Our Commitment to

Data Privacy and Security

At VestaConnect, we prioritize the safety and confidentiality of our users' information. Our commitment to maintaining the highest standards of data privacy ensures that families can connect with their loved ones with complete peace of mind, knowing their sensitive information is protected. The VestaConnect platform was built with security at its foundation, and we routinely test and audit our security controls to ensure that we continously improve our methods to keep pace with the complex and ever evolving threat landscape. Please do not hesitate to reach out to us if you have any questions regarding our data privacy or cyber security policies.

Your Privacy Matters

At VestaConnect, we prioritize your privacy and security. Our commitment to safeguarding your personal information ensures that you and your loved ones can focus on what truly matters: quality care and connection.  While we are always happy to answer questions about our approach to security and privacy, here are some answers to common questions that we receive.  We have also included a copy of our privacy policy below for reference. 

  • How often are security updates performed?

    We perform regular security updates and audits to ensure our systems are secure. Our proactive approach helps us identify and mitigate potential vulnerabilities.

  • Can I delete my data?

    Yes, you have the right to request the deletion of your personal data at any time. Please contact our support team to initiate this process.

    Contact Support

  • What is VestaConnect's data retention policy?

    We retain your data only as long as necessary to provide our services and to comply with all relevant legal and regulatory requirements. Data that is no longer required to deliver the service or for compliance reasons is securely deleted.

  • How does VestaConnect ensure user-friendly access?

    Our platform is designed to be intuitive and easy to use, ensuring that all users, regardless of their technical expertise, can navigate it with confidence.

  • What if I need further assistance?

    Our customer support team is always available to assist you with any questions or concerns regarding your privacy and security.

    Contact Support

  • How does VestaConnect protect my data?

    We implement advanced encryption protocols, secure data storage solutions, and comprehensive cyber security controls to protect your data from unauthorized access and/or misuse. Our team continuously monitors and updates our security measures to stay ahead of potential threats.

  • Is my information shared with third parties?

    No, we do not share your personal information with third parties without your explicit consent. Your privacy is our top priority, and we ensure that your data remains confidential.

  • What measures are in place for data compliance?

    VestaConnect adheres to all relevant data protection regulations, including GDPR and HIPAA. Our compliance team regularly reviews our practices to ensure we meet the highest standards of data privacy.

  • How can I access my data?

    You can easily access your data through your VestaConnect account. If you have any questions or need assistance, our support team is here to help.
    Contact Support

  • What should I do if I have privacy concerns?

    If you have any concerns regarding your privacy or data security, please reach out to our dedicated support team. We take all inquiries seriously and are committed to addressing your concerns promptly.
    Contact Support

Privacy Policy

VestaTech is committed to protecting the privacy and security of personal data collected, processed, and stored through our VestaConnect platform. This Data Privacy Policy explains how we handle sensitive information, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).

Scope

This Privacy Policy applies to all users of the VestaConnect platform, including healthcare providers, administrators, and patients who interact with the platform. It covers:

Personal Data (as defined under GDPR)

Protected Health Information or PHI (as defined under HIPAA)

By accessing or using VestaConnect, you acknowledge and consent to the practices described in this policy, including those related to HIPAA and GDPR compliance.

Types of Data Collected

We collect the following categories of data:

Personal Identifiers: Name, email address, phone number, and date of birth.

Health Information: Medical history, treatment data, prescriptions, and diagnoses.

Account Data: Login credentials, usage logs, and activity records.

Technical Information: IP addresses, browser types, operating systems, and device identifiers.

How VestaTech Collects Data

Directly when users register, submit forms, engage with the platform, or communicate with us.

Automatically through cookies and other tracking technologies when you access the platform.

From third-party service providers, such as healthcare institutions, or other authorized partners.

How We Use Your Information

We process data to:

Provide VestaConnect services that do not function adequately without data.

Facilitate communication between healthcare providers and patients.

Comply with legal and regulatory obligations, including HIPAA and GDPR.

Prevent unauthorized access, fraud, and other security threats.

Deliver customer support and resolve technical issues.

Conduct research and analytics to enhance platform functionality.

Data Sharing and Disclosure

We do not sell your data. However, we may share data under the following circumstances:

With Your Consent: When you provide explicit consent for data sharing.

With Service Providers: Third-party vendors assisting in operations, IT support, and analytics.

For Legal Compliance: To comply with legal obligations, enforce policies, or protect rights under HIPAA and GDPR.

For Emergency Situations: To prevent harm to individuals or the public.

Data Security Measures

We employ industry-standard measures to safeguard your data and ensure HIPAA and GDPR compliance:

Encryption for data at rest and in transit.

Multi-factor authentication and role-based access controls.

Regular security audits, vulnerability assessments, and penetration testing.

Incident response procedures to manage and report data breaches as required by HIPAA and GDPR.

Backup systems to ensure data recovery.

Your Rights and Choices

GDPR Rights (EU Residents)

You have the following rights under GDPR:

Access: Request access to your personal data.

Correction: Rectify inaccurate or incomplete data.

Deletion: Request erasure of your data under specific conditions.

Restriction: Limit processing of your data.

Portability: Request data in a portable format.

Objection: Object to data processing based on legitimate interests.

Withdraw Consent: Revoke consent at any time.

To exercise these rights, please contact support@vestaconnect.com.

HIPAA Rights (U.S. Residents)

Under HIPAA, you have the right to:

Access your PHI and request copies.

Request amendments to your health data.

Receive an accounting of disclosures.

Request restrictions on certain data uses.

File complaints if privacy rights are violated.

To make HIPAA-related requests, please contact support@vestaconnect.com.

Data Retention

VestaTech retains data only for as long as necessary to fulfill the purposes outlined in this policy or comply with legal obligations:

HIPAA: Minimum 6 years for health data.

GDPR: Retention based on the purpose and consent provided.

When no longer required, data is securely deleted or anonymized.

Cookies and Tracking Technologies

VestaTech does make reasonable use of cookies and similar technologies to enhance user experience, analyze usage, and improve security.

Children’s Privacy

The VestaConnect platform and its components are not intended for use by individuals under the age of 18. VestaTech does not knowingly collect data from minors.

Data Breach Notification

In the event of a data breach:

HIPAA: In the United States affected individuals and the Department of Health and Human Services (HHS) must be notified within 60 days of discovery.

GDPR: In the EU, supervisory authorities must be notified within 72 hours of discovery.

Updates to This Policy

This policy will be reviewed and updated at least annually.

Contact Us

For questions about this policy or to exercise your data privacy rights, please contact support@vestaconnect.com.

Thank you for trusting VestaTech to protect your data. Your privacy and security are our highest priorities.


Learn More about VestaConnect

Our dedicated team is here to assist with any questions or concerns you may have regarding the VestaConnect platform. Please reach out to us anytime!