glaucoma-case-profiling-logo

Privacy Policy

Galucoma Case Profiling

Last update: 19/01/2026

1. Who We Are

Glaucoma Case Profiling (“we”, “our”, “the Platform”) is a digital service that enables licensed eye care professionals to upload and analyze clinical eye-related data for healthcare purposes.

Data Controller:

  • [Your legal entity name]
  • [Registered address]
  • [Email address]

2. Scope of This Privacy Policy

This Privacy Policy explains how we process personal data of patients that is uploaded by licensed eye doctors using the Platform, as well as limited personal data of registered doctors.

Patients do not interact with the Platform directly.

3. Categories of Personal Data Processed

3.1 Patient Data (uploaded by doctors)

  • Identifying data: name, date of birth
  • Demographic data: gender, race
  • Health data: clinical eye examination data, diagnosis-related information

These data constitute special category personal data under GDPR Article 9.

3.2 Doctor Data

  • Name, professional contact details
  • Account credentials
  • Authentication and access logs

4. How We Receive the Data

Patient data is uploaded solely by licensed eye doctors who are invited to use the Platform. Doctors act as data controllers for patient data.

We act as a data processor on their behalf.

5. Purposes of Processing

We process personal data exclusively for:

  • Clinical case profiling
  • Decision support related to glaucoma care
  • Secure storage and controlled access for authorized doctors

We do not use data for marketing or advertising.

6. Legal Basis for Processing

6.1 Patient Data

Processing is based on:

  • GDPR Article 6(1)(b) – performance of a service, and
  • GDPR Article 9(2)(h) – processing for medical diagnosis and healthcare and/or
  • GDPR Article 9(2)(a) – explicit patient consent obtained by the doctor

Doctors are responsible for ensuring a valid legal basis exists.

6.2 Doctor Data

  • GDPR Article 6(1)(f) – legitimate interest in operating a secure professional platform

3.2 Doctor Data

  • Name, professional contact details
  • Account credentials
  • Authentication and access logs

7. Data Retention

Personal data is retained only for as long as:

  • Required for the provision of the service, or
  • Instructed by the doctor (data controller), or
  • Required by applicable law

Upon termination of a doctor’s account, data is deleted or returned in accordance with our Data Processing Agreement.

8. Data Security

We implement appropriate technical and organizational measures, including:

  • Access controls and role-based permissions
  • Authentication mechanisms
  • Encryption where appropriate
  • Activity logging

9. Data Sharing and Sub-Processors

We do not sell or share personal data for commercial purposes.

We may use trusted technical service providers (e.g. hosting) acting as sub-processors, bound by GDPR-compliant agreements.

A list of sub-processors is available upon request.

10. International Transfers

Personal data is processed and stored within the European Economic Area unless otherwise agreed with the data controller and protected by appropriate safeguards.

11. Data Subject Rights

Patients have the right to access, rectify, erase, or restrict processing of their data.

Requests must be made via the treating doctor, who is the data controller.

12. Cookies

The Platform uses strictly necessary cookies for user authentication and session security. No tracking or analytics cookies are used.

13. Contact

For privacy-related questions:

[privacy@gmail.com]