Privacy Policy
Last updated: December 2024
1. Introduction
ContextCare ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our healthcare management platform and related services. By using our services, you consent to the practices described in this policy.
We are established in Ireland and operate in compliance with the General Data Protection Regulation (GDPR) and applicable Irish data protection laws. Our lead supervisory authority is the Data Protection Commission (DPC) in Ireland.
2. Information We Collect
We collect and process various categories of personal data to provide and improve our services. The information we collect depends on how you interact with our platform and the services you use.
Account and Profile Information: When you create an account or use our services, we collect information such as your name, email address, phone number, job title, organization name, and professional credentials. This information is essential for account management, service delivery, and communication purposes.
Usage and Technical Data: We automatically collect technical information when you access our platform, including your IP address, browser type, operating system, device information, and unique device identifiers. We also collect information about your interactions with our platform, such as pages visited, features used, time spent on different sections, and error logs. This data helps us improve our services, ensure security, and provide technical support.
Healthcare and Professional Data: As a healthcare management platform, we may process data related to your professional activities, including patient information (where you have appropriate consent or legal basis), appointment schedules, clinical notes, and other healthcare-related data. This data is processed in accordance with applicable healthcare regulations and data protection laws.
Communication Data: We collect information from your communications with us, including support requests, feedback, and any other correspondence. This helps us provide customer service and improve our platform based on your needs.
3. How We Use Your Information
We use the collected data for multiple purposes, all aimed at providing you with the best possible service while ensuring compliance with legal obligations.
Service Provision and Management: Your personal data is primarily used to provide, maintain, and improve our healthcare management platform. This includes processing your account registration, managing your subscription, providing technical support, and ensuring the platform functions correctly for your specific use case.
Communication and Support: We use your contact information to communicate with you about your account, service updates, security notifications, and important changes to our platform. We also use this information to provide customer support and respond to your inquiries and requests.
Platform Improvement and Analytics: We analyze usage patterns and technical data to improve our platform's functionality, user experience, and performance. This includes identifying and fixing bugs, optimizing features, and developing new capabilities based on user needs and feedback.
Security and Fraud Prevention: We use your information to maintain the security of our platform, detect and prevent fraud, abuse, and other malicious activities. This includes monitoring for suspicious login attempts, unauthorized access, and other security threats.
Legal Compliance: We process your data to comply with applicable laws, regulations, and legal obligations. This includes maintaining records for tax purposes, responding to legal requests, and ensuring compliance with healthcare regulations and data protection laws.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on one or more of the following legal grounds:
Contract Performance: Most of our data processing is necessary to perform our contract with you, including providing our healthcare management platform, processing payments, and delivering customer support services.
Legitimate Interests: We process certain data based on our legitimate interests, such as improving our services, ensuring platform security, and providing customer support. We always balance these interests against your fundamental rights and freedoms.
Consent: In some cases, we process your data based on your explicit consent, such as for marketing communications or certain types of analytics. You can withdraw your consent at any time.
Legal Obligation: We may process your data to comply with legal obligations, such as maintaining records for tax purposes or responding to lawful requests from authorities.
Vital Interests: In rare circumstances, we may process data to protect vital interests, particularly in emergency healthcare situations where immediate action is required.
5. Data Sharing and Disclosure
We are committed to protecting your privacy and do not sell, trade, or rent your personal data to third parties for marketing purposes. However, we may share your information in the following circumstances:
Service Providers and Partners: We work with trusted third-party service providers who assist us in operating our platform, including cloud hosting providers, payment processors, analytics services, and customer support tools. These providers are contractually bound to protect your data and use it only for the specific services they provide to us.
Healthcare Integration Partners: If you use our platform to integrate with other healthcare systems or services, we may share relevant data with these partners to facilitate the integration. Such sharing is always based on your explicit consent or a legitimate business need.
Legal Requirements: We may disclose your information when required by law, regulation, or legal process, such as in response to a court order, subpoena, or government investigation. We will always attempt to notify you of such requests unless prohibited by law.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will ensure that any such transfer is conducted in accordance with applicable data protection laws.
Emergency Situations: In emergency healthcare situations where immediate action is required to protect vital interests, we may share relevant information with healthcare providers or emergency services.
6. Data Security and Protection
We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:
Encryption: All data transmitted between your device and our platform is encrypted using industry-standard TLS/SSL protocols. Data at rest is also encrypted using strong encryption algorithms to ensure confidentiality.
Access Controls: We implement strict access controls to ensure that only authorized personnel can access your data. This includes role-based access controls, multi-factor authentication, and regular access reviews.
Infrastructure Security: Our platform is hosted on secure, enterprise-grade infrastructure with multiple layers of security, including firewalls, intrusion detection systems, and regular security audits.
Regular Security Assessments: We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential security risks. We also maintain incident response procedures to quickly respond to any security incidents.
Employee Training: All our employees receive regular training on data protection, security best practices, and their obligations under applicable privacy laws.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Our retention periods are based on the following factors:
Active Account Data: We retain your account and profile information for as long as your account is active and you continue to use our services. If you deactivate your account, we will retain certain information for a limited period to comply with legal obligations and provide support if you reactivate your account.
Healthcare Data: Healthcare-related data is retained in accordance with applicable healthcare regulations and professional standards, which may require longer retention periods for clinical and legal purposes.
Financial and Legal Records: We retain financial records, transaction data, and legal documentation for periods required by tax laws, accounting standards, and other legal obligations.
Technical and Security Data: Log files, security records, and technical data are retained for a limited period to ensure platform security, troubleshoot issues, and comply with security requirements.
When the retention period expires, we securely delete or anonymize your data in accordance with industry best practices and legal requirements.
8. Your Rights Under GDPR
Under the GDPR, you have several rights regarding your personal data. We are committed to helping you exercise these rights:
Right of Access: You have the right to request a copy of the personal data we hold about you and information about how we process it. We will provide this information within one month of your request, unless the request is complex or numerous, in which case we may extend the timeframe by up to two additional months.
Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you. We will promptly correct any errors and notify any third parties with whom we have shared the data.
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the processing is unlawful. However, this right is not absolute and may be limited by legal obligations or legitimate interests.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful but you do not want the data deleted.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller, where technically feasible.
Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, and we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless such processing is necessary for the performance of a contract or based on your explicit consent.
To exercise any of these rights, please contact us using the information provided at the end of this policy. We will respond to your request within one month, unless the request is complex or numerous, in which case we may extend the timeframe by up to two additional months.
9. International Data Transfers
As an Ireland-based company, we primarily process your data within the European Economic Area (EEA). However, some of our service providers may be located outside the EEA. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:
Adequacy Decisions: We may transfer data to countries that have been deemed to provide an adequate level of protection by the European Commission.
Standard Contractual Clauses: For transfers to countries without adequacy decisions, we use standard contractual clauses approved by the European Commission to ensure appropriate protection of your data.
Other Safeguards: We may also rely on other appropriate safeguards, such as binding corporate rules or approved codes of conduct, to ensure the protection of your data during international transfers.
10. Cookies and Tracking Technologies
Our platform uses cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve our services. For detailed information about the cookies we use and how to manage them, please refer to our separate Cookie Policy.
11. Children's Privacy
Our platform is designed for healthcare professionals and is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this policy and notify you of significant changes through our platform or by email.
We encourage you to review this policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes to this policy constitutes acceptance of the updated policy.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer:
Email: dpo@contextcare.eu
Phone: +353 1 234 5678
General Privacy Inquiries:
Email: privacy@contextcare.eu
Address: ContextCare, [Address], Dublin, Ireland
Supervisory Authority:
If you have concerns about our data processing activities, you have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland:
Website: www.dataprotection.ie
Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland