1. Introduction

This is the privacy statement of Clanwilliam Health Ltd (“Clanwilliam Health”, “we”) whose register office is at c/o Clanwilliam Headquarters Limited, Office Suite 17, the Courtyard, Carmanhall Road, Sandyford, Dublin 18 (Company Registration number: 126018) and it applies to the use of the Pippo mobile app, Pippo web application and their associated web applications and related services. Pippo is a patient portal application including online booking and remote consultation functionality that integrates with general practitioner’s (“GP”s) systems (“Pippo Service”).

Clanwilliam Health is committed to maintaining the trust and confidence of our customers and committed to protecting your privacy in accordance with the Data Protection Laws (as defined in section 4 below) at all times. All personal data collected in association with the provision of the “Apps” is carried out in accordance with the applicable Data Protection Laws (as defined in section 4 below).

2. Purpose of this Statement

This privacy statement provides information about the ways in which Clanwilliam Health collects, stores and uses personal data relating to its customers (medical professionals such as GPs who have entered into a licence agreement with Clanwilliam Health) and its customers users (patients of GP’s using the Pippo mobile app and Pippo web services).

References to services include use of the apps and services unless otherwise stated. This Privacy Statement sets out how we use our customer’s personal information and our customers users personal information, uploaded via the use of the Pippo Services and your rights in respect of our processing of such personal information.

The Pippo mobile app and Pippo web services can only be used by our customers whose partnership, practice or organisation (for example a GP practice) has entered into a licence agreement with Clanwilliam Health (or an affiliated company/ company in the Clanwilliam group of companies). The licence agreement will define the data sharing and information governance terms that apply to the services. This Privacy Policy applies only to the use of the Pippo mobile app and Pippo web services and is subservient to the overall licence agreement a partnership, practice or organisation has with Clanwilliam Health Ltd in respect of any other software or applications.

3. who are we and what do we do?

Clanwilliam Health comprises software solutions designed to assist healthcare professionals to provide best-in-class patient care across a wide range of settings. From GP and consultant clinics to pharmacies, care homes and hospitals, Clanwilliam Health software solutions are used by thousands of healthcare professionals on a daily basis. The services are operated by Clanwilliam Health, who have provided technology solutions to the healthcare sector for over 25 years.

4. Our use of Personal Information

“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly,

“Health Data” information relating to your health, such as medical information or records;

“Customers” means an individual, partnership, practice or organisation who has entered into a licence agreement with Clanwilliam Health (or an affiliated company/ company in the Clanwilliam group of companies) in respect of the use of Pippo software.

“Customers’ users” means an individual user who has registered to use the Pippo mobile app and its services and is a registered patient of a Customer.

“Customer Account Data” means the personal data that we collect and process about you as a user of the Pippo application, including practice name, address details and the IP addresses of the devices you use to access the Services and analytics data relating to your use of the Pippo application, such as a log of when error messages are shown and a log of the apps’ connection attempts;

“Customer Users Account Data” means the personal data that we collect and process about a Customer user as a user of the Pippo application, including name, address details, mobile number, gender, date of birth and the IP addresses of the devices you use to access the services.

“Video data” means video conferencing functionality. No data is collected, shared or stored by Clanwilliam Health or the service provider;

“Analytic Data” means data relating to the customers use of the Pippo application, such as a log of when error messages are shown and a log of the Apps’ connection attempts;

“Data Protection Laws” means the Data Protection Acts 1988 to 2018; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR“); Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on Privacy and Electronic Communications) and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations, 2011 (to the extent applicable);“GDPR” means the General Data Protection Regulation (EU) 2016/679;

References to “controller”, “processor”, “processing”, “data subject” and “personal data” shall have the same meaning as defined in the Data Protection Laws.

For the provision of the Pippo mobile app, Pippo web application and their associated web applications and services, the relationship for the data processing activities are as follows:

Data Controller: The healthcare professional such as the GP or medical consultant is the “Data Controller” in relation to the data processing activities for the Customers’ Users and Customers’ Users Account Data (for example Patient data).

Data Processor: Clanwilliam Health act as the “Data Processor” in relation to the data processing activities for the Customers’ Users/Customers’ Users Account Data (for example Patient data).

Clanwilliam Health shall act as a “Data Controller” in respect of Customer Data and Analytic Data, which the use of is described below in section 5.

Clanwilliam Health agrees to comply with its obligations under the Data Protection Laws in respect of its provision of the Services.

5. How do we us this Information

We receive and process information from Customers and Customers Users that is provided directly to us. This is required during setup in order to provide the Customers and Customers Users with the Pippo Service. The types of information we collect directly from our Customers and the Customers’ Users are on the primary basis of the performance of our contract with our Customers.

5.1 Customers Data

For Customers who register for the Pippo Service, we process your personal data in the capacity of a Data Controller, which includes: Practice Name, Practice Address, Email ID, Mobile Number and IP Address.

The purposes for the data processing and lawful basis are outlined below:

Set up a Customers account – performance of a contract
Provide, operate and maintain the Pippo Services – performance of a contract
Process and complete transactions, and send related information, including transaction confirmations. – performance of a contract
Manage our Customers’ use of the Pippo Services, respond to enquiries and comments and provide customer service and support – performance of a contract
Send Customers technical alerts, updates, security notifications, and administrative communications – performance of a contract
For any other purposes about which we notify customers. – legitimate interests

We use the Customer Account Data to fulfil our obligations in the licence agreement for the provision of the Pippo Services to you. This personal data will be deleted based on the terms of the contract.

5.2 Customers Users Data

For the Customer’s users who register to use the Pippo mobile app, we process the personal on behalf of the Customer in the capacity of a data processor. The data includes name, gender, date of birth, postal address and mobile number.

This data is used as outlined below:

Set up a Customers’ user account
Provide, operate and maintain the Pippo Services
Process and complete transactions, and send related information, including transaction confirmations; and
Investigate and prevent fraudulent activities, unauthorised access to Pippo Services, and other illegal activities.

5.3 Who do we share personal information with for these purposes?

5.3.1 Customers Data

Pippo Service: Customer Account Data,
Service Provider: Amazon Web Services
Hosting: AWS (AWS EU-WEST-1)

Purpose: Cloud hosting of Pippo application/ platform. In order to perform the Pippo Services, Customer Account Data is processed by our hosted provider Amazon Web Services (AWS). The data is encrypted using AES-256 technology.

Analytic Data: Customer Account Data
Service Provider: Clanwilliam Health Ltd -Cirrus Insights
Hosting: MS Azure (Azure EU-NORTH)

Purpose: We analyse Customer Account Data from your interactions with Pippo Services (such as the functions of the Pippo Services that a Customer use, error messages a Customer receives, and the availability of the Pippo Service throughout the day). This information is used to gain understanding of our Customers’ use and adoption of the Pippo Services and allows us to improve the Pippo Service.

Video Conferencing: Video data
Service Provider: Twilio Inc
Hosting: Peer-to-Peer

Purpose: Video conferencing software is provided by Twilio, to facilitate the consultation between the patient and the medical professional and enable video consultations. The video consultations are not recorded by Clanwilliam Health or the service provider Twilio. Media is encrypted end-to-end (E2E) using WebRTC security protocols.

5.3.2 Customers’ Users Data

Pippo Service: Customers’ Users Account Data,
Service Provider: Amazon Web Services
Hosting: AWS (AWS EU-WEST-1)

In order to perform the Services, Customers’ Users Account Data is processed by our hosted provider Amazon Web Services (AWS). The data is encrypted using AES-256 technology.

Purpose: Cloud hosting of the Pippo platform

Video Conferencing: Video data
Service Provider: Twilio Inc
Hosting: Peer-to-Peer

6. Third-Party Links and Services

The Pippo Services may contain links to third-party websites and services. Only cookies which are necessary for the functioning of the Pippo platform/ application are deployed by default. All other cookies, including third-party, require your explicit consent (Opt-in) before being applied.

Please refer to our Cookie Policy, which is available here for further information

Pippo Cookie Policy

Please remember that when you use a link to go from our Pippo Services to a third-party website or you request a service from a third party, this Privacy Statement no longer applies. Your browsing and interaction on any third-party website, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies.

We do not monitor, control, or endorse the privacy practices of any third parties. We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices.

This Privacy Statement applies solely to personal information collected by Clanwilliam Health through our Pippo Services and does not apply to third-party websites and third-party service providers.

For a list of associated Third Party Services please CLICK HERE

7. How long do we keep personal information for?

7.1 Customers Data

Clanwilliam Health will retain Customer Data based on performance of contract, legal obligations and legitimate interests. This is to comply with the Data Protection Laws and fulfil our obligations in the licence agreement for the provision of the Pippo Services to the Customer. The personal data will be deleted based on the terms of that licence agreement.

When assessing what retention period is appropriate for your personal data, the following have been taken into consideration:

The requirements of our business and the services provided;
Any statutory or legal obligations under the Data Protection Laws; and
The purposes determined by our customers (healthcare professional(s)) for which the personal data was originally collected

7.2 Customers’ Users Data

Clanwilliam Health does not retain Customers Users Data. Any retention policies for this data would be the responsibility and defined by the Data Controller (healthcare professional).

8. Transfer of personal data

We only process personal data obtained for the provision of the Pippo application/ platform within Ireland and we use Amazon Web Services (AWS EU-WEST-1) and MS Azure (Azure EU-NORTH) data centres located in Ireland.

9. Confidentiality and security of personal data

Clanwilliam Health is committed to complying with our obligations under the Data Protection Laws and ensuring the personal information which you provide is protected. Therefore, we have implemented a suite of technical and organisation measures that seek to prevent unauthorised access, alteration, deletion or disclosure of your personal data. Obligations in maintaining confidentiality are outlined in the service agreement with the Customer.

All employees, data processors and sub-processors (i.e. those who process personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of the Services and we only store personal information in secure compliant data centres. Personal Data is protected by a variety of technical controls and safeguards to ensure security and privacy including AES 256 encryption at rest and in transit.

A suite of technical and organisational measures have been implemented, for more information please refer to the data processing agreement that is in place with Customers for full details on the technical and organisation measures.

10. Tracking technologies

Customers and Customers Users can only use the Pippo mobile app and Pippo web services with a valid login. We use analytics tools (Cirrus Insights) to monitor Customers behaviour in the Pippo mobile app and Pippo web services. This is as described for ‘Analytic Data’ above:

We analyse Customers interactions with the Pippo Services (such as the functions of the Pippo Services which the customer uses, error messages received, and the availability of the service to the Customers). This information is used to gain an understanding of our Customers’ use and adoption of the Services and aids Clanwilliam Health in improving the Pippo Services.

Cookies are in use. Please refer to our Cookie Policy, which is available here for further information

Pippo Cookie Policy

11. Data Subject rights

Under Data Protection Law, you (Customers) are granted certain rights.

Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data that is processed by the Clanwilliam Health

For customer’s users of the Pippo mobile app and Pippo web services, you are entitled to exercise your rights by contacting your Health Professional.

The data subject rights are:

The right to be informed about the processing of your personal data;
The right to access your personal data;
The right to rectification of your personal data;
The right to the erasure of your personal data;
The right to data portability;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data; and
Rights in relation to automated decision-making, including profiling.

11.1 Restriction of data subject rights in certain circumstances

Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. General guidance in relation to the application of Article 23 and the related provisions of the Data Protection Act 2018 is available here.

https://www.dataprotection.ie/en/individuals/know-your-rights/restriction-individual-rights-certain-circumstances

For Customer’s users of the Pippo mobile app and Pippo web services, you are entitled to exercise your rights by contacting your health professional (as data controller).

If you would like to access, review, update, rectify, and delete any Personal Data that Clanwilliam Health holds about you, or exercise any other data subject right available to you under the Data Protection Laws, contact our data protection representative via GDPR@clanwilliamhealth.com .

11. Changes to this Privacy Statement

We may make changes to this Privacy Statement from time to time. To ensure that you are always aware of how we use the Account Data and Video Data, we will update this Privacy Statement to reflect any changes to our use of Personal Data. We may also make changes as required to comply with changes in applicable law or regulatory requirements. We will notify you, your partnership, practice or your organisation by e-mail of any significant changes. However, we encourage you to review this Privacy Statement periodically to be informed of how we use personal information.

12. How to contact us

If you have any questions about this Privacy Statement, please contact us by phone at GDPR@clanwilliamhealth.com

Tel: +353 (1) 463 3000

You also have the right to make a complaint to the Data Protection Commission (DPC), the Irish supervisory authority for data protection issues, at any time. The DPC’s contact details are as follows:

Information Commissioner’s Office

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

Telephone – 01-7650100 / 1800437 737

Website https://www.dataprotection.ie/