Care Patron Limited (referred to as “Care Patron
” or "we
") is committed to protecting the privacy of the personal information of our current, former and potential users of our Service (referred to as “you
” and “your
If we are unable to collect sufficient personal information we may not be able to provide you with the full benefit of the Service.
Our customer is the Customer that has engaged us to provide the Service.
”) from our Customers. Our treatment of any such Client
personal information is governed by our agreements with the relevant Customer, including our Terms of Service
and HIPAA Business Associate Agreement
, as applicable (our “Agreement
If you are a Client, we may retain your personal information on behalf of your Customer. If you have questions about how we process Customer supplied personal information, we encourage you to reach out to the appropriate Customer. We may send any inquiries that we receive directly from you about our use of your personal information to that Customer.
Where possible we will collect personal information that we will use for our own business purposes directly from you. However, we will collect personal information in a variety of ways as a result of you using the Service and in certain circumstances we may collect your personal information from other third parties, including our related entities, service providers, contractors, and agents. 4. What types of personal information do we collect?
Generally, the types of personal information that we collect from or about you depends on the circumstances in which the information is collected. We have described below examples of the types of personal information that may be collected, however this is not an exhaustive list.
Information you provide:
: We collect information from you when you create or update your account. The main type of personal information that we collect is your full name and contact details, including physical and postal address, email addresses, phone numbers, mobile numbers, login name and password for the purpose of creating and managing your account.
: We also collect professional and employment-related information, such as your business name, your license number, calendar and scheduling information, and other information related to your business.
: We collect transactional information, such as credit or debit card numbers and tax IDs in order to process your payments for our Services. We also collect your insurance information in order to process payments made to you by your Clients.
Communications and phone calls
: When you communicate with us in relation to the Service, we may collect information about your communication and any other information you provide. This includes when you call or message us, in which case we may retain your call for fraud prevention, internal training and quality assurance purposes.
Automatically collected information:
: We may collect information about the devices you use to access the Service including the hardware model, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, and mobile network information.
: When you use certain features of the Service, we may collect different types of information about your general location or more specific location information (e.g. precise location from your mobile GPS). Most mobile devices allow you to control or disable the use of location services for applications in the device’s settings menu.
: We may collect non-personal information about your use of the Website and the Service to improve the features and overall user experience. This may include statistical information such as pages accessed on the Website and the Service, search terms, links that are clicked on, Website and Service visit times, browsers and operating systems, IP address, and cookies.
We may also collect other personal information as otherwise permitted or required by law, as well as any other information that you choose to provide us.
We do not collect any ‘Special Categories of Personal Data’ about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) unless you voluntarily provide this. Nor do we collect any information about criminal convictions and offences.
We only collect and process personal information that we consider necessary for the effective functioning of the Service and business. 5. For what purposes do we collect, hold, use and disclose personal information?
We only collect, hold, use and disclose personal information for the purposes for which it was originally collected (and for related purposes which you would reasonably expect), unless required or authorised by or under law or if the individual concerned has consented to another use. Some of the specific purposes for which we collect, hold, use and disclose personal information includes to:
- Create and update your account;
- Verify your identity;
- Enable us to correspond with you for reasons related to the Service;
- Allow us to effectively operate the Service and our business;
- Measure the effectiveness of the Service and understand how people use and interact with the Service;
- Contribute to anonymised and generalised data that we may use for our internal business purposes or that we may provide to third parties (for which we may collect a fee), including for statistical and research purposes;
- Prevent breaches of our Terms of Service and ensure the security of the Service;
- Conduct investigations relating to the Service and make risk assessments;Allow our business and Service to be audited;
- Advertise and market our business, such as to send you promotional messages, marketing or advertising (unless you opt out);
- Publish things on our Website;
- Ensure we comply with our obligations. We will use information to ensure we comply with the law, including disclosures authorised under applicable privacy laws and any other relevant legislation.
We may also process your personal information for other purposes which are disclosed to you, and to which you consent, whether expressly or by implication by providing us with your personal information with knowledge of how we intend to use it.
A list of third-party services (Subprocessors) we use can be found at https://help.carepatron.com/en/articles/8216691-carepatron-subprocessors6. Who has access to your personal information?
- our employees, officers, contractors, third party service providers, agents, and partners;
- our related or affiliated companies and their respective employees, officers, contractors, service providers and agents (and our related or affiliated companies may disclose the personal information directly to their contractors, service providers and agents);
- our accountants, insurers, lawyers, auditors and other professional advisors;
- any other third parties to whom you direct or permit us to disclose your personal information (e.g. third parties with whom we have directly or indirectly arranged services for your benefit);
- third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
- as otherwise permitted or required by or under any applicable law.
In the event that we sell a part of or the whole of our business, our records of personal information may be transferred to the new business owner or any of its related or affiliated companies (as the case may be).
We will take reasonable steps to ensure that any third party to whom we disclose personal information is required to comply with applicable privacy law. One way we achieve this is by placing contractual obligations on third parties governing the use of personal information that we provide them with.
You will only receive marketing communications from us and/or third parties if you have consented to this when you provided your contact details to us (or if you have otherwise submitted your consent to us for these purposes). These communications may be sent in various forms, including mail, SMS, fax, and email, in accordance with the applicable marketing laws of your jurisdiction.
You have the right to ask us not to use your personal data for marketing purposes. You can request that you stop receiving information from us at any time by contacting us at the address set out below (please see clause 15).8. Advertisers
We do not disclose identifiable information about individuals to our advertisers or sponsors, but we may provide them with anonymized aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' and sponsors’ wishes by displaying their advertisement to that target audience. 9. Cookies
Our Service and Website use a technology called cookies to record the preferences of visitors and enable us to optimise the design of our website. A "cookie" is a small data element that a website transfers to your computer for record keeping and experience customisation purposes. The length of time that a user’s computer stores cookies is determined by the user’s browser settings.
The use of "cookies" is an industry standard and helps show us how the Service is used. During normal usage the Service and Website "cookies" do not store your email address or other personal information about you unless you have given your consent, or if it is essential for technical reasons. We use this technology to generate statistics and measure website activity to improve the usefulness of the Service. Each time you access the Service or Website, our server may deliver certain customised information (such as advertisements) to you based on the data stored in your cookie. Third party vendors may utilise cookies to collect information about the content you view on the Service and/or Website and use that information to show our advertisements on websites and/or serve these advertisements based on your prior use of the Service or visits to our Website and other internet activity. We may also use analytics data supplied by third party vendors to inform and optimise our ad campaigns.
Some of the tags that are used on the Service and Website include, but are not limited to, container tags (such as Google tag manager), which include retargeting tags and analytics tags. These tags provide us with aggregated knowledge and information on website behaviour and user preferences.
We will take reasonable steps to protect your personal information from misuse, interference, corruption, loss or unauthorised access, modification or disclosure, including through physical, electronic and procedural safeguards. For example, we only use cloud storage providers that represent to us that they are compliant with the United States’ Health Insurance Portability and Accountability Act (“HIPAA
”), an internationally recognized standard of protecting health information. However, to the extent permitted by law, we will not be responsible for and exclude all liability arising in relation to any misuse, interference, corruption, loss or unauthorised access, modification or disclosure of your personal information.
If we provide you with any passwords or other security devices it is important that you keep these secret and confidential and do not allow them to be used by any other person. You should notify us immediately if the security of these devices is breached to prevent the unauthorised disclosure of your personal information.
If we become aware of any breach involving your personal information we will comply with the requirements of any applicable privacy laws relating to the reporting of privacy breaches. 11. Disclosure of personal information offshore
This clause 11 applies if you reside in New Zealand.
Some of the third parties to whom we disclose personal information may be located outside New Zealand. In addition, our cloud storage provider, websites and systems may also be based on servers located outside of New Zealand.
If we disclose personal information to third parties based offshore, we will comply with the requirements of any applicable privacy laws that relate to the transfer of personal information offshore.12. Transferring your personal information out of the EEA
This clause 12 applies if you reside in the European Union or United Kingdom.
To deliver services to you, it is necessary for us to share your personal information outside the European Economic Area (“EEA
(a) with our offices outside the EEA;
(b) with our service providers located outside the EEA; and
(c) if you are based outside the EEA.
These transfers are subject to special rules under European and UK data protection law and whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring any such transfer out of the EEA complies with data protection law and all personal information will be secure.13. How long do we retain your personal information?
We will keep your personal information for as long as it is required for the purposes for which it was collected, taking into consideration our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements.
When the personal information that we collect is no longer required or is not required to be retained by law, we destroy, delete or permanently anonymise it (except for any personal information located on an off-site server or which is stored as electronic back-up data that cannot be readily accessed).
Where applicable law sets a minimum or maximum retention period, we will comply with such restriction. 14. Email and other electronic communications
By using the Service and Website you consent to receiving communications from us or from third parties on our behalf using the contact details you have provided (including, without limitation, via direct mailing, email, SMS, telephone call, and other phone number based messaging) which promote and market our Service from time to time.
You can opt out of those communications at any stage by contacting us using the contact details set out below at clause 15 or by utilising the "unsubscribe" facility included on all such communications. Once you have unsubscribed from these communications, we will remove you from the corresponding marketing list as soon as is reasonably practicable.
If you wish to unsubscribe from marketing material you receive from us, please contact us directly.15. Your rights to access and correct personal information
If your personal information changes, or if you no longer desire our Services, you may modify or remove it by logging into your Account and making the changes in your Account settings.
You may obtain confirmation from us as to whether or not we hold personal information about you. You may also request a copy of the personal information and/or request that corrections or changes are made to it. You can make such requests in relation to your personal information by contacting our Privacy Officer using the details set out below. Please quote your name and address and, if possible, provide brief details of what information you want a copy of (this helps us to more readily locate your information).
We will provide you with access to your personal information unless we are required or authorised to refuse such access by law. There may be instances where we cannot grant you access to the personal information we hold. For example, Care Patron may need to refuse access if granting access would interfere with the privacy of others, if it would result in a breach of confidentiality or is not readily retrievable. If we refuse for whatever reason, we will give you written reasons for refusal.
In some cases, there may be a charge associated with retrieving and providing a copy of your personal information to you. If so, we will advise you of this prior to sending your information.
If you are located in the United States and Care Patron does not agree that there are grounds for amendment, then Care Patron will add a note to the personal information stating that you disagree with it. In addition, Care Patron will not charge for simply making the request and will not charge for making any corrections to your personal information.
All such enquiries should be directed to:
Care Patron LimitedC/- Sharp Tudhope Lawyers, 152 Devonport Road, Tauranga, 3110, New Zealand
022 466 786816. Complaints
At all times we will strive to ensure that your personal information is treated confidentially and in accordance with any applicable privacy laws. However, if you have any questions or complaints about the handling of your personal information, please contact our Privacy Officer in the first instance using the contact details set out in clause 15 above and we will do our best to assist.
If you are not satisfied with our response, you may refer your complaint to the applicable regulator. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances. We note that:
- If the New Zealand Privacy Act 2020 applies to your personal information and we are unable to resolve your concerns you have the right to make a complaint to the NZ Privacy Commissioner. For further information on making a complaint visit www.privacy.org.nz/your-rights/making-a-complaint.
- If the General Data Protection Regulation applies to your personal information, that regulation gives you the right to complain to the supervisory body in the EEA state in which you live, work, or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted online at www.ico.org.uk/concerns
or alternatively by telephone on 0303 123 1113.17. Links to other websites
” has the meaning given to that term in clause 2.“
” means the progressive web application accessed on a smart phone, computer, tablet, or any other device capable of running the progressive web application, available for download, which operates the business of Care Patron.
” means the entity with whom Care Patron enters into an Agreement for the purposes of providing access to the Service to the Client or any of its employees, contractors or other agents.
” means the person undergoing care with the Customer.
” means the service relating to the healthcare e-portfolio platform accessed through our App and/or Website.
” means the online medium of the domain of “www.carepatron.com”, which operates the business of Care Patron. This term includes website operations performed on “www.carepatron.com”.
Supplemental California Privacy Statement
California residents have certain rights under the California Shine the Light law and the California Consumer Privacy Act (“CCPA
In general, within the preceding 12 months:
- We have disclosed the following categories of personal information for business purposes: Identifiers and contact information; professional and employment-related information; commercial information; transactional information; and internet and network activity information.
- We have not sold your personal information.
CCPA Privacy Rights
As of January 1, 2020, certain California residents are entitled to privacy rights under the CCPA. Customers who wish to exercise these rights should direct their requests to the customer who controls their personal information.
The right to know
You have the right to request to know (i) the specific pieces of personal information we have about you; (ii) the categories of personal information we have collected about you in the last 12 months; (iii) the categories of sources from which that personal information was collected; (iv) the categories of your personal information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your personal information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your personal information.
The right to deletion
You have the right to request that we delete the personal information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your personal information was collected. If we deny your request for deletion, we will let you know the reason why.
The right to equal service
If you choose to exercise any of these rights, we will not discriminate against you in anyway. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.
We will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to verify you are the individual about whom we collected personal information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the personal information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorised agent to submit a request to know or a request to delete if:
(a) The authorised agent is a natural person or a business entity registered with the Secretary of State of California; and
(b) You sign a written declaration that you authorize the authorised agent to act on your behalf.
To protect your personal information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorised by you to act on their behalf.
If you provide an authorised agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
Shine the Light
Carepatron is a global operating system, and we acknowledge that Personal Information about patients and the obligations of healthcare practitioners may be subject to access and privacy laws in the country of those clients reside. We take all reasonable steps to comply with local access and privacy laws.
Carepatron offers the Standard Contract Clauses included in a Data Processing Addendum (DPA). This is important for Customers operating in the European Union and the United Kingdom or those bound to the UK General Data Protection Regulation (UK GDPR) or General Data Protection Regulation (GDPR) requirements. The DPAs are incorporated into the Agreement (as applicable) by reference. The UK DPA can be found at http://www.carepatron.com/uk-data-processing-addendum, and the EU DPA can be found at http://www.carepatron.com/eu-data-processing-addendum.Questions or complaints
We also have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. They can be reached at email@example.com