GDPR Policy

Last updated: 11 October 2025

At BetterCall.ie, we are committed to protecting the privacy and data of all our users, in line with the General Data Protection Regulation (GDPR). This policy explains how we collect, use, store, and protect your personal information.

1. What data we collect

  • Authentication Data: Full name and email address (via Google OAuth)
  • Professional Data: Medical grade, specialty preferences, and professional identifiers (if provided)
  • Usage Data: Topics viewed, tasks completed, time tracking entries, and activity logs
  • User Preferences: Theme settings, notification preferences, and account settings
  • Technical Data: IP address, browser type, and anonymous usage statistics
  • Communication Data: Feedback, suggestions, and support requests
  • Patient Health Data (Teams Feature): Patient names, dates of birth, medical histories, clinical notes, treatment plans, and other health information entered by authorised medical professionals for team-based patient management

Important: The Teams feature processes sensitive patient health data. This data is only collected with explicit patient consent and is used solely for clinical team management purposes by authorised medical professionals.

2. How we use your data

  • Service Provision: To provide personalised educational content and task management
  • Progress Tracking: To track your learning progress and generate portfolio reports
  • Account Management: To maintain your account and sync data across devices
  • Communication: To respond to your feedback and provide support
  • Service Improvement: To analyse anonymous usage patterns for product enhancement
  • Compliance: To ensure platform security and prevent misuse
  • Clinical Team Management: To facilitate secure sharing of patient information among authorised medical team members for clinical care coordination

Patient Health Data Processing

Legal Basis: Patient health data is processed under Article 6(1)(a) (consent) and Article 9(2)(a) (explicit consent) of the GDPR for the following purposes:

  • Clinical care coordination between authorised medical team members
  • Patient treatment planning and management
  • Medical handover and continuity of care
  • Clinical documentation and record-keeping

3. Legal basis for processing

We process your personal data based on:

  • Consent: You have given clear consent for us to process your data for specific purposes
  • Contract Performance: Processing is necessary for the performance of our service contract with you
  • Legitimate Interest: We have a legitimate interest in improving our services and ensuring security

Patient Health Data - Special Categories

Patient health data falls under Article 9 of the GDPR (Special Categories of Personal Data) and requires explicit consent:

  • Explicit Consent: Patients must provide clear, specific consent for health data processing
  • Healthcare Purpose: Data processing is necessary for the provision of healthcare services
  • Professional Oversight: Only authorised medical professionals can access patient data
  • Data Minimization: Only data necessary for clinical care is collected and processed

4. Data sharing and third parties

We do not share your personal data with third parties without your express consent. Your data is used solely for your benefit.

  • No Third-Party Sharing: We do not sell, rent, or share your personal information
  • Express Consent Required: Any data sharing would only occur with your explicit written consent
  • Service Providers: We use Google Firebase for secure data storage, bound by strict data protection agreements
  • Legal Requirements: We may only disclose data if required by law or to protect rights and safety
  • Anonymous Data: We may use anonymised, aggregated data that cannot identify you

5. Your rights under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access: You can request a copy of all personal data we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure: You can request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: You can request limitation of how we process your data
  • Right to Data Portability: You can request your data in a structured, machine-readable format
  • Right to Object: You can object to processing based on legitimate interests
  • Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent

Patient Data Rights

Patients whose health data is processed through our Teams feature have additional rights:

  • Access to Health Records: Patients can request access to their health data stored in the system
  • Data Portability: Health data can be exported in a standard medical format
  • Consent Withdrawal: Patients can withdraw consent for health data processing at any time
  • Right to Erasure: Health data can be deleted upon patient request (subject to legal retention requirements)
  • Data Rectification: Patients can request correction of inaccurate health information

Contact: To exercise these rights, patients should contact their healthcare provider or email us at privacy@bettercall.ie

6. Data security and encryption

We implement comprehensive security measures to protect your personal data:

  • Encryption in Transit: All data transmission uses TLS 1.2+ encryption
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Access Controls: Strict Firestore security rules ensure only you can access your data
  • Authentication: Secure Google OAuth 2.0 with no password storage
  • Regional Storage: Data stored in your region for optimal performance and compliance
  • Regular Security Audits: We regularly review and update our security measures

6. Data retention

We retain your data only as long as necessary for the purposes outlined above. You can request deletion of your data at any time.

7. Your rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

8. Contact us

If you have questions about this policy or your data, contact us at bettercallireland@gmail.com.