This privacy statement was last updated on September 20, 2023
Who we are
The processing activities described below relate to the users of the Patient App B.V. platform called Caro Health ("Caro", "we", "us"). The processor for all activities described below is Patient App B.V., IJsbaanpad 2, 1076 CV in Amsterdam, KvK number: 71943765. Caro is represented by Thomas Goijarts, who can be reached at email@example.com. If you have a question about how Caro processes your data, please contact our data protection officer at firstname.lastname@example.org.
Caro processes personal data on behalf of your healthcare provider. This means that your health care provider is responsible for what personal data is processed and for what purposes. However, your consent is always required for processing data about your health.
Purpose of processing
The Caro application collects and processes personal data in order to:
- Provide patients with personalized content to guide, motivate and keep them informed
- Track the progress of patients within their treatment
- Help healthcare providers and healthcare-related entities improve the quality of their services
- Invite users to the platform
- Continuously improve the products used for 1, 2, 3 and 4 above
How these goals are achieved in practice is determined by your health care provider.
Categories of people
Caro collects data on the following classes of individuals:
- Healthcare professionals
- Staff of healthcare-related entities
- Caro Health employees (when they provide support for work on the platform)
Categories of personal data
Caro processes the following types of personal data:
- Basic identification information - name, phone number and password - so users can log into the platform
- For patients, metadata about their treatment - for example, treatment date
- For patients, patient-provided and context-derived information - for example, a self-reported pain assessment
- For patients, provider-provided information - for example, what operations have been performed in the past
- For healthcare facilities, information provided by the facility about healthcare providers and other related individuals - for example, the name of a surgeon in a clinic
- For all users, user-provided information to continuously improve Caro Health - for example, 'net promoter' scores
- For all users, an audit log of all activities on the platform
Your main rights as a data subject under the AVG include:
Transparency - To exercise your rights, you must first know what information we have about you. You can ask us to give you a summary.
Control - We process patient data only if you give us your explicit consent during the registration process. You can withdraw this consent at any time, after which we will delete your personal data. You can also ask us to correct inaccurate information about you and to make your data portable so that you can take it with you if you decide to stop using Caro.
See this link for the full list of your rights as a data subject.
Because Caro processes patient data on behalf of your healthcare provider, the law requires them to ensure that you can exercise your rights as a data subject. This means that you must contact your healthcare provider to exercise your rights regarding personal data on the Caro platform.
Sub-processors of personal data
- All user data, including personal health data, is stored in databases running on AWS within the EU
- Authentication data is stored in AWS Cognito within the EU
The Caro application does not transfer personal health information outside the EU. Basic personal information about administrators is sent to Intercom to facilitate customer success and support.
Retention period of personal data
The Caro application retains all personal data for 15 years after a user was last active to:
- To assist with the obligation of healthcare providers under Article 7:454 (3) of the Civil Code
- Historical reporting to be performed
- Maintain an audit log of activities on the platform
Exceptions to this policy are:
- When a user exercises the right to be forgotten - in which case all his personally identifiable data will be deleted from the platform within 45 days of the request (when the last backups containing his data expire), and his usage data will be anonymized
- When a customer terminates their contract and requests their data be deleted
Caro uses anonymous data to:
- Create benchmarks
- Create aggregate reports
- Machine learning models to train
Caro anonymizes personal data by removing all information that could be used to identify a user. This means that after anonymization, the remaining information cannot reasonably be traced back to the original user. For example, this information might tell us that a 50- to 60-year-old man took four weeks to heal after knee surgery in the winter, but not the date of his surgery, his name or his contact information.
See how we approach security for Caro.