Privacy notice

Who we are

The processing activities described below relate to users of the Patient App B.V. platform. The Patient App B.V. platform is called Caro Health (“Caro", “we", “us”). The processor for all of the below activities is Patient App B.V., Burgerweeshuispad 101, Amsterdam, KvK-number: 71943765. Caro is represented by Thomas Goijarts, who can be contacted at If you have a question about how Caro processes your data, you can contact our Data Protection Officer at

Caro processes personal data on behalf of your healthcare provider. This means that your healthcare provider controls which personal data is processed and for what purposes. However, your consent is always required for the processing of data concerning your health. 

Purpose of processing

The Caro application collects and processes personal data in order to:

  1. Provide patients with personalised content to guide them, motivate them, and keep them informed
  2. Track the progress of patients through their treatments
  3. Help healthcare professionals and healthcare-related entities improve the quality of service they provide
  4. Invite users to the platform
  5. Continually improve the products that are used for 1, 2, 3, and 4 above

How these purposes are realised in practice, is decided by your healthcare provider.

Categories of individuals

Caro collects data about the following classes of individuals:

  1. Patients
  2. Healthcare professionals
  3. Staff of healthcare-related entities
  4. Caro Health employees (when they do support work on the platform)

Categories of personal data

Caro processes the following types of personal data:

  1. Basic identification information - name, phone number, and password - to allow users to sign in to the platform
  2. For patients, metadata about their treatment - for example the treatment date
  3. For patients, patient-supplied and context-derived information - for example a self-reported pain grading
  4. For patients, provider-supplied information - for example which surgeries have been done in the past
  5. For healthcare entities, information supplied by the entity about healthcare providers and other related persons - for example the name of a surgeon at a clinic
  6. For all users, user-supplied information to facilitate continuous improvement of the Caro health product - for example NPS scores
  7. For all users, an audit log of all activity on the platform

Patient’s rights

Your most important data subject rights in the GDPR consist of:

Transparency -- In order to exercise your rights, you first need to know which information we have about you. You can request that we provide you with an overview. 

Control -- We only process patient data if you give us your explicit consent during the signup process. You can revoke this consent at any time, at which point we delete your personal data. You can also request to correct inaccurate information about you, and that we make your data portable, so you can take it with you if you decide to stop using Caro. 

Please see this link for the full list of your data subject rights. 

Because Caro processes patient data on behalf of your health care provider, the law states that they are responsible for making sure you can exercise your data subject rights. This means that you should contact your health care provider to exercise your rights regarding your personal data on the Caro platform. 

Subprocessors of personal data

The Caro application stores personal data with ISO27001 and HIPAA compliant cloud providers:

  1. All user data, including personal healthcare data, is stored in databases running on AWS within the EU
  2. Authentication data is stored in AWS Cognito within the EU

The Caro application does not transfer personal healthcare information outside of the EU. Basic personal information about administrators is sent to Intercom to facilitate customer success and support.

Retention of personal data

The Caro application stores all personal data for 15 years after a user is last active, in order to:

  1. Assist with health care providers’ obligation under article 7:454(3) Dutch Civil Code 
  2. Support historical reporting
  3. Maintain an audit log of activity on the platform

Exceptions to this practice are:

  1. When a user exercises their right to be forgotten - in which case all of their personally identifiable data will be removed from the platform within 45 days of the request (when the last backups with their data expire), and their user data will be anonymised
  2. When a customer terminates their contract, and submits a request for their data to be deleted

Anonymous data

Caro uses anonymous data to:

  1. Create benchmarks
  2. Create aggregated reports
  3. Train machine learning models

Caro makes personal data anonymous by removing all information that could be used to identify a user. This means that after anonymisation, the remaining information cannot reasonably be linked back to the original user. This information could for example tell us that a 50-60 year old male took four weeks to heal after a knee surgery during winter, but not the date of their surgery, their name or their contact details. 

Security measures

See how we approach security at Caro.