Effective: 25 May 2018 for EU citizens & 10 June 2018 for non-EU citizens.
(view previous version)
New modifications effective 15 August 2019: References to ‘Group Edition’, ‘Community Edition’ and ‘Student Record’.
Your privacy is important, so whether you are new to CareMonkey or a long-term user, please take the time to get to know our practices – and if you have any questions contact us.
We’ve tried to keep this policy as simple as possible, but if you are not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these in our Definitions first.
In short, CareMonkey will NEVER share or rent your data to anyone without your consent.
Information we collect
Personal Information collected from Users:
Our Services may be used to collect the following information, which is added and controlled by the User:
- Health Information. Our Services may collect information for an Individual’s Care Profile, which may be shared with an Organisation as a Medical Form. This may include emergency contacts, medical conditions & disabilities, medical action plans (e.g. asthma or allergy action plan), medications, and other information about an individual defined as “health information”. CareMonkey may be used to collect “health information” on behalf of the User, or another individual that User is responsible for (e.g. their child).
- Personal Information. Our Services may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information defined as “Personal Information” that allows identification of the individual;
- Contact Information. Our Services may collect information such as an individual’s email address, telephone & fax number, usernames, address (residential, business and postal), and other information that allows us to contact the individual;
- Other Information requested by Organisations. Our Services may collect information via eForms that are designed by the Organisation (Customer).
- Other Information added by Users. Our Services may collect any additional information a User chooses to add into CareMonkey.
- User Correspondence. We may collect any personal correspondence that an individual sends us, or that is sent to us by others (e.g. Users, Customers, business partners, suppliers) about the individual’s activities.
- Financial Information. Our Services can be used to collect consent and/or payments. CareMonkey uses a Third-Party payment gateway to process payments (e.g. Stripe). If a User chooses to make a payment in CareMonkey, they can securely store their Credit Card and contact details in that Third-Party payment gateway for future transactions. CareMonkey Services do not collect or store any Credit Card information.
Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information.
Information automatically collected about Users:
- Non-Personal Information. We collect information on how you interact with our Services, such as the IP address from which you access the Services, date and time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device.
Information collected from Organisations
- CareMonkey Account Information. The Service may collect information about a Customer (“Organisation”) account including organisation name, logo, organisation contact information including address (physical and website URL), and Super-Admin contact information (including name and email address).
- Financial Information. The Service may collect financial information in order to provide a Customer our Services.
- Member Request Information. The Service requires basic information about Members (e.g. students and/or staff) in order for the Organisation to send and request information. This includes the Members name and email address(s) of the User who is responsible for that member.
- Additional Member Information. Organisations can add additional optional information about Members including secondary email address, mobile number, Profile ID (e.g. Student ID, Club Member ID, Employee ID), manual tags, notes and injury reports.
- Groups and eForms. The Service collects and stores any information and settings about Groups and eForms, including Members and communications sent (emails, SMS and push notifications).
- Authorised Supervisors. The Service logs when staff are given Authorised Supervisor access, including which groups, how long for, and if they logged in and accessed any Member records.
- Information sent to us in regards to an Organisation. We may collect any correspondence related to an Organisation from Individuals.
Information automatically collected about Organisations
- Usage Information. We collect usage information in regards to any Admin or Authorised Supervisor activity related to our Services, such as the IP address from which you access the Services, date and time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device. We also log all information about Groups and eForms, including Members, responses, changes, and communications (email, SMS & push notifications).
How we use information we collect
When personal information is used and disclosed:
One of CareMonkey’s core purposes is to help our Customers (Organisations such as schools, clubs, businesses) deliver on their duty of care obligations. Customers do this by using the Services to collect Member’s Personal Information such as emergency contacts, medical conditions, emergency action plans, and consent. The Organisation’s Admins can then make this information available to Authorised Supervisors for the purpose of ensuring they know exactly what to do, who to call, and what to tell paramedics in an emergency (including secure offline access via the Mobile App).
- We will never use Personal Information collected in our Services for any purposes other than making the information available to an authorised Organisation’s Admins and/or Authorised Supervisors, or other Individuals authorised by the User.
- We will never use the Personal Information for any marketing or commercial purposes, and we will maintain all Health Information in the strictest confidence.
- We will not disclose or sell Personal Information to unrelated third parties under any circumstances.
In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected, and with consent from the User. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Our Services will retain Personal Information until the User and/or Customer (Organisation) deems it no longer necessary to be kept. CareMonkey does not automatically delete Personal Information added to Care Profiles by Users, because CareMonkey Care Profiles are fully User controlled. In Community Edition Users can choose to share Personal Information in CareMonkey with other Users/Organisations, revoke access to live Care Profiles, and permanently delete their account at anytime. If the User shared any eForm response with an Organisation (e.g. Medical form, consent form), the shared eForm response is then controlled by the Organisation. It is the responsibility of the Organisation to delete Personal Information if it is no longer required for compliance or legal reasons.
Other ways we use personal information:
- To provide, maintain and improve our Services, which may include:
- The provision of goods and services;
- Verifying an individual’s identity;
- Communications between Users, Organisations and CareMonkey (including email, phone and Live Chat from the Website or Mobile App);
- Analysing trends, administering or optimising the Services, monitoring usage or traffic patterns (including to track users’ movements around the Services);
- Investigating complaints about or made by an individual.
- Basic account data will be visible to the CareMonkey support team in any location. This includes User/account holder name and email address.
- Circumstances which we must disclose an individual’s Personal Information.
- If we have reason to suspect that a User is in breach of any Terms of Services, or we have reason to suspect a User has been otherwise engaged in any fraudulent, deceptive or unlawful activity (in which case we may be required disclose that information to a governmental authority); and/or
- As required or permitted by any law.
- In order to sell our business (in that we may need to transfer Personal Information to a new owner). In this case, we will ensure that the new owner has privacy policies consistent with this policy.
- Our Services do not use third-party products to send profile requests and eForms requests to Users.
- The Company does use other third-party systems to run our business and communicate with Users, Customers and Prospects. We ensure any third-party products do not store any private medical information in any system outside CareMonkey. These service providers may be located in the United States of America, and include:
- Zoho – CareMonkey integrates with Zoho to support Users with Live Chat.
- Customer Relationship Management (CRM) – To manage our leads and customer database (separate to User data).
- Marketing Automation Platform – To send marketing promotions.
- Accounting Software – To process account payments.
- Google Analytics – To analyse web traffic.
- Google Cloud Translation – To perform language translations.
- Email – To send or reply to emails from a User, Customer or Prospect.
- The Emails we send (like most emails) are sent encrypted, however they are stored on third party systems (e.g. email clients such as gmail/outlook) as clear text. For this reason, emails we send never contain any confidential information such as medical information or contact details.
User must be a legal adult
As part of our Terms of Service, children under legal age are not allowed to be Users of CareMonkey. CareMonkey is designed for Adult Users to share electronic medical and consent forms with other Organisations on behalf of themselves, or for Individuals they are responsible for (e.g. their child).
A User can only input information on behalf of other adults if they have that Individual’s recorded consent.
Privacy by Default
CareMonkey sets default privacy settings to the highest level. This means that no other User or Organisation can see any information the Users add into CareMonkey until the User chooses to share it.
Transparency and Choice
People have different privacy concerns. Our goal is to be clear about what information the Service collects, so that you can make meaningful choices about how that it is used. For example, Users can control:
- Sharing of Personal Information. Community Edition Users must deliberately Share a Care Profile, or submit an eForm response to an Organisation before that Organisation can see any information.
- View, add and edit. CareMonkey Community Edition is designed to make Users responsible for adding, sharing and updating personal information and active eForm responses. Users may see and edit what current User information is stored in the Care Profile, and see which organisations have access to their CareMonkey Care Profile. CareMonkey Group Editon is designed to make Organisation and/or Parent/Guardian Users responsible for adding, sharing and updating personal information and active eForm responses. The Organisation controls access to the Student Record.
- Revoke access. At anytime, Community Edition Users can revoke Organisation (or another User) access to a current Care Profile.
- Data portability. Users can export personal data stored in CareMonkey in an open standard electronic format (JSON). This includes ‘observed’ data such as Recent Logins, and Registered Devices. Users can also transfer control of Care Profile information to other CareMonkey Users (e.g. transfer control of their child’s Care Profile to another parent/guardian, or to the child once they become a legal adult).
- Permanently delete account. Users can permanently delete their CareMonkey Account (including all Care Profile information) at anytime.
- If a User has completed an eForm response for an Organisation, that eForm response is controlled by the Organisation (for example, if a parent completes a consent form for their child t