Our commitment to You and the protection of Your data
As a Data Processor, CareMonkey is committed to partnering with customers and users to help them understand and comply with the EU General Data Protection Regulation (GDPR). The GDPR strengthens the rights individuals have regarding organisations holding personal data relating to them, and applies to any organisation that does business in the EU, including schools, academies and other educational establishments (and their supplying software companies such as CareMonkey).
Below are some examples of how CareMonkey is committed to GDPR.
For more information, check our Data Protection Impact Assessment (DPIA) Guide.
Data Protection Commitments
Privacy Protection Commitments
- In short, CareMonkey will NEVER share your data to anyone without your consent.
Data processing necessary for purpose
- CareMonkey only processes personal data to help data controllers fulfil a necessary purpose, and improve the ongoing experience of fulfilling that purpose.
Data Protection Officer
- CareMonkey has a Data Protection officer whose job is to ensure CareMonkey is GDPR compliant, and leads our Critical Incident Response Team.
- If you have a question, you can contact via email – email@example.com
Data Protection by Design & Default
Privacy Settings set at highest level by default
- By default, no other User or Organisation can see any information about Data Subjects added into CareMonkey by Users.
- Users must deliberately Share a Care Profile or submit an eForm to an organisation before that organisation can see any User entered information.
- At anytime, Users can revoke an organisations access to a current Care Profile.
Citizen Control of Personal Data
- CareMonkey Community Edition is designed to make Users responsible for adding, sharing and updating personal information and active eForm responses. Users may see and edit what current User information is stored in the Care Profile, and see which organisations have access to their CareMonkey Care Profile.
- CareMonkey Group Editon is designed to make Organisation and/or Parent/Guardian Users responsible for adding, sharing and updating personal information and active eForm responses. The Organisation controls access to the Student Record.
Records of processing activities
- CareMonkey logs a record of all processing activities, including the purpose of the processing and any categories involved (determined by the Controller).
- These records can be made available to a supervisory authority on request.
Account and Password Protection
- User’s accounts are always password (and/or code, fingerprint / facial ID) protected, and we utilise strong password policy and non-reversible hashing for storage of the password.
- Users have the additional security option to enable Two-Step Verification (also known as Two-Factor Authentication), which prevents anyone from accessing a User’s account without possessing their mobile device.
- CareMonkey will always notify Users by email when account is accessed from a new device or browser.
- CareMonkey uses encryption to protect data in transit and at rest. Data in transit is protected using HTTPS, which is activated by default for all users. CareMonkey encrypts data stored at rest, without any action required from users, using one or more encryption mechanisms.
Additional Mobile Data Security
- The CareMonkey App is registered on a device using your unique username and password. Second Factor code/fingerprint is then required to access data.
- Data is only accessible by authorised users with that unique username and password.
- All data transfer is handled over SSL secure connections. CareMonkey uses an “Extended Validation” SSL site certificate so that users can be sure they are talking to CareMonkey when accessing the data.
- When the CareMonkey App is accessed on a mobile device or tablet, the data is stored in an encrypted format to give authorised users access to emergency information, even when they are offline or outside mobile range.
- Data that is stored on your device automatically expires and is deleted from local storage after a set period of time, unless authorized users re-synchronise with the server.
- Data that is no longer authorised is automatically deleted from local storage.
- CareMonkey is designed with intrusion detection firewalls and actively monitors to detect intrusions into our system.
- CareMonkey continuously optimises its security infrastructure, both within the application code and across our network/platform.
- CareMonkey regularly conduct penetration and threat modelling to ensure our network is properly secure and up-to-date.
Privileged Access Controls
- For CareMonkey employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities.
- Requests for additional access follow a formal process that involves a request and an approval from a data or system owner, manager, or other executives, as dictated by CareMonkey’s security policies.
Storage, Availability and Backup
- CareMonkey’s physical infrastructure is hosted and managed within Amazon’s secure data centers, utilising Amazon Web Services (AWS) technology.
- AWS data centers are state of the art, utilising innovative architecture and engineering approaches. AWS provides a highly reliable, scalable and secure infrastructure platform that powers hundreds of thousands of businesses in 190 countries across the world.
- Data is stored on servers in that region, and will never be stored outside of that region. For citizens (data subjects) in the EU, data is stored in Ireland (Dublin).
- AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals including ISO 27001, FedRAMP, DoD CSM, and PCI DSS.
- AWS is fully compliant with applicable EU data protection laws, and the AWS Data Processing Agreement incorporates the Article 29 Working Party Model Clauses. This means that users wishing to transfer personal data from the European Economic Area (EEA) to other countries can do so knowing that their content in AWS will be given the same high level of protection it receives in the EEA.
- CareMonkey backs up your data in the same region every hour.
Protecting Rights of Data Subjects
- When Data Controllers (e.g. schools, clubs or businesses) use CareMonkey to request information, Users choose to opt-in by agreeing to Share that information with each organisation.
- CareMonkey will NEVER share your data to anyone without your consent.
- NOTE: CareMonkey is designed for adult users to share electronic medical and consent forms with other organisations. For children (data subjects) under legal adult age, valid consent is required from a parent or guardian. Therefore children under legal age have no purpose using CareMonkey.
User Rights of Access and Access to Usage Data
- CareMonkey allows Users to access all the personal data they entered on behalf of themselves, and other individuals they are responsible for (e.g their child). This includes emergency contacts, medical conditions, personalised care instructions and responses to any form requests from an Organisation.
- Users can see which Organisations they have shared information with.
- Users can view pre-built reports logging every sign-in, and every registered device.
- Data Controllers can access usage data reports including Activity, Emails Sent, Active Profiles, Missing Action Plans, Profiles Changes, Injury Reports and Medical Conditions.
- Community Edition Users can transfer Care Profile information to other Users (e.g. transfer control of their child’s Care Profile to another parent/guardian, or to their child once they become a legal adult).
- Users can export their personal data stored in CareMonkey in an open standard electronic format (JSON). This includes ‘observed’ data such as Recent Log-ins, and Registered Devices.
- Customers can export their organisation’s data in an open standard electronic format (JSON).
- CareMonkey stores data until it is no longer necessary to provide services to the Data Subject and the Data Controller.
- CareMonkey does not automatically delete Personal Information added to Care Profiles by Users, because CareMonkey Care Profiles are fully User controlled. In Community Edition Users can choose to share Personal Information in CareMonkey with other Users/Organisations.
- Users can permanently delete their account at anytime.
- If the User shared any eForm response with an organisation (e.g. medical form, consent form), the shared form becomes the property of that organisation (data controller), and the organisation will continue to have that copy after the User deletes their account.
- CareMonkey enables the Customer (Data Controller) to archive or permanently delete data when it is no longer required. It is the responsibility of the Data Controller to know how long data is required to be kept for compliance or legal reasons. How long data is required to be kept depends on local laws and regulations, which is why CareMonkey does not automatically delete any data.
Deletion of Data (right to erasure, and the right to refuse)
- Users can permanently delete their CareMonkey Account (including all Care Profile/member information) at any time.
- If a User has completed a form on behalf of the Data Controller, that eForm response becomes the property of the Data Controller. For example, if a parent completes a consent form for their child to attend an excursion, that consent form and a snapshot of the Care Profile at the time of consent is stored by CareMonkey (data processor) on behalf of the Customer (data controller).
- If a User chooses to permanently delete their account, CareMonkey will make the User aware of which Organisations have stored shared information (and the Super-Admin contact details) prior to the User confirming permanent deletion, thus ensuring the User knows where to direct requests for erasure.
- Data Subjects have a right to erasure, and can contact the organisation (data controller) to delete any personal data related to them under GDPR Article 17. CareMonkey provides the tools for the data controller to find that information, and permanently delete their record of User data.
- Under GDPR Article 17, the data controller has a right to refuse the request to erasure of personal data if that data is required to:
- To comply with legal obligations for the performance of a public interest task or exercise of official authority
- When the data is necessary for the exercise or defence of legal claims
- A key purpose of CareMonkey is to collect and store consent forms that are required for an organisation to deliver on their compliance and duty of care obligations. Data controllers (in particular schools) are bound by data retention guidelines set out by their local authorities. Therefore, it is the responsibility of the Data Controller to know their regulations and be certain data is not required for compliance or future legal cases before permanently deleting any data.
- If the Data Controller has no grounds to refuse a Data Subjects request to erasure, they must comply without undue delay or at most within a month of the request.
Protection Policies and Procedures
- CareMonkey applies stringent internal processes to keep your data safe throughout design, development, testing and day to day operations. Internal policies related to GDPR include Data Classification, Sensitive Data Handling, Information Ownership, System Access, Systems and Information Asset Management, Hardware Sanitisation, Business Continuity Plan, Disaster Recovery Test Schedules, Incident Management, Critical Incident Response Team, Breach Notification, and Privacy Impact Assessments (Risk Assessments).
Risk Assessment / Mandatory Privacy Impact Assessments (PIAs)
- CareMonkey has a risk management program to ensure appropriate measure are taken to protect personal information. This procedure applies to all systems, employees, consultants, temporaries and other workers at CareMonkey.
- CareMonkey supports Data Controllers in their mandatory requirement to conduct PIAs to ensure they are in compliance as projects progress.
Data Breach Notifications
- In the event of a suspected data breach, CareMonkey has a Critical Incident Response Team (which includes our Data Protection Officer, Developers, and Senior Management), and a Data Breach Policy and Incident Response Plan that is reviewed annually.
- In the event of a data breach, CareMonkey will notify the Data Controller without undue delay after becoming aware.
- Individual Data Subjects will be notified if adverse impact is determined.
- CareMonkey notify the appropriate EU authority within 72 hours after having become aware of the data breach.
Fulfilling our privacy and data security commitments is important to us. So we’re glad to help you prepare for the changes the GDPR brings. This page will be revised to reflect GDPR-related information as it becomes available. If you have any questions about how CareMonkey can help you with compliance, we hope you’ll reach out to us on firstname.lastname@example.org.