Privacy & Data Protection Policy
Protecting your personal information is central to our mission and values.
The Intellibus Care Foundation is committed to maintaining the highest standards of privacy, data protection, and patient confidentiality. We follow internationally recognized frameworks—including the European Union GDPR, the Jamaica Data Protection Act (JDPA), and applicable United States privacy and security principles (including HIPAA standards where relevant to telemedicine and health information handling).
This policy explains how we collect, use, store, and protect personal information across our humanitarian, telemedicine, and community health programs.
1. Principles We Follow
We uphold:
- Lawfulness, fairness, transparency
- Purpose limitation
- Data minimization
- Accuracy and correction
- Security and confidentiality
- Protection of individual rights
These principles align with GDPR, JDPA, and U.S. health privacy frameworks.
2. What Data We Collect
Health & Medical Information
Vital signs, symptoms, telemedicine notes, and diagnostic information.
Personal Information
Name, contact details, demographic data, and location for service delivery.
Operational Data
Appointment and mission information, community assessments, device/telemedicine connection data.
Consent Records
Documenting explicit consent where required by law.
We do not sell personal data.
3. Legal Bases for Processing
Under GDPR, we rely on:
- Explicit consent
- Provision of healthcare
- Public health interests
- Vital interests
- Legitimate interests
Under the Jamaica Data Protection Act, processing aligns with the conditions for health, humanitarian, and social care activities.
4. How We Use Data
For:
- Medical care and telemedicine services
- Community outreach and assessments
- Follow-up care coordination
- Program improvement
- Disaster-response operations
- Regulatory compliance
Anonymized data may be used for reporting or research.
5. Data Storage & Security
We employ:
- Encryption in transit and at rest
- Role-based access controls
- Audit logs
- Secure telemedicine systems
- Multi-factor authentication
- GDPR/JDPA-compliant safeguards
6. Data Sharing
Data may be shared with:
- Authorized clinicians
- Partner institutions under confidentiality agreements
- Ministries or agencies when required for public health or emergency response
- Technology providers offering secure infrastructure
We never sell data or use it for commercial advertising.
7. International Transfers
When transferring data across borders, we apply:
- GDPR Standard Contractual Clauses (SCCs) or equivalent safeguards
- JDPA transfer requirements
- U.S. privacy and health security standards
8. Your Rights
You may:
- Access your data
- Request correction
- Request deletion (when applicable)
- Withdraw consent
- Request a copy of your data
- Object to processing
- File a complaint with a regulator
Contact us at care@intellibus.com to exercise your rights.
9. Data Retention
We retain personal and health data only as long as necessary for:
- Care delivery
- Legal compliance
- Accountability and reporting
- Program evaluation
Retention aligns with JDPA, GDPR, and U.S. guidelines.
10. Updates to This Policy
As our missions, telemedicine systems, and digital platforms evolve, this policy will be updated to reflect new practices and legal requirements.
The latest version will always be available here.
Contact Us
For privacy or data protection inquiries:
Email: care@intellibus.com
Intellibus Care Foundation – Data Protection Office