SmartCare Privacy Notice
Last updated: 24 July, 2024
In this Privacy Notice, we refer to the controller of your data explained in this Privacy Notice, and its subsidiaries and associated companies, as “we” or “us” or “our”. We refer to you as “you” or “your”. The controller is the company with whom you have a services agreement and which provides the service to you. Essence is the processor handling the personal data on behalf of that controller.
We comply with applicable data privacy and protection law. This means that when processing personal information for any purpose we must ensure it is:
• Used lawfully, fairly and in a transparent manner
• Collected only for valid purposes that have been clearly explained and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up-to-date.
• Kept only as long as necessary for the purposes we have informed you about.
• Kept securely
1. How We Collect Information, for What Purposes and Our Legal Basis for It
This Privacy Notice is to inform you of our policies and procedures regarding the collection, use and disclosure of information we receive when you do any of the following (“Relevant Services”):
• You download, install or use a mobile application that the controller makes available to you.
• You use a web application that the controller makes available to you for the purpose of allowing users to monitor residents and other automated functions locally or remotely.
The legal basis for processing your data (other than health and medical data) is providing you the Relevant Services under the contract you entered into or at your request prior to entering into the contract.
The legal basis for processing your health and medical data is your explicit consent, which you provide if and when you affirmatively choose to use our optional, added value service that involves processing health and medical data.
The legal basis for processing analytics data is our legitimate interests in managing and developing the Relevant Services.
We need the information that we collect from you to provide you with the Relevant Services. Our services cannot be provided properly without this data
1.1 The Personal Information we collect
In the course of using the Relevant Services, we ask you to provide us with certain personal information (“Personal Information”).
Personal Information includes, your name, contact details, professional details, login credentials to our services, and your resident domestic behavior.
Some of our services requires other personal data such as age, gender and national ID number.
Our value added service, which you can optionally choose, involves processing your health and medical information.
We also process statistical analytics information about your use of the Relevant Services, such as general behavior patterns, IP address (and the general location corresponding to the address), time and date of access, type of browser used, language use, links clicked and the web pages you accessed.
We do not knowingly collect personal information from children under the age of 18.
1.2 Third Parties Receiving Information and International Data Flows
Some of our services rely on third parties with whom we share some user information for the purpose of providing and maintaining these services to our users.
These third parties include service providers that are authorized to use your personal information only as necessary to provide these services to us and our users, and not for their own promotional purposes. A list of service providers for Care@Home is available at this link. List of service providers for PER solution is available at this link. List of service providers for Umbrella solution is available at this link.
In addition, medical staff on our behalf login to view your health and medical statistics for medical or administrative purposes.
We do not rent or sell your information to any third party.
Any transfer of data outside your region to any third party service provider is done only to countries with adequate data protection, as defined by relevant regulations.
Our services may be accessed internationally by us for the purpose of day to day use or service maintenance.
We will disclose any information obtained by us if required by law or by any governmental authority; in case of emergency; or to a successor entity in connection with a merger, acquisition, bankruptcy or sale of all or substantially all of our assets.
1.3 Retention Period
We will retain your personal information for as long as you use the Relevant Service, and for a period afterward, as dictated by a reasonable backup policy and any relevant regulations.
1.4 Rights (EU, UK and EEA)
If you are in the EU, the UK or the EEA, you have the right to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to object to processing of your personal data. You can also withdraw your consent to processing your health information.
If you are in the EU, the UK or the EEA then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the member state of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here. A link to the UK ICO is available here.
To exercise any of these rights, contact the controller. In some cases, you may be able to perform some of these functions yourself using the software provided. Refer to the relevant user documentation.
Our service does not entail any automated decision making. We provide information and notifications only
1.5 Security
Safeguarding your information is a key priority for us. We employ a variety of organizational and technical security measures designed to protect your information from unauthorized access and disclosure.
Your information is protected, in compliance with ISO 27001 standards, using state of the art technical security measures, such as:
• Encryption and authentication mechanisms
• Regular threat and vulnerability assessment
• Physical site security
We also take various organizational measures to ensure data security, such as:
• Lawful data processing reviews
• Privacy impact assessments
We cannot guarantee that your personal information or private communications will always remain private and secure. We are obliged to notify you of any security breach resulting in high risk of private data exposure.
1.6 Cookie Policy
Like many websites and applications, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer or mobile device for record-keeping purposes. You can configure your device to stop accepting cookies or to prompt you before accepting a cookie through the application. If you do not accept cookies, however, you may not be able to use all portions of the app or all functionality of the Relevant Services.
The information that the cookies maintain is read by the app, during the session of your use of the app (these are called ‘session’ cookies), and when you return to use the app again (these are called ‘persistent’ cookies).
We only use cookies that are strictly necessary (essential) for the functioning of the app and features in the app that you expressly requested:
• A cookie that remembers your username, if you choose the “remember me” option in the app
• A test cookie that checks if cookies are enabled
• A cookie for logging out of the user session
The app and the “remember me” feature cannot operate properly without these cookies.
The legal basis for processing cookie-related is our legitimate interests in managing and operating the functionality of the app.
1.7 Additional information under state privacy laws in the United States
In accordance with state privacy laws in the U.S. , below is a detailed description of the information we collect from users to our commercial purposes for which we use each category of personal information. This is also the information we have collected in the past 12 months.
Categories of personal information and source from which the information is collected | Specific Types of Personal Information Collected | Business or commercial purposes | Specific purposes |
Identifiers such as a real name, contact details, gender, login credentials – collected directly from you. | As described above in the “Personal Information We Collect” section. | Undertaking activities to verify or maintain the quality of the Service and to improve, upgrade or enhance the Service. Undertaking internal research for technological development and demonstration. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. Debugging to identify and repair errors. | As specified above in the “How We Collect Information, for What Purposes and Our Legal Basis for It” section. |
Audio, electronic, visual, thermal, olfactory, or similar information -collected about you by the Relevant Services | |||
Internet or other electronic network activity information – collected about you by the Relevant Services. | |||
personal information described in subdivision (e) of Section 1798.80, namely age, health information and national ID number – collected about you by the Relevant Services. | |||
Professional information – collected directly from you. |
We do not sell your personal information and have not done so in the past 12 months.
We do no share your personal information for the purpose of online targeted ads, and have not done so in the past 12 months.
We do not use or disclose your sensitive personal information for purposes other than those specified in privacy regulations.
The chart below explains the personal information we disclosed for a business purpose to third parties in
the preceding 12 months.
Categories of personal information | Categories of third parties to whom we disclose your information and the specific business or commercial purpose for the disclosure |
Identifiers such as a real name, contact details, gender, login credentials | With third parties to which a law or binding order requires us to disclose your information to. Our purpose in doing so is complying with our obligations under the law or the binding order. With the target entity of our merger, acquisition or reorganization, and legal counsels, and advisors, for the purpose of facilitating the structural change in the operation of our business within a different framework, or through another legal structure or entity (such as due to a merger or acquisition). |
Audio, electronic, visual, thermal, olfactory, or similar information | |
Internet or other electronic network activity information | |
personal information described in subdivision (e) of Section 1798.80, namely age, health information and national ID number | |
Professional information |
Your rights under the state privacy laws in the United States.
Disclosure of personal information we collect about you.
You have the right to know
• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting personal information;
• The categories of third parties with whom we share personal information, if any; and
• The specific pieces of personal information we have collected about you.
Right to deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records; and
• Direct any service providers to delete your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information; or ;
• Comply with an existing legal obligation
We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception to state privacy law. We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to delete your information.
Right to correct inaccurate information
If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you.
In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information.
We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate.
We may deny your request to correct in the following cases:
- We have a good-faith, reasonable, and documented belief that your request to correct is fraudulent or abusive.
- We determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.
- Conflict with federal or state law.
- Other exception to state privacy laws.
- Inadequacy in the required documentation
- Compliance proves impossible or involves disproportionate effort.
We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to correct your information.
Protection against discrimination
You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of goods and/or services to you, if that difference is reasonably related to the value provided to our business by your personal information.
Exercising your rights.
If you would like to exercise any of your CCPA rights as described in this Policy, please email us at: DPO@essence-grp.com or call +972 (0)73 2447777.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data requested to you, by using a two or three points of data verification process, depending on the type of information you require.
1.8 Changes to this Privacy Notice
From time to time, we may change this Privacy Notice. If we do so, we will proactively notify you of such changes.
2. Contacting Us
If you have any concerns or questions about this Privacy Notice or would like to lodge a complaint, please contact our data protection officer or our EU representative at +972 (0)73 2447777, DPO@essence-grp.com.