Privacy Policy
Kaiku Health and the use of personal data
Welcome to Kaiku Health! On this page you will find a brief summary of your rights, and how Company processes your Personal Information (as defined herein). You can start using Kaiku Health by agreeing to the Terms, which incorporate this Privacy Policy, and the manner in which your Personal Information is handled.
Data Controller
Customer will act as the data controller (the “Data Controller”). Company is the data processor and will process Personal Information only on behalf of the data controller. The contact information of the Data Controller is provided in the Data Controller’s privacy policy.
The purpose and legal basis of personal data processing
The purpose of Personal Information processing by Company is outlined in this Privacy Policy and includes providing and maintaining Kaiku Health.
The legality of the processing of Personal Information is based on your client or patient relationship with the Data Controller, and the laws and regulations imposed on the Data Controller as the administrator of the client or patient register. For more information, please read the Data Controller’s privacy policy.
What personal information is processed?
Kaiku Health processes the following personal information (collectively, “Personal Information”):
Personal information
- Full name
- Social security number (or other comparable national identification code, where applicable)
- Email address and phone number
- Password
Personal data generated and stored during use of Kaiku Health (collectively, “Patient Information”)
- Messages sent to- and received from the Medical Staff, including protected health information (“PHI”) contained therein
- Forms filled by the User, including PHI contained therein
- Other information that is either communicated through Kaiku Health or obtained by Kaiku Health from other patient records, including PHI contained therein
Log information (collectively, “Log Information”)
- Technical logs (including IP-address) and audit logs
The sources of Personal Information
The Personal Information is collected from the following sources:
- Information entered by the User
- User-specific information entered by the Medical Staff
- Information imported from other records by the Data Controller
Receivers of Personal Information
Accessing the User’s Personal Information requires a user name and password. Access to the Personal Information of a User is only permitted to a person whose duties require accessing such Personal Information as defined by the Customer. The exchange of information between the Customer terminal and the Kaiku Health server is encrypted.
The User and Medical Staff defined by Customer have access to the User’s Personal Information. By default, administrative staff of the Customer only have access to the Personal Information relating to the account or identity of the User – they cannot access Patient Information. Company is responsible for technical support. Person(s) at Company technical support have access to the Personal Information of the User, however not the Patient Information. Company administrators use Log Information for troubleshooting only when necessary.
Retention and erasure of Personal Information
The duration of Personal Information retention and the basis for it, to the extent not provided in this Privacy Policy, are provided in the Data Controller’s privacy policy. Log Information is stored for two months on a separate log server. For more information on log back-ups and long-term storage of Log Information, please refer to the Data Controller’s privacy policy.
Disclosure of information to parties internationally
If you are located in the European Economic Area (“EEA”), no Personal Information is disclosed to any international organization or party outside of the EEA. If you are located in the United States, no Personal Information is disclosed to any international organization or party outside the United States.
Rights of the User
Right of access to Personal Information
The User has the right to see all their Personal Information. The User can access and view their Personal Information once logged into Kaiku Health.
Right to rectification
- User can edit their Personal Information and contact information via Kaiku Health
- The User has the right to demand the rectification of any incorrect Personal Information
- The User can review Personal Information before it is submitted. Once the Personal Information is submitted, it can no longer be edited directly via Kaiku Health. The purpose of this is to prevent alterations to Patient Information. A request for rectification of Patient Information must be submitted to the Data Controller (contact details of Data Controller are detailed in the Data Controller’s privacy policy).
Right to erasure
According to the Health Information Portability and Accountability Act (“HIPAA”) and the EU General Data Protection Regulation article 17 clause 3b) no User domiciled in the United States or the EU has the right to demand erasure of Personal Information under the Terms to the extent Company is required by law or regulatory requirements applicable to Customer or Company to retain such Personal Information.
Right to restriction of processing
Users domiciled in the EU and citizens of the EU have the right to request the restricted processing of his/her data (including, without limitation, Personal Information and Patient Information). The request should be addressed to the Data Controller (contact details are provided in the Data Controller’s privacy policy). The User´s account may be set as inactive for the duration of the restriction if the User does not consent to the processing of Personal Information regarding him/her during the restriction period.
Right to data portability
The Data Controller is currently not obligated to provide the information (including, without limitation, Personal Information and Patient Information) to Users domiciled in the EU or to Users who are citizens of the EU in a specifically structured or generally used format as the use of Kaiku Health is not based on the consent of the User. Information that the Data Controller is required to provide to Users domiciled in the United States must be in a readable format.
Right to file a complaint to a supervisory authority
The User has the right to file a complaint to a supervisory authority or other appropriate governmental office (such as the Office of Civil Rights of the Department of Health and Human Services in the United States), especially in the member state in which the User resides or works or where the claimed infringement took place, if the User suspects that the terms outlined in this document are violated, without imposing restrictions on other due processes.
Post-processing of data
Company generates anonymous statistical data from information inputs made within Kaiku Health (including, without limitation, Personal Information and Patient Information) for the purpose of developing and improving the service. Examples of anonymous data generated include the overall number of messages and forms sent. Individual Users cannot be identified from the anonymous data generated by Company, nor does Company have a reasonable basis to believe such anonymous data could be used to identify any individual User.
Data protection
Kaiku Health user data is stored in the database in an encrypted form (encryption at rest). No data besides the user's session are stored on end-users’ devices. Kaiku Health enforces use of an encrypted connection (encryption in transit), unsecure connections are not possible. All connections to the Kaiku Health -service are encrypted using TLS.
Cookies Policy
Kaiku Health uses a Cookie for identifying a user’s logged in session time to detect the need for session expiration, when the user is no longer active. Due to the sensitivity of data in Kaiku Health, this Cookie is considered as strictly necessary for information security purposes.
Kaiku Health also uses load-balancing Communication Cookies to route the information over the network by identifying the communication endpoints. By accepting the User Terms, you accept the use of all strictly necessary and communication cookies used by Kaiku Health.
(c) 2023 The Elekta Group. All rights reserved.