Skip to content

Latest commit

 

History

History
51 lines (42 loc) · 3.38 KB

privacy-policy.md

File metadata and controls

51 lines (42 loc) · 3.38 KB
Raw

Privacy Policy

  1. The Memo system is a tool that allows organizations to store and process data. This means that the organization that collects and processes this data is the data controller and is responsible for:

    • Obtaining consent from individuals whose data is stored in Memo for the storage and processing of that data.
    • Handling and fulfilling data subject requests for access, modification, and deletion of their data.
    • Ensuring a secure server (accessible only to authorized users) where the Memo system data will be stored and processed in a properly secured database.
    • Fulfilling all other obligations of a data controller under applicable law.

  2. The Memo system allows for the storage of sensitive data. The specific scope of data stored in Memo is determined by the organization using the system. Memo only stores and processes data that authorized employees of the organization enter into the system.

  3. The maximum scope of sensitive data that can be stored in Memo includes:

    • client data:
      • contact information
      • data related to the reason for the client's contact: reason for contact, links to external documentation, etc.
      • any other client data entered into Memo by organization employees
      • information about therapy sessions in which the client has participated or will participate: date, time, therapist, and any notes entered by the organization employee
    • data of organization employees, and possibly other individuals working as therapists whose appointments are recorded in Memo: first and last name, business email address
    • for employees who can log into Memo, their login password is also stored in a secure form. This security is in accordance with IT security standards for handling login data.

  4. Both the entry of data into Memo and the reading of any sensitive data from it require logging into Memo with an account with appropriate permissions. There are the following levels of permissions:

    • global administrator — a person with full access to all data collected in Memo
    • facility administrator and/or facility employee — a person with full access to the data collected in Memo and assigned to a specific facility.

  5. The Memo system does not use the collected data for any purposes other than presentation and processing by logged-in employees with appropriate permissions. The system does not transfer the data collected in it to any other entities and, using technical security measures, protects the data from access by unauthorized persons.

  6. The Memo system allows for the correction and complete deletion of data stored in it, which gives the organization the ability to fulfill its obligations regarding sensitive data, as required by law.

  7. Technical details:

    • All data stored in Memo is stored in a database created during the installation of Memo.
    • Database configuration, such as encryption configuration, is not part of the Memo system: ensuring proper security of access to the database is the responsibility of the person installing Memo.
    • When using the system, sensitive data is transmitted over the computer network between the logged-in user's browser and the server where Memo is installed. Proper installation of Memo enuses the HTTPS protocol for this communication, which provides data encryption in accordance with IT security standards.

(Automatically translated from the Polish version.)