Privacy Policy

Our priority is your confidentiality and security of your information collected when you interact with the website and tablet computer application VIGO. This Privacy Policy describes how we collect, store, and process your Personal Data, that is shared with us when visiting our website or using Vigo App. In order to receive additional information about your Personal Data, the purposes, and the parties receiving Personal Data, contact the Data Controller at hello[at] or by phone +371 25765595.

Data Controller

Vigo Health, SIA

. Strelnieku street 8, Riga, Latvia, LV-1010


Data Protection Officer

Lonija Kazlauska


The information provided above is intended to address the Controller for the resolution of data protection matters, accessing your information collected by the Controller and revoking your permission to data processing, or restricting data processing.  

For purposes of this Privacy Policy the following terms shall be defined:

“App” – refers to downloadable mobile, tablet or computer software owned or operated by Vigo Health, SIA. References to “App” include any and all audial, visual, interactive content and features available through such application.

“Data Controller”, “Vigo”, “We” or “Us” – refer to Vigo Health, SIA and any of  our officers, managers, employees, contractors, and agents currently in legal relationship with Vigo Health, SIA. To the extent applicable through legal agreements the term also refers to our affiliates, service providers and licensors, and their officers, managers, and employees.

“Data Protection Officer” or “DPO” – refers to the party employed or contracted by the Data Controller or Processor to supervise the enforcement of national and international regulations within the scope of data processing.

“Content” – any and all information visual, audial or textual and any other form of the material provided by Vigo Health through software applications, websites, and any other channel owned by Vigo Health, SIA. Including photos, videos, audio, chat conversations and other information modules available in Our Services.

“Services” – refers collectively to any and all Websites, Applications and Content provided and managed by Vigo Health, SIA, including any related services software, hardware and technology used to provide the foregoing.

“Processor and Processors” – private persons and legal entities authorized by Vigo Health and granted access to process specific User data categories exclusively by this entity in the name of Vigo Health.

“Users” – refers to any persons directly involved in accessing and utilizing the Services. References to “access” and/or “use” of the Services (and any variations thereof) include the acts of accessing or browsing the Services, and accessing or using the Content.



Scope of the Privacy Policy 

It is important for Us that Users understand how and why we collect, store and analyze the personal data directly and indirectly provided. This Privacy Policy is intended to ensure the integrity, availability and security of personal data.  This privacy policy outlines how We will use, store and share your personal data, and supplements any other fair processing or privacy notices provided to you. 

By reading this Privacy Policy you will better understand how We:

  • Protect the integrity, availability and security of User personal data;
  • Protect rights and legal interests of Our Services and Users;
  • Utilize third party services to process pseudonymised User data (behavioral data analytics). 

Categories of Data collected

We collect and store information that is provided directly and indirectly when accessing Services. Including when registering for the App, creating a profile, submitting information and updates about your condition, when Users update their preferences, respond to a survey, contact us with questions or comments, or provide other feedback. The collected usability information and rehabilitation progress data you provide to Us by accessing Services.

We may request specific sets of specific information such as government identifiers, social security numbers, or other financial information in connection with payment processing. We will not ask for sets of sensitive information such as marital status, religious, political beliefs, sexual orientation, and other sensitive information that is unrelated to fulfilling our Purpose. Please do not provide this information to us, including through emails, feedback forms or otherwise.

Any use of Cookies – or other tracking tools – by the Controller or by the Processors, is described in the Cookie Policy, unless stated otherwise.

Failure to provide certain sets of Personal Data may lead to disturbance in the provision of Services.

Users are responsible for any Personal Data of third parties obtained, published, or shared through the App and confirm that they have the third party’s consent to provide the Data to the Data Controller.

Personal Data Collected

By default, this includes User Data such as:

  • Full name;
  • Date of birth;
  • Gender;
  • Age;
  •  Address, email, phone number;
  • Credit card information;
  • Contact persons;
  • User IP;
  • Any other data User has made publicly available.

Sensitive Data

We also collect sensitive categories of data. Emotional, physical health and disability data may be collected when submitting the User application form and signing up for use of the App or while using it. 

Behavioral and analytical data is collected while using the App and accessing Our website.

User progress data is collected while using the App for automated Content adjustment. 

The use of the collected Data

By signing up to use Services, you consent to us processing your physical and mental health data to track your user progress. You consent to receive communication via email, push notifications in the App, by phone, or any other means found necessary by Us. You have the right to restrict the use of your data for this purpose by contacting us at hello[at]

If you are receiving Services through your employer or health plan, we will not share any information about your health, user progress with your employer or the health plan. We may send de-identified information to your employer, insurance company, or health plan for billing purposes.

We may send identifiable information to the provider of your non-employer  insurance plan for billing purposes if you are receiving Services through your healthcare provider, non-employer insurance company, or medical care service provider.

The Personal Data used for each purpose is outlined in the specific sections of this document. We may use any of the information we collect to:

  • identify the User in App;
  • prepare User profile 
  • Invoicing;
  •  customize the Content for the physical and mental condition of the User;
  • notify Users about changes to Our Services;
  • for purposes of business planning and analytics;
  • comply with any binding legal acts;
  • contact the User about activity within the App or security incidents;
  • allow Us to operate our Services, including payment processing, administration, internal operations, troubleshooting, data analysis, testing, research, statistical and surveying purposes;
  • manage User access to our Services;
  • contact Users directly about unusual activity in their account;
  • create reports for our affiliates, licensors, service providers and Users or prospective Users that may include aggregate information about the use of various aspects of the Services;
  • carry out our obligations and enforce our rights arising from any contracts entered into between Users and Us, including billing and collection;
  • protect the integrity and maintain the security of our Services, including secured areas of the App or Website;
  • in any other way that we describe when Users provide the information; 
  • for any other purpose for which Users have consented too.

Mode and place of processing the Data


The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller at hello[at]

Retention period

The Data is retained for the Service provision period but not longer than to fulfill the purposes outlined in this Policy. The User can at any time request suspension or erasure of Data by directly contacting the Controller at hello[at] The Data is retained until the User or the Controller closes the User account and is no longer accessing Services. In some instances pseudonymised health Data may be kept for up to forty years after closing User account, for example:

Stored securely  on our backup recovery system servers for analytical purposes;

Stored securely to protect our legal interests or comply with any binding legal requirements;

Stored securely within systems of third-party service providers for the agreement or legally required period;

Stored securely while there is any judicial commitment to storage or analysis of the data. 

Methods of processing

The Data Controller processes the User Data to retain availability, integrity and security. The Controller ensures appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to upper management, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies etc.) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time at hello[at]

Categories of data Processors

All personal data and any other identifiable information collected by the Controller during the provision of Services is stored in a safe data storage space and shall not be disclosed to any third parties, except:

  • Disclosure of personal data is mandatory for public interest and is regulated under public legal acts or data processing functions are assigned to a third party within a secure agreement (user data analytics service provision, customer management system service provider, payment processing, bookkeeping service provision, banks);
  • It is stipulated by public legal acts and is mandatory for protecting Our legal interests;
  • The User has given their indisputable consent.

With User consent we may share their personal data with third-party service providers such as:

  •  Data security, website hosting, cloud hosting, storage solutions, software as a service (SaaS), and other IT services; 
  • Pharmacovigilance and medical queries handling services;  
  • Legal, regulatory, tax services; 
  • Translation, legalization and notarization services; 
  • Customer relationship management (CRM) services; 
  • External salesforce services; 
  • Access control and security services.

Legal action

The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.

The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

The rights of Users

Users have the right, at any time, to consult the Data Controller’s Data Protection Officer on the Personal data contents, origin, to verify their accuracy, or to ask to supplement, update, correct, erase, as well as to oppose their processing for any and all legitimate reasons. Requests should be sent to the Data Controller’s Data Protection Officer at the contact information set out above.

The User has a right to withdraw his consent to data collection and processing by messaging to hello[at]

The withdrawal of consent does not affect any data collected and processed prior to receiving the letter, with an exception of data removal request.

The consent withdrawal does not affect any data collected and processed for any other legitimate reason.

Third Party Websites, Apps and Social Media

Our Website and App may, from time to time, contain links to and from the websites and/or apps of third parties. If you follow a link to any of these websites or apps, please note that these websites and apps have their own Privacy Policies and that we do not accept any responsibility or liability for these policies or your use of those websites and apps.

Changes to this privacy policy 

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. The Users will be notified by email on the Website date of the last modification is visible at the bottom. If a User objects to any of the changes to the Policy, the User must cease using Services and can request the erasure of Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

This Privacy Policy was updated on August 25th 2022.