CHAIN.CARETM PRIVACY POLICY

Updated: April 30, 2025

This notice describes how your information may be used and disclosed and how you can get access to this information. Please Review It Carefully.

At Chain.careTM, accessible from https://www.chain.care, one of our main priorities is the privacy of oncology professionals using our platform. This Privacy Policy describes the information we collect and how we use it. This Privacy Policy applies to our online activities and is valid for users of our website, app, and services with regards to the information shared and/or collected through Chain.careTM.

Your Information. Your Rights. Our Responsibilities

We understand the importance of protecting sensitive oncology data. We are committed to maintaining the privacy and security of your information and providing you with information about your rights and our responsibilities.

Data Controller Information

Chain.careTM, Inc. acts as the data controller for the personal data processed through our platform. Our contact details are:

Legal Basis for Processing

We process your data on the following legal grounds:

  • Contract: Processing necessary for the performance of our contract with you
  • Consent: Processing based on your specific, informed consent
  • Legitimate Interests: Processing based on our legitimate interests in providing and improving our service
  • Legal Obligation: Processing to comply with our legal obligations

For special categories of data such as health data, we rely on explicit consent or, where applicable, processing necessary for healthcare purposes under the supervision of health professionals.

Access Levels and Data Collection

Chain.care offers multiple ways to use our service:

  • Free Access: Users can access basic oncology research search and limited clinical queries without providing personal information beyond what's necessary for account creation.
  • Professional Accounts: Oncologists who subscribe to our Pro or Practice plans can save clinical information, treatment comparisons, and access advanced features. The rights and policies described in this document primarily apply to users with professional accounts.
  • Practice-Level Access: For multi-provider practices, we offer organization-wide solutions with additional security and collaboration features.

When using Chain.care at any level, we implement strict security protocols to protect all clinical data processed through our platform.

Consent

By using our Website, app, and services, you hereby consent to this Privacy Policy and agree to its terms. For special categories of data, we obtain your explicit consent where required by law.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Access

  • You have the right to request copies of your personal data
  • You can access your account information directly through your secure Chain.care account at any time
  • You can request additional information about how we process your data

Right to Rectification

  • You have the right to request that we correct inaccurate information
  • You can update your account information directly through your Chain.care account
  • You are responsible for ensuring that all information you provide is accurate and complete

Right to Erasure ("Right to be Forgotten")

  • You have the right to request that we delete your personal data under certain conditions
  • You can request deletion of your account and associated data by contacting us

Right to Restrict Processing

  • You have the right to request that we restrict the processing of your personal data under certain conditions
  • You can limit what information is shared with other providers in your practice (for Practice accounts)

Right to Data Portability

  • You have the right to request that we transfer your data to another controller
  • You can request your data in a structured, commonly used, and machine-readable format

Right to Object

  • You have the right to object to our processing of your personal data under certain conditions
  • You can object to processing based on legitimate interests or for direct marketing purposes

Rights Related to Automated Decision Making

  • You have the right not to be subject to decisions based solely on automated processing if they produce legal effects
  • Our AI assistant provides recommendations based on data analysis, but decisions remain with healthcare professionals

Confidential Communications

  • All communications with Chain.care occur through our secure website and app, which are designed to protect privacy
  • We employ end-to-end encryption for sensitive clinical information
  • We do not communicate with users through non-secure channels about sensitive clinical data

Get a Copy of This Privacy Notice

  • You can download or print a copy of this notice at any time from our website

Lodge a Complaint with a Supervisory Authority

  • You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights

Your Choices

For certain information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us.

You Have Both the Right and Choice to Decide

  • What level of service you want to use (Free, Pro, or Practice)
  • What clinical information you provide to Chain.care
  • Whether to receive product updates and educational communications from us (you can opt out at any time)
  • Whether to enable EHR integration features

We Never Share Your Information Without Your Permission For

  • Sale of your information
  • Sharing your information with third parties for their marketing purposes
  • Using your clinical data for purposes beyond service provision and improvement without explicit consent

Information We Collect

Basic Account Information

  • Name, email address, and professional credentials
  • Specialty and practice information
  • User preferences and settings

Service Usage Information

  • How you use the Chain.care platform
  • Features accessed and time spent using different tools
  • Search queries and clinical topics explored

Clinical Information

  • Treatment comparisons viewed or created
  • De-identified patient scenarios entered for analysis
  • Research queries and patterns

Technical Information

  • IP address and device information
  • Browser type and settings
  • Time and duration of visits

Our Uses and Disclosures

How do we typically use or share your information? We typically use or share your information in the following ways:

Provide and Improve Our Services

  • We use your information to deliver the Chain.care platform functionality
  • We analyze usage patterns to improve our clinical assistant capabilities
  • We monitor technical performance to ensure reliability

Facilitate Oncology Practice Efficiency

  • For Practice accounts, we process information to enable team collaboration
  • We maintain secure channels for sharing clinical information between authorized users
  • We provide practice analytics to help optimize oncology workflows

Research and Development

  • We use de-identified, aggregated data to improve our oncology knowledge base
  • We analyze usage patterns to enhance clinical assistant capabilities
  • All research use is conducted under strict privacy protocols

Limited Information Sharing

We strictly limit the sharing of your information:

  • We only share information with contracted medical professionals working directly for Chain.care who help improve our AI systems and services
  • All contracted professionals are bound by strict confidentiality agreements
  • We do not share your information with third-party providers, advertisers, or other outside entities
  • We do not sell your information under any circumstances

International Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure a similar degree of protection by implementing appropriate safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules where applicable
  • Adequacy decisions by the European Commission
  • Other legally compliant transfer mechanisms

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including:

  • For the duration of your contractual relationship with us
  • As required to comply with legal, regulatory, or reporting requirements
  • For the establishment, exercise, or defense of legal claims

When your data is no longer required, we will securely delete or anonymize it.

How Else Can We Use or Share Your Information?

We are allowed or required to share your information in other ways - usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

Comply with the Law

  • We will share information if state or federal laws require it
  • We maintain compliance with healthcare privacy regulations

Address Serious Threats to Health or Safety

  • We may share information when necessary to prevent a serious and imminent threat to health or safety

Respond to Lawsuits and Legal Actions

  • We can share information in response to a court or administrative order, or in response to a subpoena

Technical Data Collection

Log Files

Chain.careTM follows a standard procedure of using log files. These files log visitors when they visit websites. The information collected includes internet protocol (IP) addresses, browser type, date and time stamp, referring/exit pages, and click patterns. These are not linked to any information that is personally identifiable. The purpose is for analyzing trends, administering the site, and gathering anonymous usage statistics.

Cookies and Web Beacons

Like any other website, Chain.careTM uses cookies to store information including visitors' preferences and visited pages. The information is used to optimize user experience by customizing our web page content based on browser type and usage patterns.

We use both session and persistent cookies for the following purposes:

  • Necessary cookies: Essential for the operation of our website
  • Preference cookies: Remember your preferences and settings
  • Statistics cookies: Collect anonymous statistics on website usage
  • Marketing cookies: Used to deliver relevant advertisements (if applicable)

You can control cookies through your browser settings and reject non-essential cookies.

Privacy Rights

GDPR Data Protection Rights

Every user within the EEA is entitled to the rights detailed in the "Your Rights Under GDPR" section.

If you make a request, we have one month to respond. For complex requests, we may extend this period by up to two additional months, but we will inform you of any such extension within the first month.

Professional Users Only

Chain.careTM's website and services are designed exclusively for healthcare professionals, particularly oncologists and related specialists. We do not knowingly collect any information from individuals who are not healthcare professionals or properly authorized staff.

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of sensitive data both in transit and at rest
  • Regular security testing and assessments
  • Access controls and authentication measures
  • Staff training on data protection and security
  • Incident response procedures

While we implement appropriate security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify both you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

The notification will include:

  • Nature of the personal data breach
  • Categories and approximate number of data subjects concerned
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Measures to mitigate possible adverse effects

Changes to the Terms of This Notice

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Significant changes will be notified to you by email or through the Service. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or file a complaint, please contact our Data Protection Officer:

Email: [email protected]

Attention: Data Protection Officer

You also have the right to lodge a complaint with your local supervisory authority.