Privacy Statement

Website - Privacy Statement

Version 1.0
05-04-2024 (last reviewed: 06-06-2024)
‍

Introduction
In this privacy statement, we tell you (website visitors, customers and applicants) how we handle your personal data, why we need them and what your rights are in this respect. In doing so, we are fulfilling one of the requirements imposed on us by the General Data Protection Regulation ("GDPR").
‍

Who we are
As a data controller (Patient App B.V., also known as "Caro Health", 'we' or 'us') is responsible for processing your data in a compliant manner. We take it upon us to be transparent about the personal data we collect from you, the way we handle and protect your personal data and how you can exercise your rights.

You can ask us at any time to stop processing or delete the data we have processed from you. For more information, please find your right below.
‍

Processing of personal data of business, job applicants and website visitors‍.

We may process your personal data for our own purposes. Personal data is any information relating to an identified or identifiable living person. In this particular case, we process the following (categories of) personal data from you:

• Contact details (such as name, telephone number, email address and other necessary company and contact information) and contents of your correspondence in Intercom and Gmail our communication provider
• Information regarding the services we provide to you, such as quotes, agreements and instructions in Pipedrive, our sales management system
• What information and documents we have sent to you and, if necessary, whether and when the documents have been opened in Pipedrive, Google Drive and Intercom

We process this personal data for the following purposes:

• What information and documents we have sent to you and, if necessary, whether and when the documents have been opened in Pipedrive, Google Drive and Intercom
• To offer our services and to handle questions and requests
• To provide you with information, either directly (by telephone or email) or via our website
• To operate and improve our website
• To contact you about our services
• To keep you informed about our organization and invite you to meetings and events.
• To consider your job application and to assess your eligibility for a position
• To comply with applicable laws and regulations, and to follow the instructions of other supervisors and authorities

Because processing these personal data has no or minimal impact on your privacy, we process this data based on the legal basis of the legitimate interest of responding to a request you have submitted to us or for our internal client administration in order for us to stay connected to you.

For job applicants, we process the personal data provided before or during the application or participation in Homerun. This may include contact details (name and address), data included in a CV or motivation letter, diplomas and qualifications, information regarding work experience, references and public profiles on social media, such as LinkedIn, and data provided by you during the procedure.

By using Google Analytics, we process among others the following data of the users of the Patient Journey App website:

• Your IP address (masked, cannot be traced back to your personal internet connection)
  Your internet browser
• The pages you visit, the order in which you do so, and how long you stay on a page
• Your location (based on your IP address)

We process your personal data on the grounds of the following legal principles:
We will process your personal data, if you are a contact person at a healthcare institution that purchases or wishes to purchase services from us, as this is necessary for the execution of the agreement we have, or will enter into, with the healthcare institution.
We have a legitimate interest when showing you information via the website or when we send information at your request. We also have a legitimate interest in maintaining contact with you about our services. Furthermore, we have a legitimate interest in recruiting suitable new colleagues. We always weigh our interest against your privacy concerns and keep in mind that we only use your business (contact) data. You can request to find out more about this balance of interests from us.
In certain cases, we ask for your permission, for example when we wish to send you direct marketing messages, although you are not yet a customer of ours. If you give us your consent, you can withdraw it again at any time.
‍

Cookies
We use cookies on our website. You can find more information about this in our Cookie Policy.

Access to personal data
We have taken appropriate measures to protect the processing of your personal data based on the available technology and processing purposes. Patient App BV is ISO 27001 and NEN 7510 certified. We establish access to personal data in accordance with these standards and every Patient App B.V. employee signs a confidentiality agreement. Your personal data can be accessed by authorised Caro employees, who need your personal data to perform their tasks. We cannot be held liable when unauthorised parties gain access to personal data due to actions beyond our reach.
We may also share your personal data with third parties. We make use of, for example, cloud and email service providers. Your personal data are shared with Google, as they are the provider of the Google Analytics platform and we use Google Drive for internal client documentation. Your contact details are shared with Pipedrive, our sales management system, Intercom, our CRM system, where the contact details are stored and are only visible to us.
We have signed a processing agreement with these parties. We also share your personal data with parties who qualify as data controllers, such as external advisors, independent auditors and relevant authorities.
‍

Transfers outside the European Economic Area (EEA)
Some of our service providers are based in a country outside the EEA, including the United States. To comply with EU legislation on data protection in international transfers, we establish transfer agreements based on the standard contractual clauses adopted by the European Commission. Please contact us for more information on the safeguards in place for international transfers.
‍

Your rights regarding personal data processing
Following the GDPR, you have the following rights regarding your personal data:

• right to access
• right to correction
• right to be forgotten
• right to restrict the processing
• right to object to the processing
• right not to be subject to automated decision-making
• right to data portability

We take every request concerning your rights seriously. However, your rights are not absolute. This means that we will not satisfy a request to exercise the rights in all cases.
We will inform you within one month after we have received a request. We will indicate whether and how we will comply with your request and if not, the reason for that. If necessary, Patient App B.V. can extend the reaction time, but in this case, we will let you know within one month within which period you can expect a reaction.
‍

Right to lodge a complaint
It may be that, despite Patient App B.V.'s careful approach, you have complaints about how we handle your personal data and/or rights. You can submit a complaint to the Dutch Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl. We appreciate it when you first notify us of your complaint, but you are not obliged to do so.
Please feel free to file a complaint or question with our Data Protection Officer(privacy@caro.health). This person is independent and their role is to oversee our GDPR compliance, so we encourage you to contact the Data Protection Officer if you have any doubts about this.
‍

No processing of children's data
Children deserve special protection when it concerns the processing of their personal data in a digital environment. The Patient App B.V. website is specifically not designed or aimed at children of 16 years of age and younger. It is not within our policy to intentionally process their personal data.
If a child submits their personal data to us by, for example, sending us an e-mail, we will delete the personal data immediately upon notice.
‍

About this privacy statement
The privacy statement may be subject to change. Substantive changes will be announced in a timely manner via email. Textual changes will not be announced actively, but you can always find this statement on https://www.caro.health/veiligheid/privacyverklaring.

‍