Privacy statement

This privacy statement is a draft version. Some aspects in this privacy statement might be changed in the future to be in line with the law and best practices.

We\Visit is a project from the Delft University of Technology, Reinier de Graaf Group, Erasmus MC, IC Connect, and Family and Patient Centered Intensive Care. In this privacy statement, it will be explained what personal data We\Visit collects when you use the service.

Topics

  1. What data do we store?
  2. How do we collect your data?
  3. How do we use your data?
  4. How do we store your data?

What data do we store?

To connect you to your loved ones in difficult times, we need to store some information. To be more specific, we require this data to make the connections on the requested times. Privacy is considered of the utmost importance, which is why We\Visit only stores the bare minimum.

We\Visit makes use of the Jitsi Meet software. Below is an excerpt of Jitsi’s Privacy Policy at time of writing showing the data Jitsi stores.

Jitsi Meet does not require users to create accounts. Any information they choose to enter, such as their name or email address is purely optional and is only shared with other meeting participants. We do not retain this information after the meeting.

Other pieces of data such as the chat, or speaker stats, for example, are stored for the duration of the meeting and then destroyed when it ends.

Obviously many of these things can be customized by the configuration of the actual deployment that you are using so we are going to talk about the one we maintain: meet.jit.si

We preserve all of the above defaults but you should absolutely also check out the meet.jit.si Privacy Policy and Terms of Service. https://jitsi.org/meet/privacy https://jitsi.org/meet/terms

There multiple groups of users in the system. For each group we will describe the data We\visit stores, apart from the data stored by Jitsi Meet.

Patient

We store the following information about patients:

  • Name (first name, middle name, and last name)
  • Email address of the contact person
  • Patient ID provided by the hospital
  • The unit of the hospital a patient is in
  • Slots booked for the patient, including past slots

Family members

For family members, we store the following data:

  • Email address of the contact person
  • Name of visitor that is booking a time slot
  • Relation (to the patient) of the visitor booking a time slot

Hospital Staff / Tablet Operators

For the person handling the tablet, be it hospital staff or volunteers, we store the following data:

  • Their username
  • The hash of their password

How do we collect your data?

All data we collect is collected only when using We\Visit service. This concerns data you enter explicitly (e.g. your name) and your interactions with the system (e.g. booking a time slot).

How do we use your data?

We only use the data given to support the functionality We\Visit promises: giving family members an easy way to connect to their loved ones. For example, we require the contact person’s email address to send the meeting token to, the unit of the hospital to show the proper tablets and time slots, and the booked slots to get the tablet to the patient in time.

Data is being used on a need-to-know basis. This means that tablet operators only see what they need to see to fulfil their duties as tablet operator. Only We\Visit administrators have access to the database.

Patients cannot view each other’s data.

How do we store your data?

To comply with the GDPR, all data is stored on We\Visit server located in The Netherlands. Data on digital visits (visitor data and visit metadata) is deleted after 1 year. Server access logs are deleted after 1 month. Management and deletion of patient information is conducted according to the privacy policy of the hospital deploying the instance in question.

Access to data is strictly regulated with only select admins having access to the database. All other entities need to use the website itself, where, as mentioned previously, information is provided on a need-to-know basis.

If you have any questions about the privacy policy or if you want to make use of your rights provided by the GDPR, please contact privacy@wevisit.hospital