Privacy Policy & Data Protection – Dacttra

Dacttra ("we", ",our", or ",the Platform") is committed to protecting the privacy and personal data of its users. This Privacy Policy explains how we collect, use, store, disclose, and protect personal and health information in accordance with:

  • Egyptian Personal Data Protection Law No. 151 of 2020 (PDPL)
  • EU General Data Protection Regulation (GDPR – EU 2016/679)
  • US Health Insurance Portability and Accountability Act (HIPAA)

This policy applies to all users of Dacttra, including healthcare providers, clinics, organizations, staff, and patients.

1. Definitions

  • Platform: Dacttra and all related applications, websites, and services.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Sensitive Data / Health Data: Medical, clinical, diagnostic, or health-related information.
  • Processing: Any operation performed on data, including collection, storage, use, transfer, or deletion.
  • User: Any individual or entity using the Platform.

2. Regulatory Compliance

According to GDPR:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

According to HIPAA:

  • Confidentiality
  • Integrity
  • Availability
  • Access control and auditability
  • Privacy Rule Compliance

3. Data We Collect

A. Personal Data

  • Full name
  • Email address
  • Phone number
  • Clinic or organization name
  • Account credentials
  • Billing and payment information

B. Health Data / PHI (Sensitive Data)

Depending on platform usage, we may process:

  • Medical records
  • Diagnoses
  • Prescriptions
  • Laboratory and imaging results
  • Clinical notes
  • Medical history

⚠️ Health data is classified as highly sensitive and processed using enhanced security and legal safeguards.

C. Technical & Usage Data

  • IP address
  • Device and browser type
  • Operating system
  • Login records
  • Usage timestamps
  • Cookies and tracking technologies

4. Legal Basis for Processing

  • Explicit user consent
  • Performance of a contract
  • Legal or regulatory obligation
  • Protection of vital interests
  • Legitimate business interests (without overriding user rights)

5. Purposes of Processing

  • Providing and operating the Platform
  • Managing user accounts
  • Storing and managing health records
  • Communication and customer support
  • Billing and payments
  • Platform improvement and analytics
  • Legal and regulatory compliance
  • Fraud prevention and security

6. Data Sharing & Third Parties

We do not sell personal or health data.

Data may be shared, strictly as necessary, with:

  • Cloud hosting and infrastructure providers
  • Payment service providers
  • Analytics and performance service providers
  • Governmental or regulatory authorities when legally required

All third parties are bound by Data Processing Agreements (DPA) and, where applicable, HIPAA Business Associate Agreements (BAA).

7. International Data Transfers

Personal data may be stored or processed outside the user's country of residence. We ensure:

  • Adequate protection measures
  • Contractual safeguards (e.g., Standard Contractual Clauses)
  • GDPR-compliant cross-border transfer mechanisms

8. Data Retention

  • For as long as the user account remains active
  • As required by healthcare, financial, or legal regulations
  • Only for the duration necessary to fulfill processing purposes

9. Data Security Measures

Dacttra applies technical and organizational safeguards, including:

  • Encryption in transit and at rest
  • Role-based access control (RBAC)
  • Audit logs and monitoring
  • Regular backups
  • Tenant-level data isolation
  • Secure authentication mechanisms

10. User Rights

According to GDPR and PDPL:

  • Access personal data
  • Rectify inaccurate data
  • Request data deletion (Right to Erasure)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

According to HIPAA:

  • Access medical records
  • Request corrections
  • Obtain an accounting of disclosures

📧 Contact: support@dacttra.com

⏱ Response Time: Up to 30 days

11. Cookies Policy

What are Cookies?

Cookies are small text files stored on your device to improve functionality and user experience.

Types of Cookies Used:

  • Essential Cookies – required for platform operation
  • Functional Cookies – save preferences and settings
  • Analytics Cookies – improve performance and usability
  • Security Cookies – detect and prevent suspicious activity

Managing Cookies:

Users may accept or reject cookies, modify browser settings, or disable non-essential cookies. Disabling cookies may affect certain features of the Platform.

12. Data Breach Notification

  • Relevant authorities will be notified within legally required timelines
  • Affected users will be informed without undue delay
  • Immediate mitigation and corrective actions will be taken

13. Children's Privacy

The Platform is not intended for individuals under the age of 18. Any data inadvertently collected from minors will be deleted promptly.

14. Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated via the Platform or email.

15. Contact Information

support@dacttra.com
http://localhost:4200/contact-us