...
| Note |
|---|
This Privacy Policy is under development. |
Privacy Policy of openIMIS
Last modified on : May April 24, 2020
PLEASE READ THIS PRIVACY STATEMENT CAREFULLY BEFORE USE OF
...
OPENIMIS SERVICES.
The protection of your privacy and your personal data (as defined in Article 4(1) of the Data Protection Basic Regulation (EU) 2016/679 ("DSGVO") is very important to openIMIS ("us", "our" or "we"). It is extremely important for us that openIMIS users ("users") feel secure when using our services.
This Privacy Policy forms the basis on which personal data are collected from you. Please read this Privacy Policy carefully to understand the categories of personal information we collect from you, the circumstances in which we may disclose it to third parties and your rights regarding the personal information you provide to us.
When you use our apps mobile applications "openIMIS PolicyPolicies" or "openIMIS ClaimClaims" (the "App") or openIMIS web-based application ("Web-embed") ; (together with the App and Web-embed referred to as the "Services"), you might be asked to confirm that you have read and understood the information described in this Privacy Policy.
...
1. Who we are
This Privacy Policy applies to the processing of personal data by openIMIS servicesServices, openIMIS is an initiative managed by Gesellschaft für Internationale Zusammenarbeit (GIZ).
Questions, comments and enquiries regarding this data protection declaration are welcome and should be directed to openIMIS service desk Service Desk (https://openimis.atlassian.net/servicedesk).
...
2. General overview of our data processing activities in connection with the Services
openimis openIMIS collect and process the following data from you:
...
Create an account on the "Web-embed";
Create or update a family on the "Web-embed" or on the "app"
Create or update a family member on the "Web-embed" or on the "app"
Create or update a policy on the "Web-embed" or on the "app"
Create or update a contribution/payment on the "Web-embed" or on the "app"
Create or update a claim on the "Web-embed" or on the "app"
...
3. Specific processing activities and the nature and purpose of data use
3.1 If you
...
create an account on the "Web-embed"
...
-categories of data: Language, names, E-mail address and password, user ID, main health facility (optional), location of works, phone (optional), Permanent Address Details(optional), date of birth (optional) and time and date of registration.
-Purposes of processing: grant access to the "app" and "Web-embed", generate report for the enrollment officer and the claim administrator and perform audits
-Legal basis: legitimate interest (Article 6 (1) (f) GDPR): processing is necessary for the purposes of the legitimate interests.
-Storage period: as long as the user is registered in the "Web-embed"
3.2
...
If you create or update a family or a family member on the "Web-embed" or on the "app"
-categories of data for a family: id, head of the family, Region, District, Municipality, Village, poverty status(optional), confirmation type (optional), family group type (optional)and time and date of registration.
-categories of data for family members :photos, id, insurance number, Names, date of birth, gender, Marital status (optional), Beneficiary card (optional), Region(optional), District(optional), Municipality(optional), Village(optional), Current Address(optional), Profession(optional), Education(optional), Phone(optional), Email(optional), Identification Type(optional), Identification Number(optional), first point of care(optional) and time and date of registration.
-Purposes of processing: allow validation of the claim to be generated by the health facilities on beheaf behalf of the family and its members
-Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
-Storage period: as long as the user is registered in the "Web-embed"
3.3
...
If you create or update a policy, contribution/payment on the "Web-embed" or on the "app"
-categories of data for policy: id, enrollment date, product, start date, expiry date, enrollment officer, policy value and time and date of registration.
-categories of data for contributions/payment: id, payer (optional), contribution category (optional), amount, Receipt No., Payment Date, Payment Type and time and date of registration.
-Purposes of processing: activate a contract with the famillyfamily
-Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
-Storage period: as long as the user is registered in the "Web-embed"
3.4
...
If you
...
create or update claim on the "Web-embed" or on the "app"
-categories of data: health facility, claim administrator, diagnoses, insuree number, claims claim date, care dates, visit type, Claim ID, claim number, services and items claimed, guarantee number(optional).
-Purposes of processing: enabling the calculation of the amount to be reimbursed to the health facility base based on the service provided (claim valuation and capitation on claim number/amounts). also for auditing
-Legal basis: legitimate interest (Article 6 (1) (b) GDPR): processing is necessary for the performance of a contract.
-Storage period: as long as the "Web-embed" is active
4. Where are stored your personal information
The personal data collected from you will be stored the "Web-embed" server.
...
stored on the IMIS folder for the photos and connection tokens
in the application database located in the application folder for the other information (not accessible for non-root user)those
Those data are
...
erased after synchronization with the service of generation of an export archive (encrypted via password, stored in the IMIS folder).
Sensitive information exchanged between your browser and our website is transmitted in encrypted form using Transport Layer Security ("TLS"). When transmitting sensitive information.
...
5. Recipient of your personal data
6.1 In order to provide and maintain the services, the data reciepent recipient are the insurance scheme owner, please . Please check their privacy statement to know if your information are is shared with third parties, the . The demo data of https://demo.openimis.org are not shared and are erased every week.
...
6. How long we store your personal data
openIMSI will retain the above information for as long as is necessary to provide the Services to you or to resolve specific problems that may arise or as otherwise required by law or regulatory authorities. Certain retention periods for the processing activities concerned are set out above under 3.
If your personal information is used for two different purposes, openIMIS will retain this information until the purpose with the longer retention period no longer exists, but will not use it for the purpose with the shorter retention period once that period has expired.
openIMIS limits the access to your personal information to those persons who need it for the relevant purpose(s).
...
7. Your rights
According to the basic data protection regulation (EU) 2016/679, you have various rights with regard to your personal data.
...
If you request us to stop processing your personal data or to delete them, this will mean that you will no longer be able to use our services or at least those parts of the services which require the processing of the types of personal data you have asked us to delete, which may mean that you will no longer be able to use the services as a whole.
...
8. Changes to this privacy policy
Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or by notification via the App. Therefore, we encourage you to check the App from time to time so that you are kept informed of how we are processing your information.
...