Privacy Policy

Last updated: 1st September 2022
1. Introduction 

Care Patron Limited (referred to as “Care Patron”, “our”, “us” or "we") is committed to protecting the privacy of the personal information of our current, former and potential users of our Service (referred to as “you” and “your”). 

This privacy policy sets out how we manage your personal information held by us, including how we collect, use, hold, disclose and otherwise process personal information under any applicable privacy laws.  You will also find information about how to contact us if you have any questions about privacy issues, including how to update or access your personal information or make a complaint.   

If we are unable to collect sufficient personal information we may not be able to provide you with the full benefit of the Service. 

By providing us with your personal information, whether in person, over the phone, by email, via the Service, Website or otherwise or by authorising (either directly or indirectly) third parties to provide us with your personal information you are deemed to have read this Privacy Policy and you are accepting and consenting to the practices described in this privacy policy.
 
2. Note to Care Patron Customers and their Clients

Our customer is the Customer that has engaged us to provide the Service.  

This Privacy Policy does not apply to the personal information we may collect about our Customers’ patients and clients (being “Clients”) from our Customers. Our treatment of any such Client personal information is governed by our agreements with the relevant Customer, including our Terms of Service and HIPAA Business Associate Agreement, as applicable (our “Agreement”). If any provision in our Agreement conflicts with any provision in this Privacy Policy, the provision in our Agreement will prevail to the extent of such conflict.  If we receive any inquiries or requests from Clients about their personal information provided to us by our Customer, we will direct those inquiries or requests to the relevant Customer. 

If you are a Client, we may retain your personal information on behalf of your Customer. If you have questions about how we process Customer supplied personal information, we encourage you to reach out to the appropriate Customer. We may send any inquiries that we receive directly from you about our use of your personal information to that Customer. 

If you are a Client that inputs personal information into the Service directly, we will not access or use that personal information except for the limited purpose of anonymising and aggregating it or for one of the internal business purposes set out below. Once that information is anonymised and aggregated it is no longer personal information (ie can no longer be used to identify you) and is not regulated by this Privacy Policy.

3. How is personal information collected? 

Where possible we will collect personal information that we will use for our own business purposes directly from you.  However, we will collect personal information in a variety of ways as a result of you using the Service and in certain circumstances we may collect your personal information from other third parties, including our related entities, service providers, contractors, and agents. 

4. What types of personal information do we collect? 

Generally, the types of personal information that we collect from or about you depends on the circumstances in which the information is collected.  We have described below examples of the types of personal information that may be collected, however this is not an exhaustive list.

Information you provide:

Customer information
: We collect information from you when you create or update your account. The main type of personal information that we collect is your full name and contact details, including physical and postal address, email addresses, phone numbers, mobile numbers, login name and password for the purpose of creating and managing your account.

Professional information: We also collect professional and employment-related information, such as your business name, your license number, calendar and scheduling information, and other information related to your business. 

Payment information: We collect transactional information, such as credit or debit card numbers and tax IDs in order to process your payments for our Services. We also collect your insurance information in order to process payments made to you by your Clients. 

Communications and phone calls: When you communicate with us in relation to the Service, we may collect information about your communication and any other information you provide. This includes when you call or message us, in which case we may retain your call for fraud prevention, internal training and quality assurance purposes.

Automatically collected information:

Device information:  We may collect information about the devices you use to access the Service including the hardware model, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, and mobile network information. 

Location information: When you use certain features of the Service, we may collect different types of information about your general location or more specific location information (e.g. precise location from your mobile GPS). Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu. 

Statistical information: We may collect non-personal information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies.

Other information
We may also collect other personal information as otherwise permitted or required by law, as well as any other information that you choose to provide us. 

We do not collect any ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) unless you voluntarily provide this. Nor do we collect any information about criminal convictions and offences.

We only collect and process personal information that we consider necessary for the effective functioning of the Service and business.  

5. For what purposes do we collect, hold, use and disclose personal information? 

We only collect, hold, use and disclose personal information for the purposes for which it was originally collected (and for related purposes which you would reasonably expect), unless required or authorised by or under law or if the individual concerned has consented to another use.  Some of the specific purposes for which we collect, hold, use and disclose personal information includes to:

- Create and update your account;

- Verify your identity;

- Enable us to correspond with you for reasons related to the Service;

- Allow us to effectively operate the Service and our business;

- Measure the effectiveness of the Service and understand how people use and interact with the Service;

- Prevent breaches of our Terms of Service and ensure the security of the Service;

- Conduct investigations relating to the Service and make risk assessments;Allow our business and Service to be audited;

- Publish things on our Website;

- Ensure we comply with our obligations. We will use information to ensure we comply with the law, including disclosures authorised under applicable privacy laws and any other relevant legislation.

We may also process your personal information for other purposes which are disclosed to you, and to which you consent, whether expressly or by implication by providing us with your personal information with knowledge of how we intend to use it.

A list of third-party services (Subprocessors) we use can be found at https://help.carepatron.com/en/articles/8216691-carepatron-subprocessors

6. Who has access to your personal information? 

We respect the privacy of your personal information and will take all reasonable steps to keep it strictly confidential.  However, we may disclose your personal information to third parties if required in connection with the purposes described in this privacy policy. This may include disclosure to the following persons:

- our employees, officers, contractors, third party service providers, agents, and partners;

- our related or affiliated companies and their respective employees, officers, contractors, service providers and agents (and our related or affiliated companies may disclose the personal information directly to their contractors, service providers and agents); 

- our accountants, insurers, lawyers, auditors and other professional advisors;
- any other third parties to whom you direct or permit us to disclose your personal information (e.g. third parties with whom we have directly or indirectly arranged services for your benefit);

- third parties that require the information for law enforcement or to prevent a serious threat to public safety; and

- as otherwise permitted or required by or under any applicable law. 

In the event that we sell a part of or the whole of our business, our records of personal information may be transferred to the new business owner or any of its related or affiliated companies (as the case may be).    

Any recipients of your personal information shall only be entitled to use your personal information as required for the purposes for which it was provided to them, which shall be consistent with the purposes described in this privacy policy.

We will take reasonable steps to ensure that any third party to whom we disclose personal information is required to comply with applicable privacy law.  One way we achieve this is by placing contractual obligations on third parties governing the use of personal information that we provide them with.                

Your provision of personal information to us (whether directly or indirectly) will constitute your consent for us to disclose this information in accordance with this privacy policy. 

7. Your Rights – Marketing

You will only receive marketing communications from us and/or third parties if you have consented to this when you provided your contact details to us (or if you have otherwise submitted your consent to us for these purposes).  These communications may be sent in various forms, including mail, SMS, fax, and email, in accordance with the applicable marketing laws of your jurisdiction.

You have the right to ask us not to use your personal data for marketing purposes. You can request that you stop receiving information from us at any time by contacting us at the address set out below (please see clause 15).

8. Advertisers

We do not disclose identifiable information about individuals to our advertisers or sponsors, but we may provide them with anonymized aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' and sponsors’ wishes by displaying their advertisement to that target audience. 

9. Cookies 

Our Service and Website use a technology called cookies to record the preferences of visitors and enable us to optimise the design of our website.  A "cookie" is a small data element that a website transfers to your computer for record keeping and experience customisation purposes. The length of time that a user’s computer stores cookies is determined by the user’s browser settings.

The use of "cookies" is an industry standard and helps show us how the Service is used. During normal usage the Service and Website "cookies" do not store your email address or other personal information about you unless you have given your consent, or if it is essential for technical reasons. We use this technology to generate statistics and measure website activity to improve the usefulness of the Service. Each time you access the Service or Website, our server may deliver certain customised information (such as advertisements) to you based on the data stored in your cookie. Third party vendors may utilise cookies to collect information about the content you view on the Service and/or Website and use that information to show our advertisements on websites and/or serve these advertisements based on your prior use of the Service or visits to our Website and other internet activity. We may also use analytics data supplied by third party vendors to inform and optimise our ad campaigns. 

Some of the tags that are used on the Service and Website include, but are not limited to, container tags (such as Google tag manager), which include retargeting tags and analytics tags. These tags provide us with aggregated knowledge and information on website behaviour and user preferences. 

By using the Service and Website you consent to the use and storage of cookies on your end device. You can also use the Service and Website without cookies.  If you do not wish to receive any cookies you may set your browser to refuse cookies. Not all features of the Service and Website may be available if you do not enable cookies.  We recommend you enable cookies in order to enjoy the Service.  

10. Storage and Security

Any personal information that falls within the scope of this privacy policy is collected and held by Care Patron Limited or trusted third parties we may engage to store information on our behalf (such as cloud hosting service providers).

We will take reasonable steps to protect your personal information from misuse, interference, corruption, loss or unauthorised access, modification or disclosure, including through physical, electronic and procedural safeguards.  For example, we only use cloud storage providers that represent to us that they are compliant with the United States’ Health Insurance Portability and Accountability Act (“HIPAA”), an internationally recognized standard of protecting health information. However, to the extent permitted by law, we will not be responsible for and exclude all liability arising in relation to any misuse, interference, corruption, loss or unauthorised access, modification or disclosure of your personal information. 

If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. You should notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.

If we become aware of any breach involving your personal information we will comply with the requirements of any applicable privacy laws relating to the reporting of privacy breaches. 

11. Disclosure of personal information offshore

This clause 11 applies if you reside in New Zealand.

Some of the third parties to whom we disclose personal information may be located outside New Zealand.  In addition, our cloud storage provider, websites and systems may also be based on servers located outside of New Zealand.

If we disclose personal information to third parties based offshore, we will comply with the requirements of any applicable privacy laws that relate to the transfer of personal information offshore.

12. Transferring your personal information out of the EEA

This clause 12 applies if you reside in the European Union or United Kingdom.

To deliver services to you, it is necessary for us to share your personal information outside the European Economic Area (“EEA”), e.g.:

(a) with our offices outside the EEA;

(b) with our service providers located outside the EEA; and

(c) if you are based outside the EEA.

These transfers are subject to special rules under European and UK data protection law and whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring any such transfer out of the EEA complies with data protection law and all personal information will be secure.

13. How long do we retain your personal information? 

We will keep your personal information for as long as it is required for the purposes for which it was collected, taking into consideration our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements. 

When the personal information that we collect is no longer required or is not required to be retained by law, we destroy, delete or permanently anonymise it (except for any personal information located on an off-site server or which is stored as electronic back-up data that cannot be readily accessed).

Where applicable law sets a minimum or maximum retention period, we will comply with such restriction. 

14. Email and other electronic communications

By using the Service and Website you consent to receiving communications from us or from third parties on our behalf using the contact details you have provided (including, without limitation, via direct mailing, email, SMS, telephone call, and other phone number based messaging) which promote and market our Service from time to time.

You can opt out of those communications at any stage by contacting us using the contact details set out below at clause 15 or by utilising the "unsubscribe" facility included on all such communications. Once you have unsubscribed from these communications, we will remove you from the corresponding marketing list as soon as is reasonably practicable.

If you wish to unsubscribe from marketing material you receive from us, please contact us directly.

15. Your rights to access and correct personal information

If your personal information changes, or if you no longer desire our Services, you may modify or remove it by logging into your Account and making the changes in your Account settings.

You may obtain confirmation from us as to whether or not we hold personal information about you. You may also request a copy of the personal information and/or request that corrections or changes are made to it. You can make such requests in relation to your personal information by contacting our Privacy Officer using the details set out below.  Please quote your name and address and, if possible, provide brief details of what information you want a copy of (this helps us to more readily locate your information).

We will provide you with access to your personal information unless we are required or authorised to refuse such access by law.  There may be instances where we cannot grant you access to the personal information we hold. For example, Care Patron may need to refuse access if granting access would interfere with the privacy of others, if it would result in a breach of confidentiality or is not readily retrievable. If we refuse for whatever reason, we will give you written reasons for refusal.

In some cases, there may be a charge associated with retrieving and providing a copy of your personal information to you. If so, we will advise you of this prior to sending your information.

If you are located in the United States and Care Patron does not agree that there are grounds for amendment, then Care Patron will add a note to the personal information stating that you disagree with it.  In addition, Care Patron will not charge for simply making the request and will not charge for making any corrections to your personal information.

All such enquiries should be directed to:
Privacy Officer
Care Patron LimitedC/- Sharp Tudhope Lawyers, 152 Devonport Road, Tauranga, 3110, New Zealand 
Jamiefrew@carepatron.com
022 466 7868

16. Complaints 

At all times we will strive to ensure that your personal information is treated confidentially and in accordance with any applicable privacy laws. However, if you have any questions or complaints about the handling of your personal information, please contact our Privacy Officer in the first instance using the contact details set out in clause 15 above and we will do our best to assist.   

If you are not satisfied with our response, you may refer your complaint to the applicable regulator.  If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances. We note that:

- If the New Zealand Privacy Act 2020 applies to your personal information and we are unable to resolve your concerns you have the right to make a complaint to the NZ Privacy Commissioner. For further information on making a complaint visit www.privacy.org.nz/your-rights/making-a-complaint. 

- If the General Data Protection Regulation applies to your personal information, that regulation gives you the right to complain to the supervisory body in the EEA state in which you live, work, or where any alleged infringement of data protection laws has occurred.  The supervisory authority in the UK is the Information Commissioner, who may be contacted online at www.ico.org.uk/concerns or alternatively by telephone on 0303 123 1113.

17. Links to other websites

Our Website may contain links to other sites and plugins that are owned or operated by third parties and which are therefore not under our control, including the websites and plugins of our third party service providers.  We take no responsibility for linked websites or plugins and provide them solely for your information and convenience.  We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content or thoroughness. Your disclosure of personal information to or in connection with third party websites and plugins is at your own risk.  This privacy policy applies solely to our collection of personal information and not personal information collected by us.

18. Changes to this privacy policy 

We reserve the right to amend this privacy policy from time to time by posting an updated privacy policy here on our Website.  We will collect, use, hold and disclose your personal information in accordance with our most recently updated version of the privacy policy.   We recommend that you regularly review this privacy policy when you visit our Website.

If you do not agree with any aspect of the updated privacy policy, you must promptly notify us and you may be required to cease using our Service and Website. 

This privacy policy was last updated in September 2022.

Definitions

Agreement” has the meaning given to that term in clause 2.“

App” means the progressive web application accessed on a smart phone, computer, tablet, or any other device capable of running the progressive web application, available for download, which operates the business of Care Patron.

Customer” means the entity with whom Care Patron enters into an Agreement for the purposes of providing access to the Service to the Client or any of its employees, contractors or other agents.  

Client” means the person undergoing care with the Customer.

Service” means the service relating to the healthcare e-portfolio platform accessed through our App and/or Website.

Website” means the online medium of the domain of “www.carepatron.com”, which operates the business of Care Patron. This term includes website operations performed on “www.carepatron.com”. 

Supplemental California Privacy Statement
California residents have certain rights under the California Shine the Light law and the California Consumer Privacy Act (“CCPA”).

In this Supplemental California Consumer Privacy Act Privacy Policy (“CCPA Privacy Policy”), we, Care Patron Limited, provide information about our data processing practices as required by the CCPA and supplement the disclosures in our Privacy Policy and other privacy notices. This CCPA Privacy Policy is effective and was last updated in August 2022, and is addressed only to residents of the State of California.

CCPA Disclosures
In general, within the preceding 12 months:
- We have collected the categories of personal information listed in clause 4 of our Privacy Policy.
- We have collected these categories of personal information directly from you, when you use our Services, and from third parties for the purposes described in clause 5 of our Privacy Policy.
- We have disclosed the following categories of personal information for business purposes: Identifiers and contact information; professional and employment-related information; commercial information; transactional information; and internet and network activity information.
- We have not sold your personal information.

CCPA Privacy Rights
As of January 1, 2020, certain California residents are entitled to privacy rights under the CCPA. Customers who wish to exercise these rights should direct their requests to the customer who controls their personal information.    

The right to know
You have the right to request to know (i) the specific pieces of personal information we have about you; (ii) the categories of personal information we have collected about you in the last 12 months; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your personal information.

The right to deletion
You have the right to request that we delete the personal information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected. If we deny your request for deletion, we will let you know the reason why.

The right to equal service
If you choose to exercise any of these rights, we will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.

You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, please contact us using the contact details set out in clause 16 of our Privacy Policy. 

We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to verify you are the individual about whom we collected personal information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.

Authorised Agent
You may use an authorised agent to submit a request to know or a request to delete if:

(a) The authorised agent is a natural person or a business entity registered with the Secretary of State of California; and

(b) You sign a written declaration that you authorize the authorised agent to act on your behalf.

To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorised by you to act on their behalf.

If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

Shine the Light

Our California customers are also entitled to request and obtain from us once per calendar year information about any of your personal information used to improve the app's functionality and experience. To request this information please contact us using the contact details set out in clause 16 of our Privacy Policy.

Local access and privacy laws
Carepatron is a global operating system, and we acknowledge that Personal Information about patients and the obligations of healthcare practitioners may be subject to access and privacy laws in the country of those clients reside. We take all reasonable steps to comply with local access and privacy laws.

Carepatron offers the Standard Contract Clauses included in a Data Processing Addendum (DPA). This is important for Customers operating in the European Union and the United Kingdom or those bound to the UK General Data Protection Regulation (UK GDPR) or General Data Protection Regulation (GDPR) requirements. The DPAs are incorporated into the Agreement (as applicable) by reference. The UK DPA can be found at http://www.carepatron.com/uk-data-processing-addendum, and the EU DPA can be found at http://www.carepatron.com/eu-data-processing-addendum.

Questions or complaints
If you have any questions or complaints about our Privacy Policy or how we handle your Personal Information, contact us at team@carepatron.com. This is our preferred method of contact.

We also have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. They can be reached at team@carepatron.com