Privacy Policy - HCareMatters
Last Updated: 08/02/2026
Privacy Policy
We collect information you provide directly to us when using our Electronic Health Records (EHR) system. This may include:
- Personal Information: Name, email address, phone number, date of birth
- Health Information: Medical records, diagnoses, treatment plans, prescriptions, lab results
- Appointment Data: Scheduling information, visit notes, medical history
- Payment Information: Billing address, payment method details, insurance information
- Communication Data: Messages, feedback, support requests, appointment reminders
- Professional Information: Medical licenses, specializations, practice details (for healthcare providers)
- Provide EHR Services: Maintain and improve our Electronic Health Records platform
- Manage Appointments: Schedule, track, and manage patient appointments and visits
- Process Medical Records: Store, organize, and provide access to patient health information
- Handle Billing: Process payments, generate invoices, and manage insurance claims
- Send Communications: Deliver appointment reminders, test results, and important updates
- Ensure Compliance: Maintain GDPR compliance and healthcare data protection standards
- Support Healthcare Teams: Enable collaboration between healthcare providers, nurses, and administrative staff
- Improve Platform: Analyze usage patterns to enhance functionality and user experience
- Monitor Security: Track system performance and maintain data security
- Healthcare Providers: When you book appointments or receive care
- Service Providers: Third-party partners under strict data protection agreements
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with mergers or acquisitions
- Your Consent: When you explicitly authorize sharing
- Email Services: With providers for delivery confirmation (technical data only)
- Data Transmission: HTTPS encryption for all data transmission
- Database Security: Secure database configuration with access controls
- Access Controls: Multi-factor authentication and role-based permissions
- Infrastructure: Secure hosting with regular security updates
- Training: Regular staff training on data protection best practices
- Incident Response: Comprehensive procedures for data breach management
- Database Security: Secure database configuration with access controls and regular updates
- Audit Logs: Comprehensive logging of access and monitoring
- Access Controls: Role-based permissions for healthcare data
- Compliance: Regular assessments and certifications
- Data Minimization: Collection of only necessary health information
- Secure Disposal: Proper destruction of old records
- GDPR (General Data Protection Regulation)
- Other applicable European healthcare data protection laws
- Technical Metrics: System performance, uptime, and error rates
- Email Delivery Data: Delivery confirmations and open rates (anonymized)
- Usage Analytics: Aggregated, non-personal data on platform usage
- Security Logs: Access attempts and system events for monitoring
- Reliable Communication: Ensuring critical healthcare communications reach patients
- Security Maintenance: Preventing unauthorized access and system breaches
- Performance Optimization: Improving platform speed and user experience
- Regulatory Compliance: Maintaining healthcare data protection requirements
- SSL Certificate Providers: Third-party certificate authorities whose processes may temporarily affect secure access
- Cloud Server Providers: Infrastructure hosting services that may undergo maintenance or experience outages
- DNS Management Services: Domain resolution services that may experience propagation delays or interruptions
- Other Dependent Platforms: External services and infrastructure that our software relies upon for best performance
- β Consent: Marketing communications and optional features
- π Contract Performance: EHR services you have requested
- π― Legitimate Interest: System monitoring, security, and service improvement
- βοΈ Legal Obligation: Compliance with healthcare and data protection laws
- π¨ Vital Interests: Protection of health and safety
- Standard Contractual Clauses (SCCs): Data transfer agreements approved by the EU
- Adequacy Decisions: Countries with adequate data protection levels
- Binding Corporate Rules: Internal data protection policies
- Other Safeguards: Additional protections as required by law
- We will post the updated policy on this page
- We will update the "Last Updated" date
- We will notify you of significant changes via email or platform notification
- Access: View and obtain copies of your personal information
- Update: Correct or modify your personal information
- Deletion: Request removal of your personal information
- Portability: Receive your data in a structured, machine-readable format
- Opt-out: Unsubscribe from certain communications
- Withdraw Consent: Revoke consent for data processing
- Object: Challenge processing based on legitimate interests
- Restrict: Limit how we process your data
How We Use Your Information
We use the information we collect to:
Information Sharing and Disclosure
We may share your information in the following circumstances:
> Note: We never share personal content with email service providers, only technical delivery metrics.
Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction while maintaining system functionality for healthcare operations.
Security Measures
> β οΈ Important: While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure.
Healthcare Data Protection
We are committed to protecting healthcare information in accordance with the General Data Protection Regulation (GDPR) and other applicable European data protection standards.
Healthcare Data Safeguards
Compliance Standards
We maintain compliance with:
System Monitoring and Analytics
To ensure optimal service delivery and security, we collect and analyze technical data for legitimate business purposes.
Data We Monitor
Legitimate Business Interests
This data collection serves our legitimate business interests in:
> β Privacy Protection: No Personal Identifiable Information (PII) is collected through these monitoring processes.
Service Availability and Data Accessibility
To ensure the best possible performance and security of the information handled through our platform, HCareMatters guarantees an approximate uptime of 98%. This commitment reflects our dedication to keeping your healthcare data accessible and secure at all times.
Infrastructure Dependencies
The structure of our platform relies on third-party services and infrastructure to deliver optimal performance. The approximate 2% of potential downtime may be caused by factors not directly managed by MOMINPERT, the founder of the HCareMatters project, including:
These dependencies may occasionally cause temporary inability to access the website due to unforeseen malfunctions, outages, or maintenance tasks that are not handled by our platform but that our service relies on.
> Note: During any period of unavailability, your data remains securely stored and protected. Temporary access interruptions do not affect the integrity or security of your stored information.
Data Retention
We retain your information for as long as necessary to provide our services and as required by law.
Retention Periods
| Data Type | Retention Period | Purpose |
|---|---|---|
| Health Information | 7+ years | Healthcare regulations |
| Account Data | Active + 2 years | Service provision |
| Technical Metrics | 12 months | System optimization |
| Security Logs | 24 months | Security monitoring |
| Email Delivery Data | 6 months | Service improvement |
Data Disposal
When retention periods expire, we securely delete or anonymize your data using industry-standard methods.
Legal Basis for Processing Data
We process your personal data based on the following legal grounds under GDPR:
Legal Grounds
Processing Purposes
| Purpose | Legal Basis | Example |
|---|---|---|
| EHR Services | Contract Performance | Appointment scheduling |
| System Monitoring | Legitimate Interest | Email delivery tracking |
| Marketing | Consent | Newsletter subscriptions |
| Legal Compliance | Legal Obligation | Medical record retention |
International Data Transfers
When we transfer your data internationally, we ensure adequate protection through:
Transfer Safeguards
Children's Privacy
Age Restrictions
Our services are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.
If you believe we have collected information from a child under 13, please contact us immediately at our contact page.
Changes to This Policy
Policy Updates
We may update this privacy policy from time to time. When we do:
Your Rights
Under data protection laws, you have the following rights:
Data Access Rights
Control Rights
How to Exercise Your Rights
Contact us at our contact page to exercise any of these rights. We will respond within 30 days.
Contact Us
Privacy Questions?
If you have any questions about this privacy policy, please visit our contact page.
---