Privacy Statement

This privacy statement was last updated on March 20, 2024

Who we are

The processing activities described below relate to the users of the Patient App B.V. platform called Caro Health ("Caro", "we", "us"). The processor for all activities described below is Patient App B.V., H.J.E. Wenckebachweg 123, 1096 AM Amsterdam, KvK number: 71943765. Caro is represented by Thomas Goijarts, who can be reached at If you have a question about how Caro processes your data, please contact our data protection officer at

Caro processes personal data on behalf of your healthcare provider. This means that your health care provider is responsible for what personal data is processed and for what purposes. However, your consent is always required for processing data about your health. 

Purpose of processing

The Caro application collects and processes personal data in order to:

  1. Provide patients with personalized content to guide, motivate and keep them informed
  2. Track the progress of patients within their treatment
  3. Help healthcare providers and healthcare-related entities improve the quality of their services
  4. Invite users to the platform
  5. Continuously improve the products used for 1, 2, 3 and 4 above

How these goals are achieved in practice is determined by your health care provider.

Categories of people

Caro collects data on the following classes of individuals:

  1. Patients
  2. Healthcare professionals
  3. Staff of healthcare-related entities
  4. Caro Health employees (when they provide support for work on the platform)

Categories of personal data

Caro processes the following types of personal data:

  1. Basic identification information - name, phone number and password - so users can log into the platform
  2. For patients, metadata about their treatment - for example, treatment date
  3. For patients, patient-provided and context-derived information - for example, a self-reported pain assessment
  4. For patients, provider-provided information - for example, what operations have been performed in the past
  5. For healthcare facilities, information provided by the facility about healthcare providers and other related individuals - for example, the name of a surgeon in a clinic
  6. For all users, user-provided information to continuously improve Caro Health - for example, 'net promoter' scores
  7. For all users, an audit log of all activities on the platform

Patient rights

Your main rights as a data subject under the AVG include:

Transparency - To exercise your rights, you must first know what information we have about you. You can ask us to give you a summary.

Control - We process patient data only if you give us your explicit consent during the registration process. You can withdraw this consent at any time, after which we will delete your personal data. You can also ask us to correct inaccurate information about you and to make your data portable so that you can take it with you if you decide to stop using Caro. 

See this link for the full list of your rights as a data subject.

Because Caro processes patient data on behalf of your healthcare provider, the law requires them to ensure that you can exercise your rights as a data subject. This means that you must contact your healthcare provider to exercise your rights regarding personal data on the Caro platform. 

Sub-processors of personal data

The Caro application stores personal data with ISO27001- and HIPAA-compliantcloud providers

  1. All user data, including personal health data, is stored in databases running on AWS within the EU
  2. Authentication data is stored in AWS Cognito within the EU

The Caro application does not transfer personal health information outside the EU. Basic personal information about administrators is sent to Intercom to facilitate customer success and support.

Retention period of personal data

The Caro application retains all personal data for 20 years after a user was last active to:

  1. To assist with the obligation of healthcare providers under Article 7:454 (3) of the Civil Code 
  2. Historical reporting to be performed
  3. Maintain an audit log of activities on the platform

Exceptions to this policy are:

  1. When a user exercises the right to be forgotten - in which case all his personally identifiable data will be deleted from the platform within 45 days of the request (when the last backups containing his data expire), and his usage data will be anonymized
  2. When a customer terminates their contract and requests their data be deleted

Anonymous data

Caro uses anonymous data to:

  1. Create benchmarks 
  2. Create aggregate reports
  3. Machine learning models to train

Caro anonymizes personal data by removing all information that could be used to identify a user. This means that after anonymization, the remaining information cannot reasonably be traced back to the original user. For example, this information might tell us that a 50- to 60-year-old man took four weeks to heal after knee surgery in the winter, but not the date of his surgery, his name or his contact information. 

Safety measures

See how we approach security for Caro.