Chain.Care Privacy Policy

Updated: September 10, 2025

This notice describes how your information may be used and disclosed and how you can access this information. Please review it carefully.

At Chain.Care, accessible at https://www.chain.care, your privacy and the security of healthcare compliance data are our top priorities. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. It applies to all visitors and users of our website, platform, and services worldwide, with particular alignment to the EU GDPR, HIPAA, and Cyprus-specific healthcare regulations.

Your Information. Your Rights. Our Responsibilities

Chain.Care is designed to handle sensitive hospital compliance and clinical data securely. We are committed to safeguarding patient and professional data while giving healthcare providers control over their information.

Data Controller Information

Chain.Care Limited is the data controller for all personal data processed through our platform.

Contact:
Email: [email protected]
Attention: Data Protection Officer

Legal Basis for Processing

We process data on these legal grounds:

Contract: To deliver services as part of agreements with hospitals or providers.
Consent: Based on explicit, informed consent where required (e.g., for sensitive health data).
Legitimate Interests: To enhance platform functionality, security, and compliance.
Legal Obligation: Where laws or regulations require us to retain or process certain information.

Access Levels and Data Collection

Chain.Care offers access tailored to different healthcare organization needs:

Basic Access: Secure informational access to compliance summaries and platform demos.
Professional Access: Compliance officers and healthcare professionals can manage alerts, audits, and insights.
Enterprise Access: Hospital or multi-facility integrations with full system interoperability, reporting, and analytics.

Regardless of tier, data protection and encryption standards remain the same.

Consent

By using Chain.Care services, you consent to this Privacy Policy. Explicit consent is required for processing special categories of data, such as health or compliance data linked to patient records.

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access: View or request copies of your personal data at any time.
Right of Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your data, where legally permissible.
Right to Restrict Processing: Limit how your data is used.
Right to Data Portability: Request structured data exports for transfer to another controller.
Right to Object: Refuse processing based on legitimate interests or marketing.
Rights Regarding Automated Decision-Making: Our AI provides recommendations, but final decisions rest with human professionals.

Confidential Communications

Chain.Care uses end-to-end encryption for all sensitive data.
No sensitive data is sent over unsecured channels.
Access is limited to authorized professionals bound by confidentiality agreements.

Your Choices

You control:

The level of integration (standalone or enterprise-level).
Which EHR and device integrations are enabled.
Whether to receive product updates and compliance alerts.

We never sell your data or share it with third parties for marketing purposes.

Information We Collect

Basic Account Data

Name, email, professional details, and role.

Usage Data

Compliance and Clinical Context Data

Device logs, audit data, anonymized patient record identifiers (for audit readiness only).

Technical Data

Device/browser metadata, IP address, and session data.

How We Use and Disclose Information

Service Delivery: Operate dashboards, alerts, and audit trails.
Compliance Intelligence: Train AI models on anonymized, aggregated data.
Security Monitoring: Detect unauthorized access and ensure reliability.
Hospital Integration: Enable secure, role-based access for multi-team use.
Research & Development: Use anonymized data to enhance AI compliance insights.

We do not share data with advertisers or unrelated third parties.

International Transfers

As a global platform, data may be processed outside your country. All transfers comply with GDPR adequacy decisions, EU Standard Contractual Clauses, and HIPAA safeguards for US-based services.

Data Retention

We retain your information only as long as needed to deliver contracted services, meet legal obligations, and support security audits or regulatory compliance. Once no longer needed, data is securely deleted or anonymized.

Other Uses and Legal Obligations

We may disclose data if required by law or regulatory order, to address imminent risks to safety, or to respond to legal proceedings (court orders, subpoenas).

Cookies and Technical Data

Chain.Care uses cookies to maintain session integrity, store preferences, and collect anonymous usage statistics. You can disable cookies, though it may affect functionality.

Data Security

Encryption at rest and in transit
Role-based access controls
Regular vulnerability testing
Compliance with SOC 2 Type II, GDPR, HIPAA, and CyCert (Cyprus certification body) standards

Data Breach Protocol

In the event of a breach, we will notify affected users and regulators within 72 hours. Notifications will detail the nature, scope, and mitigation steps.

Professional Use Only

Chain.Care is built exclusively for hospitals, healthcare providers, and compliance professionals. We do not knowingly collect information from patients or the general public.

Changes to This Policy

We may update this policy periodically. Any changes will be posted with a revised date, and major changes will be communicated by email or within the platform.

Contact Us

If you have questions, wish to exercise your rights, or file a complaint, contact:
Email: [email protected]
Attention: Data Protection Officer

You also have the right to lodge a complaint with your local data protection authority.