Effective Date: 05/28/2024

Welcome to Verified Care (“we,” “us,” “our”), the trade name of Novoguard LLC, a business incorporated in the state of Wyoming, USA. This Healthcare Compliance and Data Protection Policy (“Policy”) outlines our commitment to adhering to applicable healthcare laws and data protection regulations across the United States (US), European Union (EU), Middle East, and Asia. By accessing or using our website www.verifiedcare.co (“Site”), services, or interacting with us in any way, you agree to comply with and be bound by this Policy.

1. Introduction

Verified Care operates as an online consumer review platform and health and wellness directory, facilitating the sharing of experiences related to aesthetic medical clinics. Given the sensitive nature of healthcare-related information, it is imperative that we comply with relevant laws and regulations to protect our users’ privacy and ensure the integrity of our platform.

2. Scope

This Policy applies to all users, contributors, and employees of Verified Care across all regions where we operate, including the US, EU, Middle East, and Asia. It governs the collection, use, storage, and disclosure of personal and sensitive information related to healthcare.

3. Compliance with Regional Healthcare and Data Protection Laws

A. United States (US)

Health Insurance Portability and Accountability Act (HIPAA):

Applicability: While Verified Care is covered entity under HIPAA, we recognize the importance of protecting Protected Health Information (PHI). We ensure that any PHI inadvertently shared by users in their reviews is handled with care.

Data Handling: Users are advised not to include PHI in their reviews. If PHI is detected, we will promptly remove the content to mitigate any potential risks.

California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA):

User Rights: California residents have the right to know what personal information is collected, how it is used, and the right to request deletion.

Implementation: We provide clear mechanisms for users to exercise these rights, including opting out of data sales and requesting data access or deletion via contact@verifiedcare.co.

Non-Discrimination: Users exercising their CCPA/CPRA rights will not face discrimination in service quality or pricing.

B. European Union (EU)

General Data Protection Regulation (GDPR):

Lawful Processing: We process personal data lawfully, fairly, and transparently.

User Rights: EU users have the right to access, rectify, erase, restrict processing, and port their data. They can also object to data processing.

Data Minimization: Only necessary data is collected for specified purposes.

Data Protection Officer (DPO): While not required for our current operations, our team ensures GDPR compliance through regular training and adherence to best practices.

Breach Notification: In the event of a data breach affecting EU users, we will notify affected individuals within 72 hours as mandated by GDPR.

C. Middle East

United Arab Emirates (UAE) Data Protection Law:

Compliance: We adhere to the UAE’s data protection regulations, ensuring secure handling of personal data.

User Rights: Users can request access, correction, and deletion of their personal data.

Saudi Arabia Personal Data Protection Law (PDPL):

Data Handling: We ensure that personal data is processed in accordance with PDPL requirements, including obtaining explicit consent where necessary.

Data Localization: Where required, we store data within Saudi Arabia’s borders.

D. Asia

Singapore Personal Data Protection Act (PDPA):

Consent: We obtain explicit consent before collecting, using, or disclosing personal data.

User Rights: Users can request access to their data and request corrections as needed.

Japan Act on the Protection of Personal Information (APPI):

Data Usage: Personal data is used solely for the purposes stated at the time of collection.

Data Protection: We implement measures to protect personal data from unauthorized access and breaches.

China Personal Information Protection Law (PIPL):

Consent and Purpose Limitation: We obtain explicit consent and use personal data strictly for stated purposes.

Data Localization: Where required, personal data of Chinese users is stored within China.

Other Asian Jurisdictions:

Country-Specific Laws: We continuously research and comply with specific data protection laws in each Asian country we operate in, ensuring full legal compliance.

4. Data Collection and Usage

Personal Information:

Types Collected: Name, email address, photos (optional), location data, and any other information voluntarily provided by users.

Usage: To facilitate reviews, improve services, communicate updates, and ensure compliance with legal requirements.

Non-Personal Information:

Types Collected: Usage data, technical data such as IP address, browser type, and device information.

Usage: To analyze user behavior, enhance platform functionality, and improve user experience.

5. Data Security Measures

Encryption: We use industry-standard encryption to protect data during transmission and storage.

Access Controls: Only authorized personnel have access to personal information.

Regular Audits: Conduct regular security audits to identify and mitigate vulnerabilities.

Watermarked Images: To protect clinic images, we utilize watermarked photos to prevent unauthorized use and ensure proper attribution.

6. User Rights and Consent

Consent: By using our platform, users consent to the collection, use, and disclosure of their personal information as outlined in this Policy.

Access and Correction: Users can access, correct, or delete their personal information by contacting us at contact@verifiedcare.co.

Opt-Out: Users can opt out of receiving promotional communications by following unsubscribe instructions in our emails.

Data Portability: Users have the right to request their data in a structured, machine-readable format.

7. Data Transfer and Localization

Cross-Border Transfers: Personal data may be transferred across borders to regions with different data protection laws. We ensure such transfers comply with applicable legal requirements, including the use of standard contractual clauses or other appropriate safeguards.

Data Localization: Where required by local laws, we store and process personal data within the respective country’s borders to comply with data localization requirements.

8. Use of Clinic Images

Publicly Available Images: We use images of clinics that are publicly available or provided directly by the clinics. These images are either in the public domain or used with proper authorization.

Watermarked Images: To protect the rights of original image owners and prevent unauthorized use, we utilize watermarked images where applicable. These watermarks help identify the source and deter misuse.

No Ownership Claims: Verified Care does not claim ownership of any clinic images. All such images remain the property of their respective owners.

Infringement Claims: If you believe that any image on our platform infringes upon your rights, please contact us at contact@verifiedcare.co so we can address your concerns promptly.

9. Breach Notification

In the event of a data breach that compromises personal data:

US (GDPR): Notify affected EU users within 72 hours.

Other Regions: Comply with specific regional breach notification requirements.

Notification Content: Inform affected users about the nature of the breach, the data involved, and the measures taken to mitigate the breach.

10. Third-Party Services

We may use third-party service providers to assist in operating our platform. These providers are contractually obligated to protect personal data and comply with applicable data protection laws. We do not sell or rent personal information to third parties for their marketing purposes.

11. Children’s Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided personal information, we will take immediate steps to delete such data in compliance with the Children’s Online Privacy Protection Act (COPPA) and other relevant laws.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be effective immediately upon posting on our website. We encourage users to review this Policy periodically to stay informed about how we protect their information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Healthcare Compliance and Data Protection Policy, please contact us at:

Email: contact@verifiedcare.co

Address: Novoguard LLC, 30, North Gould Street, Sheridan, WY.