1. Introduction

CCSapp.ie ("we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use CCSapp.

This policy applies to all users of CCSapp, including registered pharmacists, pharmacy staff, and any other authorised users.

2. Data Controller and Data Processor Roles (GDPR)

Understanding who controls your data under GDPR

Your Pharmacy as Data Controller

Under the General Data Protection Regulation (GDPR), your pharmacy is the Data Controller for all patient data entered into CCSapp. This means your pharmacy:

Determines the purposes and means of processing patient data
Is responsible for ensuring a lawful basis for processing
Must comply with data subject rights (access, rectification, erasure, etc.)
Is responsible for data breach notification obligations
Must maintain appropriate records of processing activities

CCSapp.ie as Data Processor

CCSapp.ie acts as a Data Processor on behalf of your pharmacy. In this role, we:

Process patient data only on your documented instructions
Ensure appropriate technical and organisational security measures
Assist you in responding to data subject requests
Delete or return all personal data at the end of the service
Make available all information necessary to demonstrate compliance
Allow for and contribute to audits and inspections

Data Processing Agreement

By using CCSapp, your pharmacy enters into a Data Processing Agreement with us as required by Article 28 of the GDPR. This agreement sets out the subject matter, duration, nature, and purpose of processing, as well as the types of personal data and categories of data subjects.

3. Information We Collect

3.1 Account Information

When you register for CCSapp, we collect:

Name and contact details
Email address
Pharmacy name and address
PSI registration number
Password (stored in encrypted form)

3.2 Patient Data

Patient data entered by your pharmacy may include:

Patient name, date of birth, and contact details
PPS number, GMS number, DPS number
Consultation records and clinical notes
Prescription details and treatment history
Follow-up and safety netting information

3.3 Usage Data

We automatically collect certain information about how you use the Service:

Log data (IP address, browser type, access times)
Device information
Feature usage and navigation patterns (anonymised)

4. How We Use Your Information

We use the information we collect to:

Provide and maintain the CCSapp service
Authenticate users and secure accounts
Process and store consultation records on behalf of your pharmacy
Generate prescriptions and clinical documentation
Send service-related communications
Improve and optimise the Service
Comply with legal obligations

5. Legal Basis for Processing

We process personal data on the following legal bases:

Contract: Processing necessary to perform our contract with you (providing the CCSapp service)
Legal obligation: Processing required to comply with healthcare regulations and data retention requirements
Legitimate interests: Processing for service improvement and security, where balanced against your rights

6. Data Security

We implement robust security measures to protect your data:

Encryption at rest: All data is encrypted using AES-256 encryption
Encryption in transit: All communications use TLS 1.3
Access controls: Role-based access with two-factor authentication
Audit logging: All data access is logged for compliance
Regular security assessments: Ongoing vulnerability testing

7. Data Retention

We retain data in accordance with legal requirements and your pharmacy's instructions:

Patient records: Retained for the period required by Irish healthcare law (typically 8 years for adults, or until a minor reaches 25 years of age)
Account information: Retained while your account is active and for a reasonable period thereafter
Audit logs: Retained for 7 years for compliance purposes

8. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right of access: Request a copy of your personal data
Right to rectification: Request correction of inaccurate data
Right to erasure: Request deletion of your data (subject to legal retention requirements)
Right to restrict processing: Request limitation of processing
Right to data portability: Receive your data in a portable format
Right to object: Object to certain types of processing

For patient data, please contact your pharmacy (the Data Controller) to exercise these rights.

9. International Data Transfers

Your data is stored and processed within the European Economic Area (EEA). If any data transfer outside the EEA is required, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Third-Party Services

We use trusted third-party services to operate CCSapp:

Cloud hosting providers (data centres in the EU)
Authentication services
Analytics services (anonymised data only)

All third-party processors are bound by data processing agreements and are selected for their security and compliance standards.

11. Cookies and Local Storage

CCSapp uses:

Essential cookies: Required for authentication and security
Local storage: For offline functionality and user preferences

We do not use advertising or third-party tracking cookies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Email: privacy@ccsapp.ie
Address: CCSapp.ie, Dublin, Ireland

You also have the right to lodge a complaint with the Data Protection Commission (DPC) if you believe your data protection rights have been violated: www.dataprotection.ie