1. Introduction
Theralogio ("we," "our," or "us") is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Belgian healthcare data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our practice management platform.
2. Data Controller Information
Theralogio acts as a data processor for healthcare practitioners who use our platform. Each practitioner using our service is the data controller for their client data and is responsible for ensuring lawful processing of personal data.
3. Information We Collect
3.1 Practitioner Information
- Name and contact information
- Professional credentials and license information
- Payment and billing information
- Account credentials and authentication data
3.2 Client Information (Processed on behalf of practitioners)
- Personal identification information (name, email, phone number)
- Health-related information from intake forms
- Appointment scheduling and attendance data
- Convention patient status and session tracking
- Session notes and clinical documents
- Payment and billing records
3.3 Technical Information
- IP address and device information
- Browser type and version
- Usage data and analytics
- Cookies and similar tracking technologies
4. Legal Basis for Processing
We process personal data based on:
- Contractual Necessity: Processing necessary to provide our services to practitioners
- Legal Obligation: Compliance with healthcare regulations and 30-year data retention requirements in Belgium
- Legitimate Interests: Platform security, fraud prevention, and service improvement
- Consent: Where explicitly provided for specific processing activities
5. How We Use Your Information
- Provide and maintain our practice management services
- Process appointments, payments, and communications
- Enable practitioners to manage their client relationships
- Track convention patient quotas as required by Belgian healthcare law
- Send appointment reminders and notifications
- Comply with legal obligations and healthcare regulations
- Improve and develop our platform
- Ensure platform security and prevent fraud
6. Data Security
We implement industry-standard security measures to protect your data:
- End-to-end encryption for data in transit and at rest
- Secure authentication with multi-factor options
- Regular security audits and vulnerability assessments
- Access controls and audit logging
- Secure data centers with physical security measures
- Regular backups with encryption
7. Data Retention
In compliance with Belgian healthcare law, we retain client healthcare records for 30 years from the last treatment date. Other data is retained as follows:
- Practitioner account data: Duration of account plus 7 years
- Financial records: 7 years as required by law
- Audit logs: 7 years for compliance verification
- Technical logs: 90 days unless required for security investigations
8. Data Sharing and Disclosure
We do not sell your personal data. We may share data with:
- Service Providers: Trusted third parties who assist in operating our platform (email services, payment processors, hosting providers)
- Legal Authorities: When required by law or to protect rights and safety
- Healthcare Authorities: As required by Belgian healthcare regulations
All third-party service providers are GDPR-compliant and bound by data processing agreements.
9. Your Rights Under GDPR
You have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data (subject to legal retention requirements)
- Right to Restrict Processing: Request limitation of data processing
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with the Belgian Data Protection Authority
Note: Healthcare data retention requirements may limit certain rights (e.g., right to erasure) for the mandatory 30-year retention period.
10. International Data Transfers
Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for the recipient country
- Other legally approved transfer mechanisms
11. Cookies and Tracking
We use cookies and similar technologies for authentication, security, and platform functionality. For detailed information, please see our Cookie Policy.
12. Children's Privacy
Our services are intended for healthcare practitioners and their adult clients. For clients under 18, practitioners must obtain appropriate parental or guardian consent as required by law.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or through a prominent notice on our platform. Continued use after changes constitutes acceptance of the updated policy.
14. Contact Us
For questions about this Privacy Policy or to exercise your rights, please contact us: