Careshaper is a product of Careshaper S.R.L. (the "Company"), a software developer specialized in the development of health care software located in Bucharest, Romania.
The Company has the obligation to use the personal data provided to it in a safe way and only within the specified purposes, manners and periods, in accordance with the provisions of the national legislation on data protection and data security, and with European legislation in force, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR").
This privacy policy explains how the Company uses the personal data it collects from you when you use its software application and/or its website.
Depending on whether or not you have a registered account, the Company processes different categories of personal data, in accordance with the GDPR provisions, as a data controller through the services, in accordance with the applicable specific provisions, in situations where:
Based on its legitimate interests, the Company collects the following data for the purpose of running the software application and/or the website more efficiently and improve the quality of the services. Your data is not used for any other purposes. It is stored locally, indefinitely and is deleted upon your request.
De-identification procedures have been included in Careshaper core to ensure data confidentiality by which personal identifiable information fields are replaced by artificial identifiers. The Company has no technical means to access the content of your communications, files, and calendar events. Such data is end-to-end encrypted. The Company server infrastructure is hosted on its own servers and only uses data centers located in Bucharest, Romania (eu-central-1) to ensure the data stays within the EU. The facility where the server is physically hosted meets the EU industry standards for physical security and safety, as well as multiple redundant internet connections to ensure service continuity.
Careshaper offers their clients to synchronize their Careshaper Agenda events and sessions with Google Calendar.
The Company does not operate with external partners or subcontractors at this time. If this occurs, external partners or subcontractors are required to conform to at least the same security standards as the Company. These external partners or sub-contractors will not be allowed to process or transfer data to third countries outside EU/EEA, unless a valid adequacy decision is adopted by the European Commission with regard to protection of personal data.
The Company website contains links to other websites. This privacy policy applies only to Company website, so if you click on a link to another website, you should read their privacy policy. The website may include embedded content (e.g. videos, charts, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. Some platforms (such as the Google Play Store or the Apple App Store) may also collect aggregate, anonymous statistics like which type of devices and operating systems that are most commonly used, the total number of installs, total number of uninstalls, and the total number of active users, and may be governed by the privacy policy and terms and conditions of the Google Play Store or the Apple App Store.
According to GDPR, you have the right of access, the right of rectification, the right of erasure, the right to restriction of processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated processing. You can exercise these rights in your use of the services, directly or under certain conditions. If you make a request, the Company has one month to respond to you.
If you have any questions about the Company’s privacy policy, the data it holds on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us from the contact page.