Privacy policy

Privacy policy

Last Updated: Jan. 27, 2025 | Version 1.3

1. Introduction

Welcome to Tiro.Health ("we," "our," or "us"). At Tiro.Health, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website and services.

This Privacy Policy applies to all personal data processed by Tiro.Health BV, with its registered office at Voskenslaan 95 A, 9000 Ghent, Belgium, registered under company number BE 0768.912.565, which acts as the data controller of this website.

The Data Controller attaches great importance to your privacy and therefore processes your personal data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter referred to as the "GDPR"), as well as any future or additional legislation implementing or supplementing it, insofar as applicable.

For any further questions or remarks regarding the way we handle your personal data, you may always contact us by email at info@tiro.health, or by post at the above-mentioned address.

Our DPO, Mr. Franklin BV (www.misterfranklin.be/dpo) can be contacted at info@tiro.health with notification of "For the attention of the DPO".

2. Information We Collect

2.1. Personal Information

We may collect personal information that you provide to us voluntarily. This may include:

  • Personal details (such as name, country of residence, etc.)
  • Contact information (such as email address, address, etc.)
  • Payment information (such as credit card details, bank details, etc.)
  • Any other materials you willingly submit to us such as articles, images, feedback, etc.

2.1.1. Information from Job Applicants

If you apply for a position with Tiro.Health, we may collect and process the following additional information:

  • Curriculum vitae (CV), cover letter, and application details.
  • Employment history and qualifications.
  • References provided by you or obtained during the application process.
  • Assessment results, interview notes, and other recruitment-related information.
  • Background check information, where legally permitted.

We process this information solely for recruitment and employment-related purposes, including evaluating candidates, conducting interviews, verifying information, and maintaining records related to hiring processes. Data will be retained for a reasonable period as required to complete the recruitment process or as mandated by law.

2.2. Automatically Collected Information

We may also collect certain information automatically when you visit our website, such as:

  • Device and browser information.
  • IP address.
  • Usage data and analytics.
  • Cookies and similar tracking technologies (see our Cookie Policy for more details).

2.2.1 Analytics and Website Usage Tracking

We use analytics services to better understand how visitors interact with our website.

Google Analytics: We use Google Analytics to collect and analyze website traffic data. This service tracks information about how visitors use our site, including page views, time spent on pages, and general usage patterns. The collected data helps us improve our website and user experience. For more information about how Google processes your data, please visit Google's Privacy Policy.

Microsoft Clarity: We use Microsoft Clarity to understand how visitors interact with our website through behavioral metrics, heatmaps, and session replay. This service captures mouse movements, clicks, scrolling behavior, and general interaction patterns to help us improve our website's user experience. The collected data includes behavioral information but excludes personally identifiable information. All data collection complies with applicable privacy regulations and is processed in accordance with Microsoft's data protection standards. For more detailed information about how Microsoft collects and processes this data, please review the Microsoft Privacy Statement.

3. How We Use Your Information

We may use your personal information for various purposes, including but not limited to:

  • Providing and improving our services.
  • Communicating with you about our products and services.
  • Responding to your inquiries and requests.
  • Billing and payment processing (if applicable).
  • Compliance with legal obligations.
  • Marketing and promotions (with your consent, where required by law).

3.1. Processing of Applicant Data

Personal information collected from job applicants will be used specifically to:

  • Process and assess applications.
  • Contact applicants regarding their candidacy.
  • Conduct interviews and assessments.
  • Verify qualifications and references.
  • Manage onboarding processes for successful candidates.

Applicant data will not be used for marketing purposes and will only be retained for the duration necessary to fulfill these purposes unless retention is required by law.

4. Data Security

We take the security of your personal information seriously and implement appropriate measures to protect it from unauthorized access, disclosure, alteration, or destruction.

5. Sharing Your Information

We may share your personal information with:

  • Service providers who assist us in providing our services.
  • Healthcare professionals, with your explicit consent, to provide medical advice or treatment.
  • Law enforcement or government agencies when required by law.

5.1. Sharing Applicant Data

Information provided during the recruitment process may be shared with:

  • Recruitment agencies or service providers assisting in the hiring process.
  • Background check service providers (if applicable).
  • Legal advisors or authorities where compliance with legal obligations is required.

6. On what legal grounds do we process your personal data?

Legal obligation

Certain personal data are processed in order to comply with legal or regulatory obligations to which we are subject. This includes, for example, obligations relating to accounting and taxation, sector-specific regulatory requirements, and data protection legislation.

Necessary for the performance of a contract

Certain personal data are processed because such processing is necessary for the conclusion, performance, or termination of a contract with you as a data subject. Within the context of Tiro.Health, this includes the provision of our digital healthcare platform and related services, including but not limited to transforming clinical notes into structured and valuable medical data, reducing administrative burden for healthcare professionals, capturing structured data at the source, optimizing billing processes, improving operational efficiency, and supporting compliant medical documentation workflows. Processing for these purposes may include, for example, onboarding and communication with users, providing access to the platform, facilitating documentation processes, administrative follow-up, invoicing, and ensuring the proper delivery, maintenance, and improvement of our services.

Legitimate interest

Certain personal data are processed on the basis of our legitimate interests, where such interests outweigh any potential adverse impact on your rights and freedoms. This may include improving and securing our platform and services, optimizing performance and user experience, maintaining internal statistics and analytics, safeguarding evidence in the context of disputes or liability, preventing fraud or misuse, and ensuring the security of our IT systems and business operations.

Consent

Certain personal data are processed on the basis of your explicit consent. This may include, for example, sending newsletters or other marketing communications, the use of non-essential cookies, publishing images containing personal data on our website or social media channels, and retaining applicant data beyond the recruitment procedure. Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

7. How long do we retain your data?

We do not retain your data for longer than is necessary for the purposes for which it was collected or processed. As the retention period depends on the specific purposes for which the data was collected, the storage period may vary depending on the situation. In some cases, specific legislation may require us to retain certain data for a defined period.

Our retention periods are always based on applicable legal requirements and on a careful balancing of your rights and expectations against what is necessary and proportionate to fulfil the intended purposes. Once the applicable retention period has expired, your data will be deleted or anonymised.

8. Where do we store your data and how is it protected?

We implement appropriate technical and organisational security measures to prevent, within the scope of our activities, the destruction, loss, falsification, alteration, unauthorised access to, or unlawful disclosure of personal data to third parties, as well as any other unauthorised processing of such data.

In addition, we ensure that the processors we engage also implement appropriate security measures in order to minimise the risk of incidents as much as possible.

The data we process remains at all times within the European Economic Area (EEA).

If, when using specific services or software tools, your data is processed outside the European Economic Area (EEA), this will only take place in or be transferred to countries for which the European Commission has confirmed that they provide an adequate level of protection for your data, or appropriate safeguards will be implemented to ensure the lawful processing of your data in such third countries.

9. Your Choices and Rights, Including GDPR

Under the General Data Protection Regulation (GDPR), if you are a resident of the European Union, you have certain data protection rights concerning your personal information processed by us. These rights include the right to access, correct, delete, or restrict the use of your personal data. You also have the right to object to the processing of your data and the right to data portability. To exercise any of these rights or if you have any questions regarding your rights or how we handle your personal information under GDPR, please contact us at info@tiro.health. We will respond to your request within the timeframes required by law.

10. Children's Privacy

Our services are not intended for children under the age of 18, and we do not knowingly collect personal information from children as data controllers.

11. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be effective immediately upon posting the updated policy on our website.

12. Contact Us

If you have any questions or concerns about our Privacy Policy, please contact us at info@tiro.health.