XHUMA Healthcare Ltd.

Privacy Policy

Effective Date: 08-07-2025

1. Introduction

XHUMA Healthcare Ltd. ("XHUMA", "we", "our" or "us") is committed to protecting the privacy and confidentiality of all users of our clinic management and healthcare technology solutions. This Privacy Policy outlines how we collect, use, store, share, and protect your information in accordance with the Data Protection Act of Trinidad and Tobago and international best practices including HIPAA and GDPR-aligned principles.

2. What Data We Collect

We collect information that includes:

  • Patient demographics and medical records
  • Appointment and billing data
  • User account credentials and logs
  • Communication history with XHUMA services

3. Use of Data

We use your information to:

  • Provide clinical, administrative, and technical services
  • Maintain secure system operations
  • Comply with legal obligations and health regulations
  • Monitor system usage and audit trails for compliance

4. Data Retention Policy

We retain all client data for the duration of the contract. Upon termination:

  • Clients will have 90 days to retrieve data
  • All data will be permanently deleted after the 90-day window unless retention is required by law
  • Clients may request earlier deletion in writing

5. Your Data Rights

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Receive a copy of your data in structured format

To exercise these rights, please contact:
Mr. Atiba Phillips, Data Protection Officer
Email: privacy@xhuma.co or info@ict.co.tt

6. Security and Confidentiality

We enforce:

  • AES-256 encryption at rest, SSL encryption in transit
  • Role-based access control with session monitoring
  • Daily backups with failover and data recovery
  • Antivirus, firewall, and intrusion detection systems

7. Third-Party Access

XHUMA does not sell or share data with third parties. Hosting providers or subcontractors only access encrypted data for support and infrastructure purposes under strict contractual controls.

8. Security Audits and Penetration Testing

We perform:

  • Quarterly internal security reviews
  • Annual third-party penetration testing
  • Publication of anonymized audit summaries as part of our Security Assurance Report

9. Breach Notification Policy

In the event of a data breach:

  • Affected clients will be notified within 72 hours
  • The notice will include scope, impact, and mitigation steps
  • Regulatory authorities will be informed as required

10. Contact

Mr. Atiba Phillips
Data Protection Officer, XHUMA Healthcare Ltd.
Email: privacy@xhuma.co | info@ict.co.tt
Website: https://healthcare.xhuma.co

This policy may be updated periodically. Continued use of our services constitutes acceptance of the revised policy.