Privacy Policy & Cookies
​06.07.2025
​
CCare is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable privacy laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our website and related services.
1. Data Controller
The Data Controller for your personal data is:
CCare
966152978
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
A. Health and Identifying Information (Special Category Data)
B. Technical and Usage Data (see Cookie Policy)
3. Legal Basis for Processing
We only process your personal data when we have a lawful basis to do so under Article 6 and, where applicable, Article 9 of the GDPR. This includes:
Consent (Article 6(1)(a), Article 9(2)(a)): Where you provide explicit consent for processing health data or communications.
Performance of a contract (Article 6(1)(b)): To provide health-related services at your request.
Legal obligation (Article 6(1)(c)): To comply with laws or regulations.
Vital interests (Article 6(1)(d)): In emergencies, to protect your life or health.
Public interest in health (Article 9(2)(h)): For the provision of health or social care services.
4. How We Use Your Data
We use your personal data to:
Deliver and manage health care and related services.
Communicate with you regarding your care or inquiries.
Process insurance claims and payments
Improve our website and services.
Fulfill legal obligations (e.g., medical recordkeeping).
5. Data Sharing and Transfers
We may share your personal data with:
Health care professionals involved in your treatment
Service providers (e.g., hosting, email, IT support) under strict data processing agreements
Health insurers or payment processors
Regulatory or law enforcement bodies if legally required
International Transfers: If we transfer your personal data outside the EU/EEA (e.g., to a third-party service provider), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
6. Data Retention
We retain your data only as long as necessary for the purposes outlined above and in accordance with applicable legal and professional obligations. When no longer required, your data will be securely deleted or anonymized.
7. Your Rights Under the GDPR
You have the following rights:
Right to access – Obtain a copy of your personal data.
Right to rectification – Request correction of inaccurate data.
Right to erasure – Request deletion (“right to be forgotten”) under certain conditions.
Right to restriction – Limit processing under certain circumstances.
Right to data portability – Receive your data in a structured, machine-readable format.
Right to object – Object to processing based on legitimate interests or direct marketing.
Right to withdraw consent – Where processing is based on consent, you can withdraw it at any time.
Right to lodge a complaint – With your local Data Protection Authority (DPA). To exercise your rights, contact us.
8. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Data encryption and secure storage.
Access controls and authentication procedures.
Regular data protection training for staff.
9. Cookies and Tracking Technologies
We use cookies and similar technologies for functionality, analytics, and security. For more details, see our Cookie Policy.
10. Children’s Data
We do not knowingly collect data from individuals under 16 without parental consent, where required by law.
11. Changes to This Policy
We may update this policy to reflect changes in law or our practices. The latest version will always be available on our website with the effective date clearly stated.
12. Contact Us
If you have questions about this policy or how we handle your data, please contact us.