top of page

Privacy Policy 

1. Introduction

 

 Commitment to User Privacy

  • Hemora is committed to protecting the privacy of our users. We understand the importance of keeping your personal information secure and confidential. This Privacy Policy outlines our practices regarding the collection, use, and protection of your personal data.

  • Overview of the Document**:

  • This Privacy Policy explains what types of personal data we collect, how we collect it, the purposes for which we use it, and the measures we take to safeguard your information. By using the Hemora platform, you consent to the data practices described in this policy.

 

2. Data Collection

 

Types of Personal Data Collected

  • Health Information: Information related to your health condition, medical history, treatments, and consultations with healthcare professionals.

  • Contact Details: Information such as your name, email address, phone number, and mailing address.

  •  Account Information: Username, password, and other authentication details for accessing your Hemora account.

  • Payment Information: Billing details, payment method, and transaction history.

  • Technical Data: Information about your device, IP address, browser type, and usage patterns on the Hemora platform.

Methods of Data Collection

  • Through Forms: Data collected when you create an account, update your profile, book a consultation, or participate in partner activities.

  • Through Cookies: Data collected via cookies and similar technologies to enhance your experience on the Hemora platform. This may include tracking your interactions with the platform to provide personalized services.

  • Through Communications: Data collected when you contact Hemora for support or submit inquiries, including emails and chat logs.

  • Through Third Parties: Data collected from third-party partners or service providers with your consent or as part of the services we offer.

 

 

3. Purpose of Data Collection

 

  • To Provide Telemedicine Services: We collect and use your personal data to deliver telemedicine services, including scheduling consultations, managing your health records, and facilitating communication with healthcare professionals.

  • To Comply with Legal Obligations: We collect and process your data to comply with applicable laws, regulations, and professional standards. This includes maintaining records required by healthcare regulations and responding to legal requests.

  • To Improve Services: We use your data to enhance the functionality and user experience of the Hemora platform. This includes analyzing usage patterns, troubleshooting issues, and developing new features and services that better meet your needs.

  •  To Ensure Security: We collect data to monitor and ensure the security of our platform and protect against unauthorized access, data breaches, and other security threats.

 

 

4. Legal Basis for Processing (GDPR Compliance)

 

In accordance with the General Data Protection Regulation (GDPR), Hemora processes personal data based on the following legal grounds:

 

Consent (Article 6(1)(a))

  • We may process your personal data when you have given explicit consent for specific purposes, such as receiving marketing communications or participating in certain activities. You can withdraw your consent at any time, and we will cease processing your data for those purposes upon receipt of your withdrawal.

 

Performance of a Contract (Article 6(1)(b))

  • We process your personal data as necessary to fulfill our contractual obligations to you. This includes providing telemedicine services, managing your account, and processing payments for services.

 

Legal Obligation (Article 6(1)(c))

  • We process your personal data to comply with legal obligations. This includes maintaining records required by healthcare regulations, responding to legal requests, and ensuring compliance with applicable laws and regulations.

 

Legitimate Interests (Article 6(1)(f))

  • We may process your data based on our legitimate interests, provided that such interests do not override your rights and freedoms. This includes ensuring the security of our platform, improving our services, and conducting analytics to enhance user experience.

 

5. Data Retention

 

Duration for Which Data Will Be Retained

  • We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including providing our services and complying with legal and regulatory requirements. The specific retention periods vary depending on the type of data and the purpose for which it was collected.

 

Criteria Used to Determine Retention Periods

  • Legal and Regulatory Requirements: We retain data as required by applicable laws and regulations, such as healthcare records retention laws.

  • Contractual Obligations: We retain data for the duration of our contractual relationship with you and for any period necessary to fulfill our obligations under the contract.

  • Business Needs: We retain data as long as needed to support the operation and improvement of our services, address user needs, and ensure the security of the platform.

  • Data Minimization: We periodically review the data we hold and delete or anonymize data that is no longer needed for the purposes for which it was collected.

 

6. User Rights (GDPR Regulations)

 

Under the GDPR, you have the following rights regarding your personal data:

 

Right to Access (Regulation 15)

  • You have the right to request access to the personal data we hold about you. This includes receiving a copy of your data and information about how it is processed. You may make a request to access your data by contacting us through the designated channels provided in this policy.

 

Right to Rectification (Regulation 16)

  • You have the right to request the correction of inaccurate or incomplete personal data. If you believe that the information we hold about you is incorrect or outdated, you can request that we update or amend it.

 

Right to Erasure (Regulation 17)

  • You have the right to request the deletion of your personal data under certain conditions. This right may apply if the data is no longer necessary for the purposes for which it was collected, if you withdraw consent on which the processing is based, or if you object to the processing of your data.

 

Right to Restrict Processing (Regulation 18)

  • You have the right to request the restriction of processing your personal data in specific situations. This means that we may continue to store your data but will not process it further unless required for legal purposes.

 

Right to Data Portability (Regulation 20)

  • You have the right to request the transfer of your personal data to another organization or to you in a structured, commonly used, and machine-readable format. This right applies when the processing is based on your consent or a contract and is carried out by automated means.

 

To exercise any of these rights, please contact us using the contact details provided in this Privacy Policy. We will respond to your request in accordance with applicable data protection laws

 

 

7. Data Security (GDPR Regulation 32)

 

Measures to Protect Data

  • Encryption: Hemora employs encryption technologies to protect your personal data both in transit and at rest. This ensures that data transmitted between your device and our servers is securely encrypted to prevent unauthorized access.

  • Access Controls: We implement strict access controls to ensure that only authorized personnel have access to personal data. This includes role-based access controls, secure authentication methods, and regular audits of access logs.

  • Secure Storage: Personal data is stored in secure environments with robust physical and technical safeguards to prevent unauthorized access and ensure data integrity.

  • Data Masking: Where applicable, sensitive information may be masked or anonymized to further enhance security and reduce the risk of exposure.

 

Regular Security Assessments

  • Vulnerability Assessments: Hemora conducts regular vulnerability assessments and penetration testing to identify and address potential security weaknesses in our systems.

  • Security Audits: We perform periodic security audits and reviews to ensure compliance with our security policies and regulatory requirements.

  • Incident Response: We have established an incident response plan to address any security incidents promptly and mitigate potential risks.

 

8. Data Sharing and Transfer

 

Circumstances Under Which Data May Be Shared

  • Third-Party Service Providers: We may share your personal data with third-party service providers who assist us in delivering our services, such as payment processors, cloud storage providers, and IT support services. These third parties are contractually obligated to handle your data in accordance with our privacy policies and applicable data protection laws.

  • Legal Requirements: We may disclose your data when required to do so by law, in response to legal processes, or to comply with legal obligations.

  • Business Transfers: In the event of a merger, acquisition, or other business restructuring, your personal data may be transferred as part of the business assets. We will notify you of such changes and ensure that your data is handled in accordance with applicable laws.

 

 

Transfers Outside the EU and Safeguards in Place (GDPR Regulation 45):

  • International Transfers: If your personal data is transferred outside the European Union (EU) to countries that do not have an adequate level of data protection, we ensure that appropriate safeguards are in place to protect your data.

  • Safeguards: We use mechanisms such as Standard Contractual Clauses (SCCs) and other legally approved measures to ensure that your data receives an adequate level of protection in accordance with GDPR requirements.

  • Data Protection Agreements: We enter into data protection agreements with third parties involved in international data transfers to ensure compliance with GDPR standards.

 

9. Compliance with HIPAA

 

HIPAA Privacy Rule (Protection of PHI):

  • Protected Health Information (PHI): Hemora is committed to protecting the confidentiality and privacy of your Protected Health Information (PHI) as defined by the HIPAA Privacy Rule. PHI includes any information that relates to your health condition, healthcare services, or payment for healthcare services that can be used to identify you.

  • Privacy Practices: We adhere to HIPAA requirements by implementing policies and procedures designed to safeguard PHI and ensure that it is only used and disclosed in accordance with HIPAA regulations.

 

HIPAA Security Rule (Safeguards for Electronic PHI)

  • Confidentiality: We implement physical, administrative, and technical safeguards to ensure the confidentiality of electronic PHI (ePHI). This includes secure access controls, encryption, and regular security assessments.

  • Integrity: Measures are in place to protect ePHI from unauthorized alterations or destruction, ensuring that the data remains accurate and reliable.

  • Availability: We ensure that ePHI is accessible when needed for authorized purposes, while implementing procedures to protect against data loss or system failures.

 

HIPAA Breach Notification Rule (Procedures for Notification)

  • Breach Notification: In the event of a breach involving PHI, Hemora follows the HIPAA Breach Notification Rule by promptly notifying affected individuals and relevant authorities. Notifications will include information about the nature of the breach, the data involved, and the steps taken to address the breach.

  • Mitigation: We will take appropriate measures to mitigate the impact of the breach, including providing support to affected individuals and implementing corrective actions to prevent future breaches.

  • Reporting: We report breaches to the U.S. Department of Health and Human Services (HHS) and any other relevant regulatory bodies as required by HIPAA.

 

By using the Hemora platform, you acknowledge that we are committed to complying with both GDPR and HIPAA regulations to protect your

 

 

 

10. Cookies and Tracking Technologies

 

Use of Cookies and Similar Technologies

  • Cookies: Hemora uses cookies and similar tracking technologies to enhance your experience on our platform. Cookies are small text files stored on your device that help us remember your preferences, understand your usage patterns, and improve our services.

Types of Cookies

  1. Essential Cookies: Necessary for the functioning of the platform, such as for maintaining session states and user authentication.

  2. Performance Cookies: Collect information about how you use the platform to help us improve its performance, such as which pages are visited most frequently.

  3. Functionality Cookies: Allow the platform to remember your preferences and settings, such as language preferences or account settings.

  4. Targeting Cookies: Used to deliver advertisements relevant to you and to track the effectiveness of our marketing campaigns.

 

 

Options for Managing Cookie Preferences:

  • Browser Settings: Most web browsers allow you to manage your cookie preferences through their settings. You can choose to block cookies, delete existing cookies, or receive notifications when cookies are being set.

  • Opt-Out Tools: Some third-party services and tools provide options to opt out of targeted advertising and tracking. You can use these tools to manage your tracking preferences.

  • Platform Settings: Hemora may provide options within the platform to manage your cookie preferences. You can adjust your settings to accept or decline certain types of cookies based on your preferences.

 

Please note that disabling certain cookies may impact the functionality and user experience of the Hemora platform.

 

11. Changes to Privacy Policy

 

Rights to Amend the Policy

  • Hemora reserves the right to amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, or the functionality of our platform. Any modifications will be effective immediately upon posting the updated policy on our website.

 

Notification Process for Changes

  • Updates on Platform: Significant changes to the Privacy Policy will be highlighted on the Hemora platform, and users may receive notifications through email or in-app alerts.

  • Review and Consent: By continuing to use the Hemora platform after changes to the Privacy Policy, you consent to the updated terms. It is your responsibility to review the Privacy Policy periodically to stay informed of any updates.

 

12. Contact Information

 

If you have any questions or concerns regarding this Privacy Policy or our data protection practices, please contact Hemora using the following details:

 

Email: info@hemora.co

We are committed to addressing your privacy concerns and providing assistance regarding your personal data. personal and health information. and regulations.

bottom of page