. října 642/17

150 00 Praha 5

Czech republic

Legal documents

Documents to download

Site map

Home

Give us a tip

Keep your health under control. Download Hilbi.
app storeapp store
Social

Copyright © 2026 Hilbi Health, All Right Reserved.