Carefolk Privacy Notice

Effective Date: 1st May 2018

This privacy notice is for people and teams who use the Carefolk platform.

Carefolk ("We") provides its platform to individual users, and to healthcare teams and other support organisations.

The Carefolk platform consists of our website www.carefolk.com (our "Website", our web and mobile apps (our "Apps"), cloud services, and any other services offered via the Website, Apps or Cloud Services.

In this notice, we will tell you how we process your personal data on behalf of you and on behalf of your service (that is, the healthcare team or support organisation that has invited you to access Carefolk).

For individuals that use the Carefolk platform directly, Carefolk acts as both the Data Controller and Data processor, which means Carefolk decides how the data should be processed and is responsible for processing it.

Carefolk also uses some of your data to understand how the Carefolk platform is used and could be improved. When we collect or use your data on our own behalf, Carefolk is the ‘Data Controller’.

Please read this privacy notice carefully to understand the types of information we collect from you, how we use that information, the circumstances under which we will share it with third parties, and your rights in relation to the personal data you provide to us.

Contact details for Carefolk are listed at the bottom of this notice.

  • How we collect your personal data

    Data is collected by Carefolk in a few ways:

    1. Data that you give directly when you use the platform when you:
    o fill in forms on our Website or Apps, or correspond with us by phone, email or otherwise;
    o register to use our Services, subscribe to our newsletter, promotional emails or other marketing materials;
    o use the Services;
    o report a problem with our Services; or
    o complete any surveys we ask you to fill in that we use for research purposes (although you do not have to respond to these if you do not want to).

    2. Data given about you (by a healthcare team, or support organisation).

    3. Data we collect when you use Carefolk.

  • Legal Basis

    Use of personal information under EU data protection laws must be justified under one of a number of legal "grounds" and we are required to set out the ground in respect of each use of your personal data in this policy notice. These are the principal grounds that justify the use of your information:

    Consent: where you have consented to our use of your information (you are providing explicit, informed, freely given consent, in relation to any such use and may withdraw your consent in the circumstance detailed below by notifying us);

    Contract performance: where your information is necessary to enter into or perform our contract with you;

    Legal obligation: where we need to use your information to comply with our legal obligations;

    Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights; and

    Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you or a third party.

    We use information held about you (and information about others that you have provided us with) in the following ways: See Informaton we may collect and use

  • See Informaton we may collect and use

    Here is a list of categories of personal data that are collected and used, and the legal basis justification for each. Some of these are optional or depend on Carefolk’s obligations to its customers (service providers like Healthcare teams or support organisations), including data about you your service has recorded on the Carefolk platform.

    1. Contact and personal information where your information is necessary to enter into or perform our contract with you;

    Including profile picture, name, gender, date of birth, email address, phone number, address, location, etc.

    Uses of that Information:

    o To provide you with access to our Website, Apps and any other information which you request from us, and to use our Services.
    o For marketing products and services that we believe will be of interest to you. (Email address, Name).
    o To administer our Services and for internal operations, including research, data analysis and data statistics, and to create derived, anonymised and aggregated data to improve our Services.

    Use Justification:

    o Contract performance.
    o Legitimate interest (for marketing our own similar products and services and any re-engagement campaigns) (Email address, Name).
    o Legitimate interest (to administer and improve our Services).
    o Consent (for marketing unrelated products or services or products or services of third parties) (Email address, Name).



    2. Account Access Information where your information is necessary to enter into or perform our contract with you;

    Including Name, Email, Date of Birth, Password

    Uses of that Information:

    o To provide you with access to our Website, Apps and any other information which you request from us, and to use our Services.

    Use Justification:

    o Contract performance.
    o Legitimate interest (to administer and improve our Services).

    Your passwords are stored on Carefolk’s servers in encrypted form. We do not disclose your account details. It is your responsibility to keep your password secure.

    Sensitive information between your browser and our Website is transferred in encrypted form using Secure Socket Layer ("SSL"). When transmitting sensitive information, you should always make sure that your browser can validate the Carefolk certificate.



    3. Health Information (Optional)

    Including: General Health Information, Allergies, Care Planning Notes & Documents, Medicine Details, Duties Required, Hobbies & Interests

    Processing of Health Data falls under the provision of ‘Processing of special categories of personal data’, GDPR Art.9(2)(h) & GDPR Art.9(2)(i) of the General Data Protection Rules Act (GDPR), and we ensure that appropriate safeguards, mentioned therein, are in place.

    Uses of that Information:

    o To provide you with Healthcare management services available on the Carefolk Platform;
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services;
    o To administer our Services and for internal operations, including research, data analysis and data statistics, and to create derived, anonymised and aggregated data to improve our Services.

    Use Justification:

    o Consent (we require your consent to process your sensitive personal data, which is required in order to provide the Services);
    o Contract performance;
    o Legitimate interest (to administer and improve our Services);
    o Legitimate interest (to tailor our services appropriately). No marketing of additional service offers will be conducted without your consent.



    4. Scheduling and Appointment Information (Optional)

    Including: healthcare professional appointments, other appointments, alerts and reminders for appointment, medicines, etc.

    Uses of that Information:

    o To provide you with Healthcare management services available on the Carefolk Platform;
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services.

    Use Justification:

    o Contract performance;
    o Legitimate interest (to administer and improve our Services);



    5. Work experience & training record (for healthcare professionals, volunteers) (optional)

    Professional users of the platform are able to record and track work experience and training of themselves or their team (if managing a team).

    Uses of that Information:

    o To provide you with Healthcare management services available on the Carefolk Platform;
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services.
    o To administer our Services and for internal operations, including research, data analysis and data statistics, and to create derived, anonymised and aggregated data to improve our Services.

    Use Justification:

    o Contract performance;
    o Legitimate interest (to administer and improve our Services);



    6. Notes (optional)

    Including notes that users choose to create and store on the Carefolk platform.

    Uses of that Information:

    o To provide you with Healthcare management services available on the Carefolk Platform;
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services.

    Use Justification:

    o Contract performance;
    o Legitimate interest (to administer and improve our Services);



    7. Community posts and information (optional)

    Includes any posts, comments, likes/dislikes, information, links, photos, etc that you post on your community pages, or the community pages of others.

    Uses of that Information:

    o To provide you with Community available on the Carefolk Platform.
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services.

    Use Justification:

    o Contract performance;
    o Legitimate interest (to administer and improve our Services);



    8. Other personal information (private, group chat/messaging)

    Includes private and group conversation messages.

    Uses of that Information:

    o To provide you with communication services available on the Carefolk Platform.
    o For our customer (Your service provider i.e. Healthcare team, or Support Organisation) to be able to provide you services.

    Use Justification:

    o Contract performance;
    o Legitimate interest (to administer and improve our Services);

    You are responsible for all content that you post to the Community on the Carefolk platform, including content you share in private or group chat messaging. You must not post offensive content or content from third parties for which you do not have the rights, licenses, consents, or releases or content that will infringe, misappropriate, or violate a third party’s patent, copyright, trademark, trade secret, moral rights, or other intellectual property rights, or rights of publicity or privacy, or result in the violation of any applicable law or regulation.



    9. Other information (Analytics)

    With regards to your visits to our Website or Apps, we may automatically collect the following information; however, this information cannot be used to identify you:

    Types of Information:

    o device-specific information, such as your hardware model, operating system version, unique device identifiers, and mobile network information;
    o technical information about your computer, including where available, your IP address, operating system and browser type, for system administration and analytical purposes;
    o details of your visits to our Website and App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website and App (including date and time), length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs); and
    o information showing us from which app store you downloaded our App.

    Use Justification:

    o Legitimate interest (to administer and improve our Services);

  • Using the Carefolk platform or services on behalf of a third party.

    If you are using the Carefolk platform or services on behalf of a third party, you must have obtained clear permission from the individuals whose data you provide us with before sharing that data with us. For the avoidance of any doubt, any reference in this privacy policy to your data shall include data about other individuals that you have provided us with.

  • Links to third-party websites

    Our Website or Apps may contain links to third-party websites. For example, someone may post a link to a third-party website or service in the Community section or chat feature on the Carefolk platform. If you follow a link to any third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or their processing of any personal information you submit to them. Accordingly, Carefolk cannot guarantee that the controller of that website will respect your privacy in the same manner as Carefolk. Please check these policies before you submit any personal information to such third-party websites.

  • How we use Cookies

    Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

    Cookies are small, usually randomly encoded, text files that help you navigate through a website. They are generated on the sites that you visit, as well as by third-parties that websites work with, to manage key elements of their business-user functionality. In most cases, they do not involve or use personal information in any way.

    Cookies are used extensively online and have become part of the fabric and make-up of what has made the internet work effectively for consumers and businesses. Without cookies, many areas of functionality (for example, user logins, shopping baskets and other customization features) would not work as expected.

    Cookie Types:

    Session cookies

    Session cookies are temporary cookies that are not stored on your computer or mobile device. They are used as part of the login, authentication and session management flows. Certain session cookies are also used to understand, for example, if a user interacting with our website is a new visitor or a visitor returning as part of the same browsing session. These session cookies are erased when you close your browser, or after extended inactivity.

    Persistent cookies

    Persistent cookies are those placed on your computer or mobile device for a pre-determined length of time when you visit this site. They are used on both the platform and our websites, including, for example, to understand (through Google Analytics) what areas of our websites and platform are most popular, and how customers and users engage with them.

    Cookie management

    You have the ability to accept or decline the use of cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline all cookies if you prefer. Alternatively, many web browsers can be configured to notify you each time a cookie is tendered, and permit you to accept or decline them on an individual basis or on a site-by-site basis. If you choose to decline cookies from Carefolk’s website or Apps, you may experience some unexpected behaviours or impact to the use of the hosted software.

  • Your rights

    You have rights regarding your personal data. If you have any questions please contact your service provider (Healthcare team or Support Organisation) or Carefolk.

    • Right to information about the processing of your personal details

    The aim of this privacy notice is to give you this information.

    • Right to access your personal data

    You have the right to know if your personal data is being held, what categories of data are held, and to receive a copy of all data about you.

    • Right to change or remove your details

    You have the right to correct any inaccurate data or remove data if it is not necessary for us to hold it.

    • Right to object to processing

    You can object to processing if it could affect your rights, freedoms or interests.

    • Right to data portability

    We will provide your data in a portable format.

    • Right to lodge a complaint

    You also have the right to lodge a complaint with a supervisory authority, although we encourage you to contact us or your service provider (Healthcare team, or support organisation) first.

    Contact details for the Data Protection Commission can be found at https://www.dataprotection.ie/.

    Contact details for Carefolk can be found at the end of this page.

  • Third parties

    We use third-party sub-processors to host the Carefolk platform, capture analytics, and communicate with you.

    Microsoft Azure

    We use Microsoft Azure to hose the Carefolk platform, services, and databases.
    Location of hosting and processing: EU

    Microsoft Azure: privacy notice.

    Intercom

    We use Intercom to provide support and communicate with our users and prospective users.

    Intercom: privacy notice.

    Sendgrid

    We use Sendgrid as your email engine, and to manage email campaigns.

    Sendgrid: privacy notice.

    Campaign Monitor

    We use Campaign Monitor to capture sign-ups to the Carefolk Newsletter.

    Campaign Monitor: privacy notice.

    Hotjar

    We use Hotjar to produce heatmaps of user’s usage of our website in order to improve the websites’ design and usability.

    Hotjar: privacy notice.

    Google Analytics

    We use Google Analytics to generate visitor analytics to our website and provide us with anonymised data regarding website visitor numbers and behaviour.

    Google Analytics: privacy notice.

  • Data Security and Storage

    We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

    All Carefolk employees are contractually and ethically bound to respect the confidentiality of any personal data held by Carefolk.

    For more information on data security, see here.

  • Changes to this policy

    Any changes we make to our privacy policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via the App. We, therefore, encourage you to review it from time to time to stay informed of how we are processing your information.

  • Contact

    Questions, comments and requests regarding this privacy policy are welcome and should be sent to team@carefolk.com, Subject: Data Protection

    For the purpose of the relevant data protection legislation, the data controller is Carefolk with a registered address at Rubicon Centre, CIT Campus, Bishopstown, Cork.

    Our data protection officer is Owen O’Doherty.