Halaxy is committed to improving health outcomes for all. Placing your privacy at the forefront of what we do is central to realising this goal.
When you use your Halaxy, you provide data to us so that we can provide you with our services to run your practice or manage your Patient Portal.
This information can include:
- your name, address, telephone and email contact details;
- your gender, date of birth or age and marital status;
- sensitive information (for some of our products and services);
- your bank account or credit card information;
- if you register for a premium service (as defined by Halaxy, such as paid services), you may be required to enter in personal payment and billing information;
- health information recorded in our system either by you or your healthcare provider including the treatment you have received, including date, service type, description of the service, which healthcare provider treated you, test results, current and past medical history, data uploaded by any of your connected health devices; government related identifiers;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or app or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through customer surveys; or
- any other personal information that may be required to facilitate your dealings with us.
We may collect these types of personal information either directly from you, or from third parties.
We may collect this information when you:
- register on our website;
- communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
- interact with our sites, services, content, and advertising.
If you handle data for the purposes of managing a Patient, this data may be considered Sensitive Information (such as health information).
If you are handling Sensitive Information, you must ensure that you are subject to the obligation of professional secrecy under a European Union or European Union Member state law or rules established by competent national bodies.
We log your use of Halaxy, such as log-ins, and when particular features are used, to provide you with a better experience,
Halaxy stores feedback that you send to us.
Halaxy welcomes ideas and feedback. This feedback will be used to administer and refine the service and may be shared with Halaxy partners either in anonymised form or with specific identifying characteristics removed
We may receive data about you when you use our integrated services and when other users add your details to their Halaxy.
For example, we may collect your personal information when your healthcare practitioner provides you with services and records personal information about you in systems we administer.
Where requested to do so by us, you must also assist us with any requests by the individual to access or update the personal information you have collected from them and entered into our website.
A cookie is a small text file that many web sites write through your browser when you visit them. A cookie can only be read by the site that places it, so Halaxy cannot "see where you've been" based on any other cookies in your browser. These cookies and applets allow you to use specific services or to remember who you are for Auto Login if you choose this option.
Users who do not wish to receive cookies can instruct their web browsers to refuse them. However, doing so will prevent access to some areas of the site and limit your use of some of the Halaxy services. You may choose to disable cookies in your browser or use security software to prevent the storage of cookies. However, if you disable cookies, we may not be able to fulfil your request or provide you with an appropriate level of service in some areas of Halaxy.
We use your personal data to provide you with our service.
Ways we use your data:
- to enable you to access and use our website and our services;
- build the Halaxy practitioner directory so that health information can be more readily shared with you and your colleagues in a secure environment.
- to operate, protect, improve and optimise our website and our services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- for medical research purposes, including providing this information to third parties for this purpose;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and to consider your employment application.
We aggregate your non-personally identifiable data.
By using our services, you agree that we can access, aggregate, and use non-personally identifiable data we have collected from you.
This data is anonymised and will in no way identify you or any other individual. We may also use your personal information in such a way that it does not personally identify you, whether for our own use or for the use by third parties:
to audit, research, measure and analyse the information in order to maintain, administer, enhance and protect our products and services, including analysing usage trends and patterns and measuring the effectiveness of content, advertising, features or services; for contextual and cookie-based automated content delivery, such as tailored ads or search results; for health and medical research, public health and service activities, healthcare and medical related services; and to prepare aggregate reports for current or future advertisers, sponsors or other partners to show trends about the general use of our services. Such reports may include age, gender, geographic, demographic or other general user information, but do not include personal information that personally identifies you.
We collect and anonymise patient data you provide to improve and develop features, and utilise for general research.
I.P. information is gathered in aggregate only and cannot be traced to an individual user.
Halaxy's web servers gather your IP address to ensure you’re accessing and storing data within our EU server, and to assist with the diagnosis of problems or support issues with our services.
Visitor data is always used as aggregated, non-personal information.
Halaxy collects information on our site visitors collectively, including which sections of the site are most frequently visited, how often and for how long.
Halaxy utilises this information to improve and enhance our services by monitoring the areas on the site which are most popular. This aggregated information may be shared with Halaxy partners to provide them with an overview of how Halaxy visitors use the site. This is done for the purposes of providing you with the best online services.
We will communicate with you through notifications within Halaxy itself, by email, mobile phone, text messages, and other appropriate methods required by our Service.
We will send you updates about our security, features, and other-Service related issues.
You can change your communication preferences at any time by email us as the address located under Contact Us below.
We take pride in the support that we offer.
To provide you with services or information you request from Halaxy, Halaxy may need to disclose your information to practitioners or other related health bodies.
To provide, manage, and administer our products and services to you, we may be required to disclose your information to third parties.
This may include disclosure in the following circumstances:
- our employees and related bodies corporate;
- hospitals, medical and ancillary service providers (for example, healthcare providers); any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives; lawyers, auditors and other advisors appointed by us or acting on our behalf;where disclosure is required by law, including compulsory notices from courts of law, tribunals or government agencies;
- third party suppliers and service providers (including data processors or providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- government and regulatory bodies;
- professional advisers, dealers and agents;
- payment systems operators (eg merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
You can decide how your data is collected, used, and shared.
For personal data we have about you:
- Right to access and take your data: You can ask us for a copy of your personal data, which we can provide in machine readable form.
- Data deletion: You can ask us to erase or delete some or all of your personal data (i.e. if you no longer want our services provided to you).
- Object to, or limit the use of data: You can ask us to stop using some, or all, of your personal data if your personal data is inaccurate or we have no legal right to do so.
You as the Data Controller
If you sign up to Halaxy, you are classified as a Data Controller.
As a Data Controller, the General Data Privacy Regulations (GDPR) places obligations upon you to act in the interests of those you maintain data for. We provide tools that allow you to meet these obligations.
Halaxy as the Data Controller and/or Data Processor
Depending on the situation, Halaxy can act as either a data controller or a data processor.
With respect to your personal information, we act as a Data Controller, when handling your practice’s Patient Data, or your Patient Portal Data, we act as a Data Processor.
Halaxy takes all reasonable steps to ensure the security of our system.
Halaxy allows you to access your information at any time to keep it accurate and up to date. Any information which we hold for you is stored on secure servers that are protected in controlled facilities. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by Halaxy. However, Halaxy will not be held responsible for events arising from unauthorised access of your personal information. You can also play an important role in keeping your personal information secure, by maintaining the confidentiality of any password and accounts used on the Halaxy site. Please notify us immediately if there is any unauthorised use of your account by any other Internet user or any other breach of security.
EEA practice data is stored within the European Union (EU) on GDPR compliant cloud servers.
Information provided by you will be treated as confidential, whether through email, the website, telephone, or by letter.
However, there are instances where confidentiality could be breached: However, the following exclusions to this confidentiality will apply. If it is deemed that you or an associate of you may be at risk of self-harm or harm to others, confidentiality may be breached.
Confidentiality may also be breached if required by law and records can be subpoenaed. During this time cases are discussed; however names and personal details are not disclosed. Confidentiality can also be excluded if expressed by the user, for example, when a referral is requested.
Contact our Data Protection Officer with any privacy related questions you may have.
If you have queries, concerns or would like to revise your personal records maintained by Halaxy, please email our Data Protection Officer, by addressing your email “Attention: Halaxy Data Protection Officer” and sending this to firstname.lastname@example.org.
Effective: 22 January 2019