Care Medical App – Data Privacy Statement
Effective Date: Jan-2025
1. Introduction:
Care Company (“we”, “us”, “our”) respects your
privacy and is committed to protecting your personal data.
This Data Privacy Statement describes how we
collect, use, share, and protect personal and sensitive user data when you use
our mobile application (“Care Medical”), and how we comply with applicable data
protection laws — including the EU General Data Protection Regulation (GDPR),
the Saudi National Data Management Office (NDMO) Privacy Framework, and the
recommendations of the CNIL (Commission Nationale de l’Informatique et des Libertés).
2. Categories of Data We Collect:
Depending on the features you use, the
application may access or collect the following categories of personal and
sensitive user data:
Identity and contact data: Name, email address, phone number, National
ID, Resident Id, user ID.
Device and technical data: Device ID, operating system, app version,
crash logs.
Location data: Precise or approximate device location
(only with consent).
Authentication and account data: Login credentials, tokens, or session
identifiers.
Health or care-related data: Where applicable, information you provide
about patient care, wellness metrics, or clinical updates.
Camera, microphone, and files: Only when necessary for app features
(e.g., scanning documents or recording notes).
Contacts or communication data: If required to sync staff or patient
contact lists (only with user permission).
We do not collect or process any personal or
sensitive data beyond what is required for the app’s functionality and user
experience.
3. Purpose and Legal Basis of Processing:
We process your data
only for legitimate, explicit, and lawful purposes, including:
To enable app
functionality and provide secure access to our services.
To communicate updates,
notifications, or support messages.
To comply with
applicable health, or data retention regulations.
To improve app
performance, security, and usability.
With your consent, to
enable optional features (e.g., location-based scheduling).
We rely on user consent,
contractual necessity, and legitimate interests as our legal bases for
processing, as appropriate.
4. Data Sharing and Transfers:
We do not sell personal or sensitive user data.
We may share data only in the following cases:
With authorized service providers under strict data protection
obligations.
To comply with legal or regulatory obligations, such as a valid
request from authorities.
In the event of a merger or acquisition, with legally adequate
notice to users.
All transfers of data outside your jurisdiction comply with GDPR
and NDMO cross-border data transfer requirements.
5. Data Security:
We use appropriate technical and organizational
measures to protect your data, including:
Encryption in transit
(HTTPS/TLS) and at rest.
Secure authentication
and role-based access controls.
Regular audits,
vulnerability testing, and monitoring.
Staff training on data
protection and confidentiality.
6. User Rights:
Depending on applicable law, you may exercise
the following rights:
Access – Request a copy
of your personal data.
Rectification – Correct
inaccurate or incomplete data.
Erasure (“Right to be
Forgotten”) – Request deletion of your data.
Restriction – Limit
certain data processing activities.
Data Portability –
Receive your data in a structured, machine-readable format.
Withdrawal of Consent –
Withdraw your consent at any time.
7. Prominent Disclosure & Consent
When data collection may not be reasonably expected by users,
the app will:
Display a clear in-app
disclosure describing what data is collected, why, and how it’s used.
Obtain explicit,
affirmative consent (e.g., via checkbox or tap confirmation).
Use runtime permission
requests for sensitive Android permissions.
Never collect or share
data before consent is granted.
Example Disclosure:
“Care Staff collects location data to enable
shift tracking and safety monitoring even when the app is not in active use.”
8. Data Retention and Deletion:
We retain data only for as long as necessary for
the purposes stated in this policy or as required by law.
Users may request account and data deletion by
sending email on [email protected] to office of Data Protection Officer.
Upon deletion, all associated user data will be
permanently removed unless retention is required for legal, security, or
compliance reasons.
9. Use of Third-Party Code or SDKs:
Where the app integrates third-party SDKs, these
providers are vetted to ensure compliance with our privacy obligations.
Any SDK that collects data will be disclosed in
this policy and in-app.
We regularly review and update SDK
configurations to prevent unauthorized data access or sharing.
10. Contact Information:
For privacy inquiries, data requests, or
complaints, please contact:
Data Protection Officer (DPO) Care Company.
Email: [email protected]
11. Changes to This Privacy Statement:
We may update this Privacy Statement from time
to time to reflect legal, technical, or operational changes. Users will be
notified within the app or by email before any significant changes take effect.