Chrono Health Privacy Policy

We present the Privacy Policy of Chrono Health, which is structured as follows: (i) a general part and (ii) documents with additional information relating to the data processing applicable to each specific scope.

Index:

1. Privacy Policy (general);

2. Additional information on the exercise of data subject rights;

3. Additional information about data processing through the website;

4. Additional information on data processing for health providers;

5. Additional data protection information for users;

  1. Privacy Policy (general)

At Chrono Health, we are committed to protecting your health information and your privacy.

This policy explains how we collect, use, store, and protect your personal information. 

Information we collect

We collect personal information provided by hospital entities and/or clinics, as well as information provided by doctors following the provision of medical services. The collected data primarily relate to clinical data.

The categories of personal data we process are as follows:

  • Identification data: name, date of birth, gender, height, weight, image; 

  • Contact data: email and telephone number;

  • Appointment data: date, time, reason for appointment, doctor's name, specialty, location;

  • Health data: medical reports, diagnoses, treatments, records (symptoms, exams, appointments, medication, procedures, and hospitalization), lifestyle (smoking habits, alcohol consumption, physical activity, and diet), chronic conditions (what and how long ago diagnosed), mood, hours slept, amount of water consumed; and

  • Browsing data: name of the internet service provider, IP address, push notifications, name of the device, device identification token.

 

Purposes

The personal data that we process through the Chrono Health platform will only be used for the following purposes:

a) Creation and registration of users;

b) Management of the contractual relationship between Chrono Health and its users;

c) Management of support requests;

d) Submission of complaints/suggestions;

e) Research, statistics and development;

f) Enable communication between users;

g) Compliance with national and international legal provisions, or executing an order from competent judicial authorities;

h) Fulfillment of legal obligations, derived from applicable data protection legislation, as well as, for the exercise of data subjects' rights, in particular, the defense of a right in a judicial process;

i) Sending commercial or advertising information from Chrono Health.

 

Data we obtain from other organizations

Currently, we do not obtain any personal data from other organizations.

How we use your information

We use your personal information to provide you with all aggregated clinical information, aiming to enable an overview of the patient's clinical history.

After entering clinical data into the app, doctors will have the opportunity to access and feed the platform on the occasion of each medical act.

Additionally, we automatically collect data about your visit to our Website through cookies. For more information, see our Cookie Policy.

 

Sharing information

Chrono Health may share information with public authorities (e.g., courts and regulatory authorities), upon request and within the limits of the law, for compliance with legal obligations. Chrono Health may also share information related to personal data with enforcement agents, external auditors, certified accountants, law offices, at their request and always with the safeguards required by legislation on the protection of personal data.

Exceptionally, Chrono Health may process other information to comply with a contract, legal obligations, pursue legitimate interests, or defend the vital interests of the data subject or a third party.

 

Transfer of personal data to third countries

Chrono Health is a platform that allows patients to compile, manage, and share their medical data.

In the case of data transfers to countries outside the EU, priority will be given to countries covered by an adequacy decision issued by the European Union under Article 45 of the GDPR. If this is not the case, Chrono Health will adopt the necessary precautions to ensure the privacy and security of your personal data under Article 46 of the GDPR and use them only according to the purposes for which they were collected and in accordance with the practices described in this Privacy Policy.

 

Protection of information

Chrono Health has implemented physical, computer, and procedural measures to ensure the protection of all information. All employees are subject to legal duties of confidentiality or have signed confidentiality commitments.

Chrono Health adopts rigorous data protection measures to ensure compliance with GDPR regulations. This application strictly separates personal data from medical data, implementing a second layer of security for medical data.

The separation between personal data and medical data is fundamental to preserve user privacy. Personal data includes identifiable information, such as name, email, and contact, while medical data encompasses information about health history, treatments, and diagnoses. This separation is essential to avoid any accidental or unauthorized exposure of sensitive personal information.

Furthermore, the medical data in our application is subject to a rigorous anonymization process. This means that all information that could directly identify a user is removed or coded in such a way that they are unrecognizable. In this way, we ensure that medical data remain confidential and secure, without revealing associated personal information.

Our main concern is to protect the privacy and security of users' personal data, and these measures are essential to ensure that medical data are handled responsibly and in compliance with data protection laws.

Your rights

As a data subject, you have the right to access, rectification or erasure, opposition, portability, restriction of processing, the right not to be subject to automated decisions, the right to information, and the right to make a complaint with the supervisory authority. You also have the right to withdraw your consent at any time.

You can exercise your rights through the contacts provided in this Privacy Policy. For more information about exercising your rights, see the "Additional information on the exercise of data subjects' rights".

 

Information storage

Chrono Health stores personal data on its servers located in Amazon Web Services (AWS), (eu-west-1 - Europe (Ireland)) and Google Firebase (eur3 (europe-west)) in Cloud service providers (located within the EU).

All data in transit to and from the app/web are securely encrypted using TLS/SSL protocol encryption, using Asymmetric Public Key Infrastructure, and the medical data are anonymized in such a way that does not expose associated personal data.

Your personal data processed within the scope of providing our services will be kept for a period of 2 (two) years. If we have not had contact with you for a period longer than 2 (two) years, we will delete your records from our database. Personal data processed within the scope of exercising the rights of data subjects as set out in articles 12, 13, and 14 of the GDPR will be kept until a response is sent to your request, within a maximum period of 2 months. After this period, records and evidence of the responses will be kept for five years, or as long as they are necessary for the purposes of legitimate interests of Chrono Health or a third party, for example, in the context of an ongoing legal process.

Contact us

If you have any doubts, questions, or complaints related to our Privacy Policy or the data processing carried out, do not hesitate to contact us via legal@chronohealth.io.

The Data Controller is CHTA - CHRONO HEALTH TECHNOLOGIES APP, LDA, located at Av. Torre de Belém 19, 1400-342, Lisbon, with the following contacts:

Telephone: +351 960 462 402

E-mail: legal@chronohealth.io

 

Policy changes

We may modify this Privacy Policy at any time without prior notice, so we recommend that you periodically consult the most current version on our website. You are consulting version n°1 of July 1, 2023.

2. Additional Information on the Exercise of Data Subjects’ Rights

At Chrono Health, we ensure a response to your requests regarding the processing of your personal data.

This document provides some additional information on how you can exercise your rights and the type of processing carried out in this context.

 

What information do we process?

For the purposes of analyzing and responding to requests, we process the personal data contained in the request directed to us, for example, through a message or email. In addition to this data, we may request additional data to validate the identity of the data subject, such as the date of birth, email, and name.

The categories of personal data we process are as follows:

  • Identification data (examples: name, email address, citizen card number, username);

  • Other categories of personal data contained in the request.

 

How do we obtain your personal data?

The personal data obtained are provided directly by you. At the time of information collection, to proceed with the matter, various departments of Chrono Health may consult information and personal data related to the request made that may have been obtained through other means, namely through established contacts.

 

For what purpose and on what legal basis do we process your personal data?

We process your personal data for the purpose of analyzing and responding to the request made by you, within the scope of personal data processing.

The legal basis is the fulfillment of the legal obligation to respond to requests from data subjects, as set out in articles 12 and following of the General Data Protection Regulation (hereinafter, GDPR).

 

The rights you can exercise are as follows:

  • Right of access, rectification or erasure: You have the right to access your personal data, as well as to request the rectification of inaccurate data or, where applicable, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

  • Right to object: In certain circumstances, you can object to the processing of your data. Chrono Health will cease processing the data, except if there are compelling legitimate reasons for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

  • Right to data portability: You have the right to receive your personal data and request its transmission to another data controller. The data must be provided in a structured, commonly used, and machine-readable format.

  • Right to request restriction of processing: In certain circumstances, you can request the restriction of processing of your data, in which case we will only store them for the establishment, exercise, or defense of legal claims.

  • Right not to be subject to automated individual decision-making: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling.

  • Right to information: You have the right to be informed in the event of a personal data breach that may pose a high risk to your rights and freedoms, as well as to request additional information regarding the processing of your personal data;

  • Right to file a complaint with a supervisory authority whenever you believe that your rights as a data subject are being violated. The Portuguese supervisory authority is the National Data Protection Commission (www.cnpd.pt).

  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. 

How long do we keep your personal data?

Your personal data processed in this context will be kept until a response is sent to your request, within a maximum period of 2 months. After this period, records and evidence of the responses will be kept for five years, or as long as they are necessary for the purposes of legitimate interests of Chrono Health or a third party, for example, in the context of an ongoing legal process.

 

To whom will your data be disclosed?

We may have to transmit some of your personal data to Chrono Health collaborators or service providers, to gather the necessary information to respond to your request. We will only transmit the data necessary for the purposes of analysis and for the procedure of responding to your request. Chrono Health may share information with public authorities (for example, courts and regulatory authorities), upon request and within the limits of the law, to comply with legal obligations.

We do not transfer personal data to countries outside the European Union (EU). Should there be a transfer of personal data outside the EU, compliance with the safeguards provided for in Articles 44 and following of the GDPR will be ensured.

 

How can you exercise your rights?

You can exercise your rights by sending a written communication to the head office of CHTA - CHRONO HEALTH TECHNOLOGIES APP, LDA, located at Av. Torre de Belém 19, 1400-342, Lisbon, or through the email specifically for this purpose, legal@chronohealth.io.

You must identify yourself with your name, Citizen Card number, and username and specify the request. You can also exercise your rights through a legal representative. In these cases, in addition to your identification, you must send authorization or power of attorney proving the third party's eligibility to make the request.

The exercise of data subjects' rights follows an internal procedure, evaluated on a case-by-case basis. Before responding to the request, we may require you to prove your identity and provide additional information necessary to assess the request.

If the request is not sufficiently specific, it is not possible to prove the identity of the data subject and/or the legitimacy of the requester, or if the time interval between various requests from the same holder is not reasonable, we may deny your request.

 

Policy changes

You are consulting version No. 1 of July 1, 2023.

3. Additional information about data processing through the website

Through the Chrono Health website, there may be a need to process some personal data. In this document, we explain the data processing carried out in this context and provide information on how we handle these data.

What information do we process?

Generally, it is possible to use the website without providing any personal data. However, there is the possibility to provide your personal data through filling out forms on our website.

The category of personal data we process is identification data, through the collection of your name and your email.

How do we obtain your personal data?

The personal data we obtain are provided directly by you through the "Join Us" form.

For what purpose and on what legal basis do we process your personal data?

We process your personal data with the purpose of analyzing your request and providing our services to you. The legal basis is the performance of a contract and pre-contractual steps (Article 6(1)(b) of the General Data Protection Regulation (hereinafter, GDPR).

How long do we keep your personal data?

Your personal data processed in the context of the website and in response to forms will be kept for a period of 2 (two) years or, if the information is necessary within the context of a legal action, for the duration of the legal proceedings until the decision becomes final. Except for this exception, if we have not had contact with you for a period longer than 2 (two) years, we will delete your records from our database.

 

To whom will your data de disclosed?

Chrono Health may share information with public authorities (for example, courts and regulatory authorities), upon request and within the limits of the law, to comply with legal obligations.

We do not transfer personal data to countries outside the European Union (EU). Should there be a transfer of personal data outside the EU, compliance with the safeguards provided for in Articles 44 and following of the GDPR will be ensured.

How Can You Exercise Your Rights?

You can exercise your rights by sending a written communication to the head office of Chrono Health or through the email legal@chronohealth.io.

The Data Controller is CHTA - CHRONO HEALTH TECHNOLOGIES APP, LDA, located at Av. Torre de Belém 19, 1400-342, Lisbon, with the following contacts:

Telephone: +351 960 462 402

Email: legal@chronohealth.io

For more information on exercising your rights, see the "Additional Information on the Exercise of Data Subjects' Rights".

Policy Changes

You are consulting version No. 1 of July 1, 2023. 

4. Additional information on data processing for health providers

Your login to our platform involves the processing of your personal data. In this document, we address the data processing activities carried out in this context and provide some additional information on how we handle these data.

If you use our platform or intend to use it, this information is for you.

What information do we process?

The categories of personal data we process are as follows:

  • Identification data: name and email;

  • Data related to appointments: date and time of the appointment, medical specialty, location; and

  • Browsing data: name of the internet service provider, IP address, push notifications, name of the device, device identification token. 

How Do We Obtain Your Personal Data?

The personal data we obtain are provided directly by you, when you fill in your information, when you browse our website, or when you upload documents to our platform.

For what purpose and on what legal basis do we process your personal data?

We process your personal data with the purpose of providing you with our services for viewing, organizing, and receiving patient/user data. The legal bases are the performance of a contract in which the data subject is a party (Terms and conditions of use), consent, as stipulated in Article 9(2)(a) of the General Data Protection Regulation (hereinafter, GDPR), and legitimate interests for the purposes of defense in potential complaints and/or legal actions.

How long do we keep your personal data?

Your personal data processed within the scope of providing our services will be kept for a period of 2 (two) years. If we have not had contact with you for a period longer than 2 (two) years, or if the information is necessary within the context of legal proceedings, for the duration of those proceedings until the decision becomes final. Except for this exception, if we have not had contact with you for a period longer than 2 (two) years, we will delete your records from our database.

 

To whom will your data be disclosed?

Chrono Health may share information with public authorities (for example, courts and regulatory authorities), upon request and within the limits of the law, to comply with legal obligations.

We do not transfer personal data to countries outside the European Union (EU). Should there be a transfer of personal data outside the EU, compliance with the safeguards provided for in Articles 44 and following of the GDPR will be ensured.

 

How Can You Exercise Your Rights?

You can exercise your rights by sending a written communication to the head office of Chrono Health or through the email legal@chronohealth.io.

The Data Controller is CHTA - CHRONO HEALTH TECHNOLOGIES APP, LDA, located at Av. Torre de Belém 19, 1400-342, Lisbon, with the following contacts:

Telephone: +351 960 462 402

Email: legal@chronohealth.io

For more information on exercising your rights, see the "Additional Information on the Exercise of Data Subjects' Rights".

Policy Changes

You are consulting version No. 1 of July 1, 2023.

 

      5. Additional data protection information for users

Your registration on our platform involves the processing of personal data. In this document, we discuss the data processing activities carried out in this context and provide some additional information on how we manage these data.

If you are a user of the platform or intend to sign up, this information is for you.

What information do we process?

The categories of personal data we process are as follows:

  • Identification data: name, date of birth, sex, height, weight, image;

  • Contact data: email and phone number;

  • Appointment data: medical specialty, date, time, location, and reason for the appointment;

  • Health data: medical reports, diagnoses, treatments, records (symptoms, exams, medication, procedure, and hospitalization), lifestyle (smoking habits, alcohol consumption, physical activity, and diet), chronic conditions (what and how long ago diagnosed), mood, hours slept, amount of water consumed; and

  • Browsing data: name of the internet service provider, IP address, push notifications, name of the device, device identification token.

How do we obtain your personal data?

The personal data we obtain are provided directly by you, when you fill in your information, browse, or upload documents on our platform. Data can also be provided by the doctor or a third party to whom you have granted access to your health data, when they fill in appointment information on your profile, with your prior authorization and consent. 

For what purpose and on what legal basis do we process your personal data?

We process your personal data with the purpose of providing you with our services for accessing and organizing health data, sharing data with third parties, as well as for statistical purposes. The legal bases are the performance of a contract in which the data subject is a party (Terms and Conditions of Use), consent, as stipulated in Article 9(2)(a) of the General Data Protection Regulation (GDPR), and legitimate interests for the purposes of defense in potential complaints and/or legal actions.

 

How Long Do We Keep Your Personal Data?

Your personal data processed within the scope of providing our services will be kept for a period of 2 (two) years. If we have not had contact with you for a period longer than 2 (two) years, or if the information is necessary within the context of legal proceedings, for the duration of those proceedings until the decision becomes final. Except for this exception, if we have not had contact with you for a period longer than 2 (two) years, we will delete your records from our database.

To Whom Will Your Data Be Disclosed?

It is possible to share your data with third parties through an access code. All third parties who obtain the code will have access to all the data in your Chrono Health APP. If you share the code with a health provider, they will also have the ability to download files and add information related to your health. Chrono Health may share information with public authorities (for example, courts and regulatory authorities), upon request and within the limits of the law, to comply with legal obligations.

Chrono Health may also share statistical and anonymous information with partner entities. Anonymous information is that which has been modified so that it cannot be attributed to a specific person, i.e., it does not have the capability to identify a person.

We do not transfer personal data to countries outside the European Union (EU). Should there be a transfer of personal data outside the EU, compliance with the safeguards provided for in Articles 44 and following of the GDPR will be ensured.

How Can You Exercise Your Rights?

You can exercise your rights by sending a written communication to the head office of Chrono Health or through the email legal@chronohealth.io.

The Data Controller is CHTA - CHRONO HEALTH TECHNOLOGIES APP, LDA, located at Av. Torre de Belém 19, 1400-342, Lisbon, with the following contacts:

Telephone: +351 960 462 402

Email: legal@chronohealth.io

For more information on exercising your rights, see the "Additional Information on the Exercise of Data Subjects' Rights".

Policy Changes

You are consulting version No. 1 of July 1, 2023.