Privacy Policy

1. Introduction

1.1 We, Viridis Software Solutions Limited ("we", "us", "our"), are committed to safeguarding the privacy of all users of our MEDRS medical records management system ("Service", "Website"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

1.2 By using our Website or Service, you consent to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, you must not use our Website or Service.

1.3 We use cookies on our Website. By using our Website or agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy and our Cookie Policy.

2. Information We Collect

2.1 Information You Provide

We may collect, store and use the following kinds of personal information:

• Account Information: Name, email address, password (encrypted), job title, and contact details when you register for an account.
• Subscription Information: Billing address, payment details (processed securely through GoCardless), subscription plan details, and transaction history.
• Patient Data: Medical records, patient information, documents, notes, and other healthcare data you enter into the Service.
• Communications: Messages sent through our messaging system, support requests, feedback, and correspondence with us.
• Usage Data: Information about how you use the Service, including log-in times, features accessed, and actions performed.

2.2 Automatically Collected Information

When you visit our Website, we may automatically collect:

• Technical Information: IP address, browser type and version, operating system, device information, and screen resolution.
• Usage Information: Pages visited, time spent on pages, click paths, referral sources, and search queries.
• Location Data: General geographic location based on IP address (country/region level only).

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our medical records management Service.
• Account Management: To create and manage your account, authenticate your identity, and process subscription payments.
• Data Security: To monitor and protect against unauthorized access, fraud, security threats, and other illegal activities.
• Communication: To send you important notices about your account, subscription changes, security alerts, and support responses.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical support.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
• Service Improvement: To analyze usage patterns, diagnose technical problems, and improve Service functionality and performance.
• Marketing (with consent): To send you product updates, newsletters, and promotional materials (only if you have opted in).

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information based on:

• Contractual Necessity: To fulfill our obligations under your subscription agreement and provide the Service.
• Legal Obligation: To comply with legal requirements, including healthcare data retention regulations (UK medical records must be retained for 25 years minimum).
• Legitimate Interests: To maintain and improve Service security, prevent fraud, and enhance user experience.
• Consent: For marketing communications and non-essential cookies (you may withdraw consent at any time).

5. Data Security

6.1 We implement industry-standard security measures to protect your personal information:

• Encryption: Data in transit is encrypted using TLS/SSL. Sensitive data at rest is encrypted using AES-256-CBC or stronger encryption standards.
• Access Controls: Strict access controls ensure only authorized personnel can access personal information.
• Authentication: Secure password hashing and multi-factor authentication options.
• Audit Logging: Comprehensive audit trails track all access and modifications to sensitive data.
• Regular Security Assessments: We conduct regular security audits and vulnerability assessments.

6. Your Rights (GDPR)

If you are located in the EEA, you have the following rights regarding your personal information:

• Right of Access: Request a copy of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Erasure: Request deletion of your personal information (subject to legal retention requirements for medical records).
• Right to Restrict Processing: Request limitation of how we process your information.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

To exercise these rights, please contact us at privacy@medrs.eu.

7. Contact Us

If you have questions about this Privacy Policy, please contact us: