Privacy Policy

We’re committed to protecting the privacy of all individuals that provide Personal Information to us, including the data recorded by customers in Hugo Systems that relates to their clients or patients. This Privacy Policy explains how we collect, protect, use and share personal information. We may review and change this policy from time to time. When we do, we'll update this version located at https://www.hugosystems.tech/privacy_policy and notify our customers within Hugo Systems, and in other suitable places.

Let's go through a few definitions before we get started:

  • ‘Hugo Systems’, or ‘Hugo Systems Pty Ltd (Reg nr: 2013/195825/07)’, is us—the company behind Hugo Systems.
  • ‘Hugo Systems’ is the Hugo Systems software application and services related to it that don't have a separate privacy policy.
  • ‘Agreement’ refers to the Hugo Systems Terms of Service found at https://www.hugosystems.tech/terms_of_service.
  • ‘Customer’ is a user of Hugo Systems who has agreed to our Terms of Service.
  • ‘Personal Information’ means information that can identify an individual.
  • ‘Services’ means the provision of the Hugo Systems software application and related platform, and services related thereto (such as customer support).

Personal Information we collect

We collect personal data in a couple of different ways—directly and indirectly.

Personal Information we collect directly from you:

  • We directly collect Personal Information if you send an enquiry to us from our website, use Hugo Systems, or get in touch with us by chat, email, or phone. We may also collect some Personal Information if you engage with us through social media.
  • This information can include your name, gender, date of birth, country of birth, addresses, telephone numbers, email addresses, and credit and banking details.
  • We do not directly collect any special categories of personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Nor do we collect any information about criminal convictions and offences.

Personal Information we collect indirectly

  • We indirectly collect Personal Information when someone uses Hugo Systems to record data about someone other than themselves. A typical scenario would be when a healthcare professional records information about a patient.
  • This information can include names, genders, dates of birth, countries of birth, residential addresses, telephone numbers, email addresses, a person’s emergency contacts, health insurance numbers, and patient treatment notes and records. This can include sensitive information such as health records.
  • Browser and hardware data, such as IP address, type of device, operating system, browser type, screen resolution, language, device make and model, as well as the versions of the above mentioned services.
  • Cookie and tracking technology data, which would include pages visited, time spent on pages, language preferences, and other anonymous traffic data.
  • Transaction data, including details about your Hugo Systems subscription, payment dates, and renewal dates.

How this information is used

  • Generally speaking, the Personal Information we collect is used by us to operate Hugo Systems.
  • The Personal Information we collect about our own Customers is mostly used for billing, identification, authentication, and for contacting them if we need to.
  • We may, with consent, use email addresses to share news, tips, updates and special offers. People who receive these promotional emails can unsubscribe at any time.
  • Our use of data collected in Hugo Systems by a business or practitioner that is Personal Information relating to third parties is limited to providing support and technical assistance to our Customers.
  • We may use other data for a range of different purposes, provided we comply with applicable law and our contractual commitments. In some countries (for example, European Economic Area countries), local legal regimes may require us to treat some or all of other data as “personal data” under applicable data protection laws. Where this is the case, we will process other data only for the same purposes as “personal data” under this Privacy Policy.

Other ways we may use your Personal Information:

  • To deliver customer service and assist you with any inquiries you may have.
  • To analyze trends, administer or optimise Hugo Systems, monitor usage or traffic patterns (including to track users’ movements around Hugo Systems) and gather demographic information about our user base as a whole.
  • To control unauthorised use or abuse of Hugo Systems—or otherwise detect, investigate or prevent activities that may violate our policies or be illegal.

How information is disclosed

  • Except as described in this Privacy Policy, Hugo Systems will not share, sell, or rent Personal Information with anyone without your permission or unless ordered by a court of law.
  • We work with third-party services in South Africa, Europe and the USA (such as our web host, data storage, messaging service and payment provider) that we allow access to Personal Information, and may use it on our behalf strictly for the purposes for which they are engaged. We minimise the amount of personal data that is utilised by these services, and we have ensured that these services process your data in accordance with the appropriate regulations. A list of third-party services (Subprocessors) we use can be found at https://hugosystems.tech/third_party_sub_processes
  • Hugo Systems Customers have the option of providing API keys to third-party apps, allowing the app to access the data (including Personal Information) in their Hugo Systems account. We are not responsible for the privacy policies and practices of these third-party services—you are responsible for reading and understanding their privacy policies if you wish to use their services.
  • In rare circumstances, we may be obliged to disclose Personal Information if disclosure is required to comply with the law, if we believe our Terms of Service, located at https://www.hugosystems.tech/terms_of_service, have been violated, if we believe it is necessary to protect our rights, or if the ownership and assets of Hugo Systems Pty Ltd were to be transferred to another party.

The security of your Personal Information

  • We take security seriously. Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and we regularly review our technology to maintain security.
  • In the event that there is a breach and your Personal Information that we have collected directly is at risk, you will be notified within 72 hours of discovering the breach. You will be informed of what information is at risk, steps that we have taken to ensure your safety, and what action we are taking or have taken to rectify the breach. To the extent permissible at law, in the event that there is a breach and indirectly collected information is at risk, we will follow the same protocol, however the affected Customers (rather than the individuals) will be notified instead.
  • More about security can be found at https://www.hugosystems.tech/security.

Access, correct or delete Personal Information about you

  • You can request access to the Personal Information you have provided to us, via email to privacy@hugosystems.tech. This enables you to receive a copy of the data and to check that we are lawfully processing it.
  • If you think there’s a problem with the Personal Information we hold about you, you will either have the tools available to make these changes, or you can request a correction. This enables you to have any incomplete or inaccurate data we hold about you corrected (though we may need to verify the accuracy of the new data you provide to us).
  • If you want to request erasure of your Personal Information, we'll take all reasonable steps to do so unless we are required to keep it for legal reasons, which will be notified to you, if applicable, at the time of your request. As we only collect information that is required, it is likely that revoking your consent will limit the functionality of your Hugo Systems account.
  • Should you require to move your data to another service, you may request the transfer of your data (including Personal Information) to you or to a third party. We will provide to you, or a third party that you have chosen, your data in a structured, commonly used, machine-readable format. In some instances encrypted fields and sensitive information as well as images will have to be manually captured out of the system and transferred to your new provider. This service of copying data will not be provided and must be accounted for in the data transfer process.
  • You may withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. This will be notified to you at the time of your request if applicable.

Data controlled by our Customers

  • Hugo Systems’s Customers may submit information to the Services for hosting and processing purposes (“Customer Data”). Hugo Systems will not review, share, distribute, or reference any such Customer Data except as provided in Hugo Systems’s Terms of Service (https://www.hugosystems.tech/terms_of_service), or as may be required by law. In accordance with Hugo Systems’ Terms of Service, Hugo Systems may access Customer Data only for the purpose of providing the Services, or preventing or addressing service or technical problems, or as may be required by law.

Local access and privacy laws

  • We acknowledge that Personal Information about patients, and the obligations of medical practitioners relating to them, may be subject to access and privacy laws in the country of residence of those patients.
  • We'll take all reasonable steps to comply with local access and privacy laws, to the extent consistent with legal obligations we have under South African law, where we are based.

Questions or complaints

  • If you have any questions or complaints about our Privacy Policy or the way we handle your Personal Information, you can contact us at privacy@hugosystems.tech. This is our preferred method of contact.
  • We also have a dedicated Data Protection Officer to help you with any requests or questions you have about your data. They can be reached at dpo@hugosystems.tech.
  • Last updated: 19 April 2022