Privacy Policy

1. Information We Collect

We collect information to provide and improve our services. The types of data we collect include:

• Personal data provided by nursing homes and their staff, such as names, email addresses, and professional roles.
• Special category data, specifically health data about residents (e.g., care plans, daily notes, medication records). This data is processed solely on behalf of the nursing home, which acts as the data controller.
• Automatically collected data when you use our website or services, such as IP address, browser type, device information, and usage data collected via essential cookies.

2. How We Use Your Information

Your information is used for the following purposes:

• To provide, operate, and maintain our software services.
• To support nursing homes in delivering safe, effective, and compliant resident care.
• To communicate with you for support, service updates, and administrative messages.
• To comply with our legal and regulatory obligations, including requirements set by HIQA.

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

• The performance of our contract with the nursing home.
• Compliance with our legal obligations.
• Our legitimate interests in improving our services and maintaining security.
• Explicit consent where it is required for processing certain special category data, which is managed by the nursing home as the data controller.

4. Data Sharing

We do not sell or rent personal data. We only share information in the following circumstances:

• With trusted sub-processors, such as our EU-based cloud hosting providers, under strict data processing agreements that ensure data protection.
• When required by law, such as in response to a court order or other legal process.
• To protect the rights, property, or safety of Hyrozen, our clients, or the public.

5. Data Security

We implement robust technical and organisational measures to protect your data:

• All data is encrypted both in transit (using TLS) and at rest.
• Strict role-based access controls ensure that only authorised personnel can access sensitive information.
• We conduct regular security audits, vulnerability scanning, and penetration testing.
• All client data is stored exclusively in secure data centres within the European Union.

6. Data Retention

We retain personal data only for as long as necessary to provide our services and to comply with our legal and regulatory requirements, such as the retention periods for health records.

7. Your Rights Under GDPR

As a data subject, you have rights regarding your personal data:

• The right to access, rectify, or erase your personal data.
• The right to restrict or object to our processing of your data.
• The right to data portability.
• The right to withdraw consent where it has been provided.

To exercise these rights, please contact us at privacy@hyrozen.com. We will respond to your request within 30 days.

8. International Data Transfers

All data processing occurs within the European Union. We do not transfer any personal data outside of the European Economic Area (EEA).

9. Cookies and Analytics

We use only strictly necessary cookies that are essential for the functionality of our website and services. We do not use marketing, advertising, or tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page. Your continued use of our services after any changes constitutes your acceptance of the new policy.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@hyrozen.com

We aim to respond to all inquiries within 30 days.