Privacy Policy
We’re committed to protecting the privacy of all individuals that provide Personal
Information to us, including the data recorded by customers in Hugo Systems that relates to
their clients or patients. This Privacy Policy explains how we collect, protect, use and
share personal information. We may review and change this policy from time to time. When we
do, we'll update this version located at https://www.hugosystems.tech/privacy_policy and
notify our customers within Hugo Systems, and in other suitable places.
Let's go through a few definitions before we get started:
-
‘Hugo Systems’, or ‘Hugo Systems Pty Ltd (Reg nr: 2013/195825/07)’, is us—the company
behind Hugo Systems.
-
‘Hugo Systems’ is the Hugo Systems software application and services related to it that
don't have a separate privacy policy.
-
‘Agreement’ refers to the Hugo Systems Terms of Service found at
https://www.hugosystems.tech/terms_of_service.
-
‘Customer’ is a user of Hugo Systems who has agreed to our Terms of Service.
-
‘Personal Information’ means information that can identify an individual.
-
‘Services’ means the provision of the Hugo Systems software application and related
platform, and services related thereto (such as customer support).
Personal Information we collect
We collect personal data in a couple of different ways—directly and indirectly.
Personal Information we collect directly from you:
-
We directly collect Personal Information if you send an enquiry to us from our website,
use Hugo Systems, or get in touch with us by chat, email, or phone. We may also collect
some Personal Information if you engage with us through social media.
-
This information can include your name, gender, date of birth, country of birth,
addresses, telephone numbers, email addresses, and credit and banking details.
-
We do not directly collect any special categories of personal data about you. This
includes details about your race or ethnicity, religious or philosophical beliefs, sex
life, sexual orientation, political opinions, trade union membership, information about
your health, and genetic and biometric data. Nor do we collect any information about
criminal convictions and offences.
Personal Information we collect indirectly
-
We indirectly collect Personal Information when someone uses Hugo Systems to record data
about someone other than themselves. A typical scenario would be when a healthcare
professional records information about a patient.
-
This information can include names, genders, dates of birth, countries of birth,
residential addresses, telephone numbers, email addresses, a person’s emergency contacts,
health insurance numbers, and patient treatment notes and records. This can include
sensitive information such as health records.
-
Browser and hardware data, such as IP address, type of device, operating system, browser
type, screen resolution, language, device make and model, as well as the versions of the
above mentioned services.
-
Cookie and tracking technology data, which would include pages visited, time spent on
pages, language preferences, and other anonymous traffic data.
-
Transaction data, including details about your Hugo Systems subscription, payment dates,
and renewal dates.
How this information is used
-
Generally speaking, the Personal Information we collect is used by us to operate Hugo
Systems.
-
The Personal Information we collect about our own Customers is mostly used for billing,
identification, authentication, and for contacting them if we need to.
-
We may, with consent, use email addresses to share news, tips, updates and special offers.
People who receive these promotional emails can unsubscribe at any time.
-
Our use of data collected in Hugo Systems by a business or practitioner that is Personal
Information relating to third parties is limited to providing support and technical
assistance to our Customers.
-
We may use other data for a range of different purposes, provided we comply with
applicable law and our contractual commitments. In some countries (for example, European
Economic Area countries), local legal regimes may require us to treat some or all of other
data as “personal data” under applicable data protection laws. Where this is the case, we
will process other data only for the same purposes as “personal data” under this Privacy
Policy.
Other ways we may use your Personal Information:
-
To deliver customer service and assist you with any inquiries you may have.
-
To analyze trends, administer or optimise Hugo Systems, monitor usage or traffic patterns
(including to track users’ movements around Hugo Systems) and gather demographic
information about our user base as a whole.
-
To control unauthorised use or abuse of Hugo Systems—or otherwise detect, investigate or
prevent activities that may violate our policies or be illegal.
How information is disclosed
-
Except as described in this Privacy Policy, Hugo Systems will not share, sell, or rent
Personal Information with anyone without your permission or unless ordered by a court of
law.
-
We work with third-party services in South Africa, Europe and the USA (such as our web
host, data storage, messaging service and payment provider) that we allow access to
Personal Information, and may use it on our behalf strictly for the purposes for which
they are engaged. We minimise the amount of personal data that is utilised by these
services, and we have ensured that these services process your data in accordance with the
appropriate regulations. A list of third-party services (Subprocessors) we use can be
found at https://hugosystems.tech/third_party_sub_processes
-
Hugo Systems Customers have the option of providing API keys to third-party apps, allowing
the app to access the data (including Personal Information) in their Hugo Systems account.
We are not responsible for the privacy policies and practices of these third-party
services—you are responsible for reading and understanding their privacy policies if you
wish to use their services.
-
In rare circumstances, we may be obliged to disclose Personal Information if disclosure is
required to comply with the law, if we believe our Terms of Service, located at
https://www.hugosystems.tech/terms_of_service, have been violated, if we believe it is
necessary to protect our rights, or if the ownership and assets of Hugo Systems Pty Ltd
were to be transferred to another party.
The security of your Personal Information
-
We take security seriously. Data is encrypted, stored in state-of-the-art facilities,
access is restricted to those who have a need to know, and we regularly review our
technology to maintain security.
-
In the event that there is a breach and your Personal Information that we have collected
directly is at risk, you will be notified within 72 hours of discovering the breach. You
will be informed of what information is at risk, steps that we have taken to ensure your
safety, and what action we are taking or have taken to rectify the breach. To the extent
permissible at law, in the event that there is a breach and indirectly collected
information is at risk, we will follow the same protocol, however the affected Customers
(rather than the individuals) will be notified instead.
-
More about security can be found at https://www.hugosystems.tech/security.
Access, correct or delete Personal Information about you
-
You can request access to the Personal Information you have provided to us, via email to
privacy@hugosystems.tech. This enables you to receive a copy of the data and to check that
we are lawfully processing it.
-
If you think there’s a problem with the Personal Information we hold about you, you will
either have the tools available to make these changes, or you can request a correction.
This enables you to have any incomplete or inaccurate data we hold about you corrected
(though we may need to verify the accuracy of the new data you provide to us).
-
If you want to request erasure of your Personal Information, we'll take all reasonable
steps to do so unless we are required to keep it for legal reasons, which will be notified
to you, if applicable, at the time of your request. As we only collect information that is
required, it is likely that revoking your consent will limit the functionality of your
Hugo Systems account.
-
Should you require to move your data to another service, you may request the transfer of
your data (including Personal Information) to you or to a third party. We will provide to
you, or a third party that you have chosen, your data in a structured, commonly used,
machine-readable format. In some instances encrypted fields and sensitive information as
well as images will have to be manually captured out of the system and transferred to your
new provider. This service of copying data will not be provided and must be accounted for
in the data transfer process.
-
You may withdraw consent at any time where we are relying on consent to process your
Personal Information. However, this will not affect the lawfulness of any processing
carried out before you withdraw your consent. If you withdraw your consent, we may not be
able to provide certain products or services to you. This will be notified to you at the
time of your request if applicable.
Data controlled by our Customers
-
Hugo Systems’s Customers may submit information to the Services for hosting and processing
purposes (“Customer Data”). Hugo Systems will not review, share, distribute, or reference
any such Customer Data except as provided in Hugo Systems’s Terms of Service
(https://www.hugosystems.tech/terms_of_service), or as may be required by law. In
accordance with Hugo Systems’ Terms of Service, Hugo Systems may access Customer Data only
for the purpose of providing the Services, or preventing or addressing service or
technical problems, or as may be required by law.
Local access and privacy laws
-
We acknowledge that Personal Information about patients, and the obligations of medical
practitioners relating to them, may be subject to access and privacy laws in the country
of residence of those patients.
-
We'll take all reasonable steps to comply with local access and privacy laws, to the
extent consistent with legal obligations we have under South African law, where we are
based.
Questions or complaints
-
If you have any questions or complaints about our Privacy Policy or the way we handle your
Personal Information, you can contact us at privacy@hugosystems.tech. This is our
preferred method of contact.
-
We also have a dedicated Data Protection Officer to help you with any requests or
questions you have about your data. They can be reached at dpo@hugosystems.tech.
- Last updated: 19 April 2022