Legal information

Mobile app
privacy statement

 
Version v1.0 (29/04/2022)

1. Scope

This Privacy Statement governs the processing of your personal data as a User of our App and the services related to it. This processing is always carried out by Corilus as the Controller, located at Gent Zuiderpoort, Atrium (Gaston Crommenlaan 4, 9050 Gent), with company number 0428.555.896.

The processing performed by Corilus only relates to the user management of the App. The health data processed by Corilus under the responsibility of the User, for which Corilus acts as Processor. A data processing agreement is agreed upon between Corilus and the User to govern this relationship.

The protection of personal data is very important to Corilus. That is why we make every effort to guarantee this data protection and always act in accordance with the General Data Protection Regulation (GDPR) when processing your personal details.

More specifically, Corilus will treat personal data lawfully for well-defined purposes. We shall take the necessary steps to ensure that we never ask for more personal data than is necessary for the purpose or that we keep these personal data for longer than necessary. Finally, Corilus shall take appropriate technical and organisational measures to ensure that personal data are protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.

For more information regarding the processing of personal data, please contact our DPO at qc@corilus.be.

2. Definitions

  • App: This Privacy Statement applies to the following list of mobile apps, available in the IOS and/or Android store: CareConnect, CareConnect Mobile, CareConnect Nurse Go, CareConnect Elderly Go Mobile, CareConnect into.care, Mobi33 and Progenda.
  • Corilus: All affiliated companies of the Corilus group. This group consists of various companies active in the development, distribution and/or implementation of software for medical applications and/or professions.
  • GDPR: Refers to the General Data Protection Regulation (EU 2016/679).
  • User: The healthcare professional who uses the App for professional purposes and enters into an agreement with Corilus for this purpose as a customer. The App is not intended to be used by the Patient.
  • Patient: We use Patient as a collective term in our Privacy Statement but point out to the reader that this also applies to residents in the case of the apps in elderly care.
  • Processor: Refers to an entity that processes personal data on behalf of the Controller.
  • Controller: Refers to an entity that determines the purposes and means of a processing of personal data.

3. What personal data do we process?

This Privacy Statement only applies to personal data of the Users of the App.

Under no circumstances does this Privacy Statement apply to patient data processed by Corilus on behalf of the relevant User. For more information on how your healthcare provider handles your health data, please refer to the privacy statement of your healthcare provider.

With the aid of the App, Corilus will process the following personal data from you:

  • Account data
  • Identification data
    • User name
    • First name
    • Last name
  • Profession and job title
    • Identification number as care provider
    • Job Title
  • App login
    • IP Address
    • Log files

More information can be found in the respective Google Play Data safety section and IOS App privacy sections.

3.1 Why do we process your personal data?

The App is the mobile extension of the professional software you use from Corilus. Corilus will process your personal data in order to correctly identify and authenticate you on the App, so that only authorised people have appropriate access to patient data.

In the event of any actual problems with the portal, Corilus will use these details to resolve the problem as quickly as possible.

Under no circumstances will Corilus process the personal data for any other purposes.

3.2 How long do we keep your personal data?

The personal data used for identification and authentication on the App will be kept for as long as the agreement between Corilus and the Processing Agent runs. Upon termination of the agreement, the personal data will be deleted three months after the end of the agreement.

3.3 Do we disclose your personal data to third parties?

Corilus shall at all times refrain from sharing personal data of both the User and the Patient with third parties or external parties, and from making such personal data public. Under no circumstances shall personal details be passed on to third parties, except in those cases in which we receive explicit instructions from the User to pass on personal details and by making use of support service providers.

Corilus uses other service providers (e.g. IT maintenance, hosting) who will act as processors of Corilus in this respect. As stipulated in the GDPR, Corilus will enter into a data processing agreement with each of these processors. These service providers shall also undertake to treat the personal data in the strictest confidence and to take all reasonable protection and security measures for this purpose. Upon completion of the processing services, these service providers shall delete any personal data they may have obtained in the performance of their assignment.

3.4 Do we transfer your personal data to third countries or international organisations?

Corilus will make the necessary efforts to process the personal data processed in the App only within the European Economic Area.

In the exceptional event that your personal data is processed outside the European Economic Area, Corilus will take the appropriate safeguard (such as an adequacy decision) to secure your personal data at all times.

4. What rights do you have, and how do you exercise them?

PLEASE NOTE: Corilus can only facilitate the rights of the User as the Controller. Should you, as a Patient, have any questions or concerns regarding the processing of your Patient Data, please refer to your healthcare provider.

We list the relevant rights below. A request for facilitation of a right can be made by contacting the DPO at qc@corilus.be.

4.1 Right of access

You have the right to get access to all personal data that we process about you. You may also obtain a copy of this data, which we will provide to you on paper or digitally.

4.2 Right to rectification and restriction

You have the right to ask us to update your personal data if it is not correct or complete. You may also request that we temporarily withhold your personal data until they are correct or complete.

4.3 Right to erasure

You have the right to request that your personal data be erased if they are no longer necessary in view of the purposes of this Privacy Statement, if the personal data have been processed unlawfully or if the personal data must be deleted to comply with a legal obligation.

4.4 Right to data portability

If you choose to switch to another software provider, you have the right to recover your personal data that we process by automated means under contract. You shall receive it in a structured machine-readable form and you have the right to transfer it to another software provider.

4.5 Right to lodge a complain with the Data Protection Authority

If you are not satisfied with the way your personal data is handled and you are convinced that this is a violation of the GDPR you can always lodge a complaint with the competent Data Protection Authority. This is the Data Protection Authority in Belgium. For more information you can always visit www.dataprotectionauthority.be.

5. Changes

Corilus is always in a position to amend this Privacy Statement. If any amendments are made, this will be clearly indicated with the date of the last amendment.