Careshaper Privacy Policy

Careshaper is a product of Careshaper S.R.L. (the "Company"), a software developer specialized in the development of health care software located in Bucharest, Romania.

The Company has the obligation to use the personal data provided to it in a safe way and only within the specified purposes, manners and periods, in accordance with the provisions of the national legislation on data protection and data security, and with European legislation in force, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "GDPR").

This privacy policy explains how the Company uses the personal data it collects from you when you use its software application and/or its website.

Depending on whether or not you have a registered account, the Company processes different categories of personal data, in accordance with the GDPR provisions, as a data controller through the services, in accordance with the applicable specific provisions, in situations where:

  • you are a care seeker – a natural person using the Careshaper online software platform to find care providers and seek and manage the consultations between yourselves. The care seekers are the sole owners of their personal data;
  • you are a care provider – a natural person using the Careshaper online software platform to find care seekers and provide and manage the consultations between yourselves. The care providers are the sole owners of their personal data.

The Company provides the following services

  • online professional profile presentations;
  • account management;
  • online consultations bookings;
  • agenda and calendar management;
  • consultation management;
  • client and health management;
  • referrals and client sharing;
  • communication management;
  • (pre-)payments;
  • events and notification services.

The Company carries out the following operations

  • collection and storage of personal information inserted by the care seekers and/or the care providers in their endeavours to organise consultations and manage the health progression;
  • in and outward referrals;
  • communications within the platform by users between which there is a therapeutic and/or a peer-to-peer relationship, for the purpose of rendering care services and organisation thereof, using e-mail, mobile written telecommunications, in-platform notifications or messages;
  • data imports into Careshaper on request from care providers and/or care seekers;
  • data exports from Careshaper on request from care providers and/or care seekers;
  • automated encryption and backup of data;
  • ensuring data consistency;
  • management of the IT infrastructure.
You directly and voluntarily provide the Company with most of the data it collects. Upon your request and expression of consent, the Company collects the following data for the purpose of providing services to you and when you register or in order to access and manage your account. Your data is not used for any other purposes or shared with third parties. It is stored locally, indefinitely and is deleted upon your withdrawal of consent or your request to terminate these services. Such data and data categories include:
  • Personal identification data: name, username, national identification number and/or social security number, photo image, video images;
  • Contact information: e-mail address, telephone number, location;
  • Financial information: account number, fee rates;
  • Health and sociological information: physical data, physiological data, psychological data, economic status, cultural identity, social identity;
  • Health management data: data relative to resources and procedures used for the medical and paramedical care of the care seekers;
  • Details of the other members of the household in case of care seekers in need of representation.

Based on its legitimate interests, the Company collects the following data for the purpose of running the software application and/or the website more efficiently and improve the quality of the services. Your data is not used for any other purposes. It is stored locally, indefinitely and is deleted upon your request.

  • Your communications with the Company, such as support requests, reports, your voluntarily completion of a customer survey, provision of feedback on any of the message boards or via e-mail may be saved by the Company;
  • Statistics: the website uses proprietary procedures about the user journey which allows the Company to notice trends to improve the user experience on its website. We gather some or all of the following details: the date and time, the title of the page being viewed, the URL of the page being viewed, the URL of the page that was viewed prior to the current page, the screen resolution, the time in local time zone, the files that were clicked on and downloaded (action only), the links clicked on to an outside domain, the type of device, and the country, region, and city. You may opt out of this tracking at any time by activating the “Do Not Track” setting in your browser;
  • Analytics: when using the software application, the Company may collect certain information and may use mobile analytics software (such as app statistics and crash reporting) to send crash information to the Company developers so that bugs can be fixed rapidly.
For the performance of a contract between the Company and care providers, or in order to take steps at the request of the care provider prior to entering into such a contract, it is necessary for the Company to process the following information. Your data is not used for any other purposes. The Company relies on third parties to process payment cards, PayPal, and other financial transactions and must therefore share payment information with third parties. When the Company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases. This data is stored for as long as necessary to carry out all deeds undertaken through the contract, after which it is deleted or archived, according to the applicable legislation.
  • Personal identification data: name, national identification number or social security number, electronic signature;
  • Contact information: physical address; e-mail address, telephone number;
  • Financial information: account number, fee rates.

Data processing and storage location

De-identification procedures have been included in Careshaper core to ensure data confidentiality by which personal identifiable information fields are replaced by artificial identifiers. The Company has no technical means to access the content of your communications, files, and calendar events. Such data is end-to-end encrypted. The Company server infrastructure is hosted on its own servers and only uses data centers located in Bucharest, Romania (eu-central-1) to ensure the data stays within the EU. The facility where the server is physically hosted meets the EU industry standards for physical security and safety, as well as multiple redundant internet connections to ensure service continuity.

Google API Service

Careshaper offers their clients to synchronize their Careshaper Agenda events and sessions with Google Calendar.

  • We need permissions to create a secondary Google calendar specific for Careshaper events. This is to ensure that your personal Google Calendar events are separate from your Careshaper Agenda events.
  • We need your permissions to create, modify and remove events in this secondary Careshaper calendar. We will be able to access only data from this newly created Careshaper calendar in your Google Calendars.
  • We will store in our application only your Careshaper Google calendar ID and the events ID's created in the Careshaper Google Calendar in order to accurately synchronize it with the Careshaper Agenda. We will also store access tokens which facilitate seamless access to your Careshaper Google Calendar.
  • Besides the Careshaper Google Calendar, we will be unable to access any other information from any of your Google Calendar data.
  • No Google Calendar data will be shared with any other 3rd parties or used for advertising purposes.
Careshaper's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Sub-contractors and external partners

The Company does not operate with external partners or subcontractors at this time. If this occurs, external partners or subcontractors are required to conform to at least the same security standards as the Company. These external partners or sub-contractors will not be allowed to process or transfer data to third countries outside EU/EEA, unless a valid adequacy decision is adopted by the European Commission with regard to protection of personal data.

Embedded content and privacy policies of other websites

The Company website contains links to other websites. This privacy policy applies only to Company website, so if you click on a link to another website, you should read their privacy policy. The website may include embedded content (e.g. videos, charts, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. Some platforms (such as the Google Play Store or the Apple App Store) may also collect aggregate, anonymous statistics like which type of devices and operating systems that are most commonly used, the total number of installs, total number of uninstalls, and the total number of active users, and may be governed by the privacy policy and terms and conditions of the Google Play Store or the Apple App Store.

Your data protection rights

According to GDPR, you have the right of access, the right of rectification, the right of erasure, the right to restriction of processing, the right to data portability, the right to object and the right not to be subject to a decision based solely on automated processing. You can exercise these rights in your use of the services, directly or under certain conditions. If you make a request, the Company has one month to respond to you.

Contact information

If you have any questions about the Company’s privacy policy, the data it holds on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us from the contact page.