Privacy and security
Open and honest about the use of personal data
Having a video consultation with your family doctor, using your tablet to talk to the public health nurse about your medication, or sharing your blood pressure reading with the cardiac specialist over the internet - FocusCura products are used every day to provide real health care. For this reason, we place great importance on making sure that personal information is protected.
You Always Own Your Personal Information
You are the owner of your personal information. This means that you can ask to see or remove your personal information at any time. This applies to everyone - health care professionals, patients, clients, and caregivers.
We never sell your personal information to third parties.
We only use your information to keep our apps and website running smoothly and to make improvements to them. This means, for instance, that we can send measurement data taken with cVitals to a doctor, send a video consultation to a nurse, or discover and immediately resolve a malfunction.
Storage and Access
Storage in the EU
The servers that FocusCura uses to store personal information are located in EU data centers. The servers have ISO 27001 certification, which means that they meet extremely strict security standards.
Once personal information is no longer needed, we never save it longer than seven years. We always delete personal information upon request.
As part of standard procedure, FocusCura employees cannot access the database where personal information is stored. A few developers and the Data Protection Officer can access this database. This is necessary in order to ensure the continued development and improvement of the products and systems. These developers and the Data Protection Officer are obliged to observe confidentiality.
Partners and Privacy
In addition to our proprietary applications, we use software from third parties in order to provide the best service, known as SaaS (Software as a Service) solutions. We have entered into agreements with these companies that fulfill the strict requirements of the European Union in regards to data. We also make sure that these companies handle personal information in accordance with Dutch law.
We do not send any personal information to other applications, only completely anonymized information..
We use the following services:
Mandrill for sending e-mails
Mailchimp for managing e-mail lists
VSee for video chats
Cisco Spark for video chats
Amazon Web Services for general cloud services
Withings and iHealth for collecting values such as heart rate, blood pressure, weight, and glucose levels (only with the user's permission)
Google Analytics for analyzing usage data
Apple HealthKit for obtaining and saving health information (only with the user's permission)
Apple Push Notification Server for sending push notifications (only with the user's permission)
Google Push Notification for sending push notifications (only with the user's permission)
Hotjar for improving usability
Salesforce for managing client and user information
Quality and Quality Marks
FocusCura is certified for information security under ISO 27001 and quality management under ISO 9001. The product cVitals has CE marking as a Medical Device Class I. The product cContact is not a medical device as it is defined by law and therefore does not require CE marking.
The infrastructure of our products and services is actively monitored and is implemented with a full backup, so that in the unlikely event that something goes wrong there is always a second system that can take over. We are unable to guarantee 100% uptime, but over the last twelve months the uptime was 99.99%.
Technological Security Measures
We have implemented various technological security measures to ensure that personal information is transmitted and stored safely. These measures include:
always transmitting data over HTTPS (SSL)
requiring the use of strong passwords
using firewall-protected servers (and backup servers)
storing FocusCura data in the EU on certified servers with ISO 27001 certification
ensuring that long-term local storage of data on telephones or tablets occurs as infrequently as possible and, when this is unavoidable, encrypting the data
logging and monitoring abnormal activities
controlling access to the Dutch data center through the use of badges and ensuring that the Dutch data center is guarded 27/7 by security personnel, closed-circuit cameras, monitoring, infrared sensors, and a central control room