At Cory.Care our mission is to have accessible and affordable health service in the hands of every person around the world. We want to connect clients to high-quality and convenient healthcare globally.
This policy explains how we use your personal data for our health services and products, including, amongst others, our private services and our partners’ services. We want to help you to understand how we work with your data. We may update this policy from time to time.
This policy also governs the use of your personal data through our website and platform.
In the following Cory.Care is also considered and called as ‘platform’.
This policy covers
- Who we are
- Personal data
- What personal data we hold and how we get it
- Personal details
- Health and medical information
- Financial information
- Information obtained from third party services
- What we use your personal data for
- Providing you a service
- Making healthcare accessible
- Keeping you up to date
- Other uses
- Sharing your personal data
- Information sharing with other healthcare providers
- Anonymized information
- What personal data we hold and how we get it
- Medical records
- Chat histories
- Data storage, security and transfers
- Technical information and analytics
If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our customer service via email@example.com.
1. Who we are
The platform is operated by Stichting XpertHealth, KvK nr. 7540856, in the Netherlands.
The customer service and initial consultation, including referrals are operated by XpertHealth. The doctors referred are independent individuals on the platform and consult with their own responsibility and consequences.
When we talk about ‘XpertHealth’, ‘us’ or ‘we’, it means XpertHealth. We provide the derived data within our company.
XpertHealth is the controller of your personal data provided or collected by or for, processed in connection with your services on Cory.Care. Your relationship is with XpertHealth.
If for example, you would like to access data, XpertHealth is the entity to which you would make such a request.
2. Personal data
2.1 What personal data we hold and how we get it
We use the following categories of personal data:
2.1.1 Personal details
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, physical address, employer and phone number. You are responsible for the accuracy of the data that you provide.
2.1.2 Health and medical information
The main type of information that we hold about you is health and medical information: information about your health, symptoms, treatments, consultation and sessions, medications and procedures. This includes details of your consultations with our doctors, interactions with our digital services, including interaction with the symptom checker, customer service, health check online and offline. Your interaction with our digital services may be shared with doctors in order to provide you with a better experience and for the purposes of providing your health care.
We get this information directly from you, when you register with us and when you use our health care services. Your medical record on Cory.Care will be managed only by you.
We may also hold information about you and your health from other apps or online services where you have given approval that this data can be shared with us.
2.1.3 Financial information
If you make any payments on Cory.Care, your payment details will be processed directly by a third party. This information will not be shared with us.
2.1.4 Information obtained from third party services
You may choose to connect your existing accounts with other providers (such as a social media provider), for example when signing up to make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as a phone number, username and name. We are acting in accordance with the data protection laws; we may also use information from other sources, such as specialist companies that supply information, online media channels, our commercial partners and public registers. This information can for example, help us to improve and measure the effectiveness of our services.
2.2 What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
2.2.1 Providing you a service
- We obtain and use your personal details in order to establish and deliver our contract with you and (if applicable) charge you correctly.
- We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services. It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers and diagnostic centers chose by you for the purpose of imaging request forms.
2.2.2 Making healthcare accessible
- Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, and our symptom checker, so that we can deliver better healthcare to our users. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making any decisions which would have a significant effect on you – it is only about improving our products, services and software so that we can deliver a better experience to our users and help achieving our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times. This consent relates to information that cannot identify you.
- We may obtain and use the data about your precise location where you give your consent (through providing us access to your location through your app or browser settings or your address), for example, to help direct you to the nearest hospital. We may also derive your location from your IP address.
2.2.3 Keeping you up to date
- We use your phone number, email address and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on your legitimate interest in marketing our services to you and subject to your right to opt out at any time.
- As part of providing you with high quality preventative and occupational health care services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example for free healthcare screenings.
2.2.4 Other uses
- Based on our legitimate interest in managing and planning our business, we may analyze data about your use of our products and services to troubleshoot bugs within the app or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our app or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
- Where necessary, we may need to share personal and financial details for the purpose of fraud prevention and detection.
- We also store your medical information, such as notes from consultations, recordings of consultations with you as well as your interactions with our digital services including interactions with our customer service, symptom checker, health check for safety, regulatory and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including checking your medical license.
- Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
- We may use your medical information (always having removed personal identifiers, such as your name, address and contact details) to share reports with organizations such as employers that pay for your membership on Cory.Care.
We may use non-medical data from which you cannot bet identified to improve our products and services.
2.3 Sharing your personal data with others
- We may share your personal data with members of our corporate group and our partners. This is to help us deliver our services to you.
- We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
- Where you access our services through your health insurance provider or any of our commercial partners (including your employer) we may share with such partner your name, date of birth, email address, policy number, location and the fact you have registered/ used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. We may share basic information regarding your consultation such as the date of the appointment, your diagnosis, pharmacy location, whether or not you had a referral made and other similar information.
2.3.1 Information sharing with other healthcare providers
- We will, where necessary for your treatment or care, share your information with other health care providers such as for example, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, diagnostic centers chosen by you for the purpose of imaging requests, and other health care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
2.3.1 Anonymized information
- We may display on our website or share with our commercial partners aggregated and anonymized data that does not personally identify you, but which shows general trends, for example, the number of users of our services
Except as described above, we will never share your personal information with any other party without your consent.
3. Retention periods
We retain your medical records in accordance with international best practice guidance. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation.
3.1 Medical Records
Medical records retained after 10 years after account closure or death. These include consultations with doctors, symptom checker results, and health check results.
3.2 Chat histories
Retained as the medical records above.
4. Technical data
4.1 Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data, including your primary care information, medication information and diagnostic information, on secured servers.
Where you have chosen a password that enables you to access certain parts of our app, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any payment details of you. Payments are proceeded via a third party.
Your data may be processes or stored via destinations within the European Union Area, but always in accordance with the data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards.
4.2 Technical Information and analytics
When you use our platform or visit our website, we may automatically collect the following information where this is permitted by your device or browser settings.
- Technical information, including the address used to connect your mobile phone or other device to the internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language location preferences, wireless carrier and your location (based on the IP) address; and
- Information about your visit (such as when you first used the platform or website and when you last used it, and the total number of session that you have had on the app), including products and services you viewed or used, app response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver to you on the platform otherwise).
Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
5. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting firstname.lastname@example.org.
You also have specific rights to:
- Wherever we process data based on your consent, withdraw that consent at any time. You can do this via contacting email@example.com.;
- Understand and request a copy of information we hold about you. Subject to our retention periods, recordings of your appointments with us and other medical notes can be address via the app or website. For any other information, you may make a request via email;
- As us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store medical or health records for medical diagnoses and treatment for prescribed periods of time;
- Ask us to restrict our processing of your personal data or object to our processing; and
- As for your data to be provided on a portable basis.
6. Contact us
For any questions or concerns, you can contact us by sending an email to firstname.lastname@example.org.
Get in touch to discover your health system opportunities
Cory.Care is powered by XpertHealth. A Shanghai based Medical practitioner Collective that improves the health of over 200K clients using analogue & digital measuring, focussed physical programs and mental therapy.
Jaarbeurs, Innovation Mile Utrecht, the Netherlands