Version 1.0. Effective by 1st of January 2020.
We/us/Hi Rasmus: Hi Rasmus Aps, Dampfaergevej 28, 2100 Copenhagen, Denmark, Company Registration number DK-40730796
Customer: The organisation using the Hi Rasmus platform
User: A registered user with personal access to the Hi Rasmus platform
Client: the person under treatment by the Customer
1. What personal data we collect
We value your privacy and only collect, process and store data that is necessary for our core service. We consider all collected data to be private.
As part of our service we store information such as: user profile data such as e-mail, name, role, profile photos and utilization data. We also store customer information in our CRM system, HubSpot. We collect data about website visits and navigation behaviour through the use of Google Analytics.
On behalf of our customers we store information about clients undergoing behavioural treatment directly or indirectly through the Hi Rasmus platform. We only collect this information under the direction of our customers.
For statistical purposes, Hi Rasmus will gather certain information automatically and store it in log files. These log files contain standard information collected by web servers, such as client IP addresses, browser type, internet service provider (ISP), operating system, etc. This information is only used internally, and is not distributed or sold to a 3rd party. Hi Rasmus uses this information, which does not identify individual users, to analyze trends, to administer the Hi Rasmus website and platform and to gather demographic information about its user base as a whole. Hi Rasmus does not link this automatically collected data to personal information.
2. What we do with your personal data
Usage behaviour data is processed for optimization of our services, like easier navigation, product development, etc.
All personal health related data collected is used for delivering our core services to our customers. We only act as Data Processors of all data related to clients.
We may use aggregated anonymized data for evidence studies of remote treatment and other aspects of behavioural interventions.
Hi Rasmus will not distribute or sell your information to a 3rd party, except as disclosed in this policy. All Client data is stored inside the European Union and is not transmitted outside the EU unless you utilize the service from outside the EU. When you utilize the service outside of the EU, data may be submitted and transferred into the United States and you hereby consent to such transfer.
We may transfer personal information that helps us provide our service. Transfers to subsequent third parties are covered by the provisions in this policy regarding notice and choice and the service agreements with our clients.
4. How we protect your personal data
Please refer to our Security page for an updated overview of our security precautions and practices.
5. Your rights and obligations
If you are accessing the website or services while in the European Economic Area, please review our GDPR privacy notice.
An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to Hi Rasmus’ customer, the data controller. If the client requests Hi Rasmus to remove the data, we will respond to their request within 30 business days.
If you are a client or legal guardian to a client, please contact the Customer for all enquiries and they will forward any requests to us.
It is the Customer’s and User’s obligation to act responsibly and keep your personal information safe. Each User must keep his/her password safe and very difficult to guess. You may never share your password or other information that will allow other people to access your Hi Rasmus account. We recommend changing password on a regular basis.
If you suspect that your authentication information has been compromised, please change your password immediately on the Settings page and notify us of the breach.
The Customer must ensure that User information and access privileges are always up-to-date. This includes revoking access when an employee or other User with access to the Hi Rasmus platform is no longer employed or does not work with a specific Client anymore.
6. Data breaches
We have procedures in place for handling data breaches. Data breaches that do not directly or indirectly include personal data will be handled internally. In case we have a data breach that we suspect may expose personal data all affected Customers and Users will be contacted directly. In case Personal Health Information is exposed we will also contact relevant authorities in accordance with HIPAA, GDPR and local Danish law. Please contact us for more detailed information on this subject.
7. Contacting us
You are always welcome to contact us via e-mail or phone. Please refer to the Contact page for updated contact information.
9. Updates to this policy