Revolutionary Health Care — Privacy Policy
Effective date: 25 October 2025
Who this applies to: Patients, prospective patients, website visitors, referrers, caregivers/parents or guardians, and other individuals who interact with Revolutionary Healthcare.
We use WhatsApp, phone, and email for booking and follow-ups; provide written plans and aftercare; and coordinate referrals through a trusted specialist network. This policy explains how we handle personal data across those activities.
1) Who we are (Data Controller)
Revolutionary Healthcare (“we”, “us”, “our”) is the data controller for the processing described in this notice.
Registered address: Suite #3, 1 Ardenne Rd, Kingston, Jamaica
Contact (privacy): manager@rhcjm.com
2) Scope
This policy covers data collected in-clinic and through our channels (WhatsApp, phone, email), our website and forms, patient education/aftercare, and our concierge/referral coordination with external providers (e.g., labs, imaging centers, specialists).
3) Key definitions
“Personal data”, “processing”, “controller”, “processor”, “supervisory authority”, “special categories of personal data”, “automated decision-making”, and “profiling” have the meanings in the Jamaica Data Protection Act (JDPA)
4) What data we collect
We collect only what is necessary for defined purposes.
|
Category |
Examples |
Source |
|
Identification & Contact |
Name, date of birth, ID numbers (where required by law), address, email, phone/WhatsApp handle |
You; your caregiver/parent (where applicable) |
|
Health/Medical (special category) |
Medical history, symptoms, diagnoses, treatments, photos (if clinically needed), referrals, results |
You; prior providers; our clinicians; labs/imaging |
|
Communication Data |
Messages/call records via WhatsApp/phone/email, appointment details, reminders, written plans/aftercare |
You; our staff; systems |
|
Payment/Billing |
Billing details, invoices, insurance information (if applicable) |
You; payers |
|
Technical (website) |
Device identifiers, IP address, browsing events (via cookies/analytics) |
Your device |
|
Preference/Marketing |
Communication preferences; newsletter opt-in/out |
You |
WhatsApp/phone/email are core channels for booking and follow-up; written summaries and aftercare are routinely provided.
5) How we collect data
- Directly from you during booking, consultation, treatment, aftercare, and ongoing communication.
- From referrers and our trusted specialist network (with appropriate authority/consent or clinical necessity).
- From laboratories and imaging centers providing diagnostic results.
- From IT/EMR and communication systems we use to manage records and communications.
6) Why we process data and our legal bases
We rely on one or more of: contract (Art. 6(1)(b)), legal obligation (Art. 6(1)(c)), vital interests (Art. 6(1)(d)), legitimate interests (Art. 6(1)(f)), and for special-category data, the provision of health/medical care (Art. 9(2)(h)) and, where applicable, explicit consent (Art. 9(2)(a)).
|
Purpose |
Examples |
Legal bases |
|
Clinical care & aftercare |
Consultations, diagnosis, treatment, clinical photos where necessary, written plans |
Contract; legal obligation |
|
Care coordination & referrals |
Booking and communicating with specialists; sharing relevant clinical notes/results |
Contract; legitimate interests; legal obligation |
|
Diagnostics |
Ordering and receiving lab/imaging results |
Contract; legal obligation |
|
Scheduling & communications |
Appointment booking, reminders, follow-up via WhatsApp/phone/email |
Contract; legitimate interests |
|
Safety, quality & training |
Incident management, audit, protocol improvement (pseudonymized when possible) |
Legal obligation; legitimate interests |
|
Billing & finance |
Invoicing, receipts, insurance coordination |
Contract; legal obligation |
|
Marketing |
Educational updates/newsletters; non-essential communications |
Consent; legitimate interests (where permitted) |
|
Website analytics |
Basic analytics/cookies |
Consent (where required); legitimate interests |
|
Compliance & legal claims |
Regulatory requests, complaint handling, defending legal claims |
Legal obligation; legitimate interests |
Coordination with specialists, labs, imaging, and use of IT/EMR/communication providers are core to your model.
7) Children’s data
We treat minors’ data with particular care. Where required by applicable law, we obtain parental authorization for information society services and consent-based processing, and we involve the parent/guardian for clinical decisions unless the minor is legally competent to consent. (You routinely serve parents of teens.)
8) Sharing your data (categories of recipients)
We share data only when necessary and with safeguards:
- Specialist medical providers (referrals/consults) and labs/imaging centers for diagnostics and continuity of care.
- IT/EMR and communications providers that host our patient record systems and messaging infrastructure (e.g., phone/WhatsApp/email platforms).
- Administrative/financial service providers (accounting, legal, HR) as needed.
- Marketing/design partners for patient education materials and website updates (no health data is shared for advertising; any non-essential communications use consent/preferences).
- Regulators, authorities, insurers, and courts where required by law or to establish/exercise/defend legal claims.
We use written data-processing agreements with processors and require appropriate security and confidentiality.
9) International data transfers
Some processors or sub-processors may be located outside your country or outside the EEA. Where transfers occur, we use adequacy decisions or Standard Contractual Clauses (and, where appropriate, supplementary measures).
Because WhatsApp/phone/email are operational channels, we minimize sharing of special-category data over consumer messaging and offer secure alternatives on request.
10) Data retention
We keep data only as long as necessary for the stated purposes and to meet legal, clinical, and regulatory requirements. Retention periods vary by record type and local law. We apply the following baseline schedule (replace bracketed values with local requirements):
|
Record Type |
Baseline retention |
|
Core medical record (adults) |
10 Years |
|
Minor’s medical record |
until age of majority + 10 Years |
|
Diagnostic images/reports |
10 Years |
|
Messaging logs (WhatsApp/email/phone metadata) |
Shortest feasible period for ops & audit, then deletion; message content with clinical value is filed to the EMR and retained per medical record schedule |
|
Billing/financial |
6 Years |
|
Marketing preferences/logs |
While active consent; |
11) Your rights
Subject to applicable law and certain exemptions, you can access, rectify, erase, restrict, object (including to direct marketing), and port your data; and you can withdraw consent at any time without affecting prior lawful processing.
You also have the right to lodge a complaint with the Office of the Information Commissioner.
Contact for requests: manager@rhcjm.com• We respond within one month (extendable where permitted for complex requests).
12) Security measures
We use technical and organizational measures appropriate to the risk, including: role-based access controls; staff confidentiality and training; encryption in transit and at rest where feasible; secure backups; audit logging; vendor due diligence and DPAs; data minimization; retention enforcement; incident response and breach notification procedures.
13) Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects without human involvement.
14) Cookies and similar technologies
See our Cookie Notice for details on cookies/analytics and how to manage preferences. Where consent is required, we will request it through our cookie banner.
15) Marketing communications
We send non-essential communications (e.g., educational updates/newsletters) only with your consent or as otherwise permitted; you can opt out at any time (unsubscribe link or by contacting us). We do not sell personal data or use patient health data for targeted advertising. (Educational updates are part of your brand approach.)
16) Using WhatsApp, phone, and email responsibly
- We avoid including detailed clinical information in WhatsApp/email unless necessary for your care; where sensitive content is involved we prefer secure channels or filing to EMR.
- You can request we limit communications to specific channels.
- We will verify numbers/emails and use templated messages for reminders to reduce data exposure. (Your operations emphasize these channels for booking and follow-up.)
17) Updates to this notice
We may update this policy from time to time. We will post changes on our website and, where appropriate, notify you directly. The effective date appears at the top.
