ABENA IHR

Privacy Policy

Last Updated: March 3, 2025

1. Introduction

Welcome to Abena IHR ("we," "our," or "us"). We are committed to protecting your privacy and the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our medical records intelligent analysis platform ("Platform").

Please read this Privacy Policy carefully. By accessing or using our website or Platform, you acknowledge that you have read, understood, and agree to be bound by all the terms outlined in this Privacy Policy. If you do not agree with our policies and practices, please do not use our website or Platform.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Complete forms on our website
  • Subscribe to our newsletter
  • Request information or assistance
  • Participate in surveys or promotions

This information may include:

  • Name, email address, phone number, and mailing address
  • Professional credentials and affiliations
  • Username and password
  • Payment information
  • Any other information you choose to provide

2.2 Protected Health Information

As a medical records analysis platform, we may collect and process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). This information is collected only:

  • With proper authorization
  • Under appropriate Business Associate Agreements (BAAs)
  • In compliance with all applicable laws and regulations

PHI may include:

  • Medical history and records
  • Diagnostic information
  • Treatment plans
  • Insurance information
  • Other health-related information

2.3 Automatically Collected Information

When you visit our website or use our Platform, we may automatically collect certain information about your device and usage patterns, including:

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Pages visited and features used
  • Time spent on pages
  • Referring URLs
  • Click patterns and interactions
  • Diagnostic data

2.4 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. These technologies help us analyze website traffic, customize content, and improve your experience. For more information about our use of cookies, please see our Cookie Policy.

3. How We Use Your Information

3.1 General Business Purposes

We may use your personal information for legitimate business purposes, including to:

  • Create and manage your account
  • Provide and maintain our services
  • Process payments and transactions
  • Respond to inquiries and provide customer support
  • Send administrative information and service updates
  • Deliver newsletters and marketing communications (with consent)
  • Analyze usage patterns to improve our Platform
  • Protect against unauthorized access and activities
  • Comply with legal obligations

3.2 Medical Analysis and Insights

With proper authorization, we use our AI-powered Platform to:

  • Analyze medical records across 100+ analysis modules
  • Generate insights and recommendations
  • Develop personalized health management strategies
  • Identify potential treatment options
  • Support healthcare providers in clinical decision-making
  • Improve patient outcomes and quality of life

3.3 Research and Development

We may use de-identified, aggregated data to:

  • Improve our analysis algorithms
  • Develop new features and capabilities
  • Conduct research to advance healthcare knowledge
  • Create statistical analyses and benchmark reports
  • All research activities comply with applicable regulations and ethical standards

4. Legal Basis for Processing (If Applicable)

For users in regions with data protection laws like the European Union, we process personal information based on one or more of the following legal grounds:

  • Your consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • Protection of vital interests
  • Public interest or official authority

5. Information Sharing and Disclosure

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Analytics providers
  • Customer support services
  • Marketing and communication platforms

These service providers are contractually obligated to use your information only for the purposes of providing services to us and in compliance with applicable privacy laws.

5.2 Healthcare Providers and Partners

With proper authorization, we may share analysis results and recommendations with:

  • Your designated healthcare providers
  • Healthcare institutions with whom you have a treatment relationship
  • Other authorized parties involved in your care

5.3 Compliance and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Enforce our Terms of Service
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect the rights, property, or safety of our users, our company, or the public

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your information.

5.5 With Your Consent

We may share your information in any other circumstances where we have your explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information, including:

  • Encryption of sensitive data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and penetration testing
  • Employee training on privacy and security practices
  • Physical and environmental safeguards for our facilities
  • Incident response procedures

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information, and transmission over the internet always carries some risk.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of your relationship with us
  • Legal obligations to retain data for certain periods
  • Statutes of limitations for potential legal claims
  • Industry best practices
  • Our legitimate business needs

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, which may include:

8.1 For All Users

  • Access to your personal information
  • Correction of inaccurate or incomplete information
  • Withdrawal of consent (where processing is based on consent)
  • Opting out of marketing communications

8.2 For Users in Certain Jurisdictions (e.g., EU, California)

  • Data portability
  • Deletion of your personal information (subject to exceptions)
  • Restriction of processing
  • Objection to processing
  • Non-discrimination for exercising your rights
  • Information about data sharing practices

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

9. Children's Privacy

Our website and Platform are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child without parental consent, we will promptly delete that information.

10. International Data Transfers

We may transfer, store, and process your information in countries other than your own. If you are located in the European Economic Area (EEA) or other regions with data protection laws, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

By providing your information, you consent to any transfer and processing in accordance with this Privacy Policy. We implement appropriate safeguards to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

11. Third-Party Links and Services

Our website and Platform may contain links to third-party websites and services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of all third-party websites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised policy on our website with an updated "Last Updated" date. For material changes, we will provide notice via email or through our Platform. Your continued use of our website or Platform after such modifications constitutes your acknowledgment of the modified Privacy Policy and agreement to abide by its terms.

13. Compliance with Healthcare Privacy Laws

13.1 HIPAA Compliance

As a provider of services to healthcare entities, we comply with the Health Insurance Portability and Accountability Act (HIPAA) where applicable. When we act as a Business Associate to Covered Entities, we adhere to all HIPAA requirements regarding the collection, use, and disclosure of Protected Health Information (PHI).

13.2 Other Healthcare Privacy Laws

We also comply with other applicable healthcare privacy laws and regulations, which may include:

  • State-specific medical privacy laws
  • Industry-specific standards and best practices
  • International healthcare data protection regulations

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Abena IHR
Email: info@abenaihr.com

We will respond to your inquiries as soon as possible, and within the timeframes required by applicable law.

15. Dispute Resolution

If you have a complaint about our privacy practices, please contact us first. If you are not satisfied with our response, depending on your jurisdiction, you may have the right to lodge a complaint with a supervisory authority or other regulatory agency.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of [Jurisdiction], without regard to its conflict of law provisions.

17. Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, the remaining provisions will remain in full force and effect.

18. Entire Agreement

This Privacy Policy constitutes the entire agreement between you and Abena IHR regarding the collection, use, and protection of your personal information when using our website and Platform.

By using our website or Platform, you acknowledge that you have read and understood this Privacy Policy.