PRIVACY POLICY APP 2022

PRIVACY POLICY

 

Version updated as of 20 December 2021

 

  1. INTRODUCTION

 

At AMELIA VIRTUAL CARE we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information in order to achieve this. We care about your privacy and believe we should be transparent about it.

 

For this reason, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter “GDPR”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, “LSSI”), Psico Smart Apps, S.L. informs the user that, as the party responsible for processing, it will incorporate the personal data provided by users in an automated file.

 

  1. DATA CONTROLLER

 

The clinic, hospital or private medical professional with whom you have contracted professional psychology services and who have our platform to offer you part of the services you have contracted.


We act as Data Processor of your personal data. If you need more information about that, please consult our DPA. 

 

  1. PERSONAL DATA COLLECTED AND THEIR PURPOSES

 

The personal data category is: 

 

Registration form and Customer Profile:

  • Email address and password.

 

Patient’s Profile:

  • Name and surname.
  • Email address
  • (data subject’s choice): address, mobile phone, gender, data birth, nationality, Health insurance, job status, civil status, religion, professional occupation. 

 

Patient’s Clinical data (data subject’s choice)

  • Medical history (medical and psychological history)
  • Pharmacotherapy
  • medical reports

 

The purpose of processing the previous personal data collected is:

  • To fulfill our contractual obligations to our customers who provide us with your personal data through our platform.
  • To send SMS to users so that they download the Amelia App in order to guarantee the service.

 

  1. PERSONAL DATA LEGAL BASIS

 

The legal basis that justifies the personal data above-mentioned is:

 

  • Comply with the contractual relationship with AMELIA VIRTUAL CARE customers.

 

  1. PERSONAL DATA RETENTION PERIOD

 

The processing of data for the purposes described will be maintained for as long as necessary to meet the purpose of collection (for example, for the duration of the business relationship), as well as for compliance with legal obligations arising from the processing of data. For more information, please contact us at  privacy@ameliavirtualcare.com.

 

  1. COMMUNICATION TO THIRD PARTIES

 

In some cases, only, when necessary, AMELIA VIRTUAL CARE will provide user data to third parties. However, the data will never be sold to third parties. External service providers (e.g. hosting providers) with whom AMELIA VIRTUAL CARE works may use the data to provide the corresponding services, however they will not use this information for their own purposes or for transfer to third parties.

 

AMELIA VIRTUAL CARE seeks to ensure the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have adequate measures in place to protect personal data. These third parties have an obligation to ensure that the information is treated in accordance with data privacy regulations.

 

In some cases, the law may require that personal data be disclosed to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed.

 

  1. PERSONAL DATA STORED

 

In general, data is stored within the EU. Data sent to non-EU third parties will ensure that they offer an adequate level of protection, either because they have Binding Corporate Rules (BCR) or we have entered into the EC model clauses.  

 

  1. DATA SUBJECT’S RIGHTS

 

You can address your communications and exercise your rights by petition at privacy@ameliavirtualcare.com or even to your respective Data Controller.

 

Under the GDPR you can apply:

  • Right of information: you can request information about those personal data that we have about you.
  • Right of rectification: you can communicate any change in your personal data.
  • Right to erasure: you can request the prior deletion blocking of personal data.
  • Right to restriction of processing: this means restricting the processing of personal data.
  • Right to data portability: in some cases, you can ask for a copy of the personal data in a structured format, commonly used and mechanically read for transmission to another data controller.
  • Right to object and automated individual decision-making: you can request that decisions not be taken which are based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.

 

In some cases, the request may be refused if you request that data necessary for the fulfilment of legal obligations be deleted.

 

Also, if you have a complaint about the processing of data you can make a complaint to the data protection authority.

 

  1. RESPONSIBLE FOR THE ACCURACY AND VERACITY OF THE DATA PROVIDED

 

The user is solely responsible for the accuracy and correctness of the data included, exonerating AMELIA VIRTUAL CARE of any responsibility in this regard. Users guarantee and respond, in any case, the accuracy, validity and authenticity of the personal data provided, and undertake to keep them properly updated. The user agrees to provide complete and correct information in the registration or subscription form AMELIA VIRTUAL CARE reserves the right to terminate the services contracted with users, in the event that the data provided are false, incomplete, inaccurate or are not updated.

 

AMELIA VIRTUAL CARE is not responsible for the veracity of the information that is not of its own elaboration and for which another source is indicated, therefore it does not assume any responsibility as far as hypothetical damages that could originate from the use of this information are concerned.

 

AMELIA VIRTUAL CARE reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or deny access to said information AMELIA VIRTUAL CARE of respondents are exonerated.

 

  1. MINOR’S PERSONAL DATA PROCESSING

 

In principle, our services are not specifically aimed at minors. However, if any of them is addressed to minors under fourteen years, in accordance with Article 8 of the GDPR and Article 7 of LO3/2018 of 5 December (LOPDGDD), AMELIA VIRTUAL CARE will require the valid, free, unequivocal, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the identity card or other form of identification of the person giving consent will be required.

In the case of persons over fourteen years of age, the data may be processed with the consent of the user, apart from those cases in which the Law requires the assistance of the holders of parental authority or guardianship.

 

  1. SECURITY MEASURES

 

AMELIA VIRTUAL CARE has adopted the legally required levels of personal data protection security and tries to install those other means and additional technical measures within its reach to prevent the loss, misuse, alteration, unauthorized access, and theft of personal data provided to AMELIA VIRTUAL CARE.

 

 

AMELIA VIRTUAL CARE is not responsible for any hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by causes beyond the control of AMELIA VIRTUAL CARE of delays or blockages in the use of the present electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as of damages that may be caused by third parties through illegitimate intrusions beyond the control of AMELIA VIRTUAL CARE. However, the user must be aware that Internet security measures are not impregnable.

 

  1. MODIFICATION OF THE PRIVACY POLICY

This privacy policy may be modified. We recommend that you review the privacy policy from time to time.

 

  1. LINKS TO OTHER WEBSITES

The website www.ameliavirtualcare.com may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, being AMELIA VIRTUAL CARE disassociated from any responsibility about its privacy policy.

 

WEB HIPAA PRIVACY RULE

  •  INTRODUCTION

 

The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared.  This applies to all forms of PHI, including paper, oral, and electronic, etc.  Furthermore, only the minimum health information necessary to conduct business is to be used or shared.

  •  AMELIA’S ROLE WITHIN HIPAA

 

AMELIA VIRTUAL CARE has contractual relationship with Hospital, Clinics and Health Private Professionals (Covered Entities) in order to provide them a VR psychology platform. This fact means that AMELIA VIRTUAL CARE may have access to patient’s personal data.

 

Regarding the above, AMELIA VIRTUAL CARE acts as Business Associate to its customers since AMELIA VIRTUAL CARE needs access to the protected health information of the covered entities in order to provide its service.

  •  REQUIREMENTS OF THE PRIVACY REGULATIONS WITH RESPECT TO DATA SUBJECT’s RIGHTS

 

The Privacy Rule regulates covered entities, not business associates. The Rule requires covered entities to include specific provisions in agreements with business associates to safeguard protected health information and addresses how covered entities may share this information with business associates. Covered entities are responsible for fulfilling Privacy Rule requirements with respect to individual rights, including the rights of access, amendment, and accounting, as provided for by 45 CFR 164.524, 164.526, and 164.528.