Privacy Policy

Overview

Welcome to the privacy policy (“Privacy Policy”) of Vision Beta IT Solutions Limited (“Vital Clinic System,” “We,” “Us,” or “Our”).

At Vital Clinic System, we prioritize your privacy and are dedicated to safeguarding your personal information. This Privacy Policy explains how we manage your personal data when you access our website (from any location) or use our software applications. It also outlines your privacy rights and the legal protections available to you.

About Our Services

Vital Clinic System provides medical practice management software for healthcare professionals and operates the “Vital Booking” appointment platform, which is a core component of Vital Clinic System (“Vital Booking”). These Terms apply to your use of Vital Apps, Vital Booking, and all related products, applications, websites, features, and services we offer (“Services”). By engaging with our Services, you acknowledge and agree to these Terms and commit to adhering to them as outlined below.

Key Information and Identity

Objective of This Privacy Policy

This Privacy Policy outlines how Vital Clinic System and Vital Booking collect, process, utilize, and share personal data when you engage with our products, services, or features (“Services”), including any information you provide during purchases or interactions.

We encourage you to review this Privacy Policy alongside any additional privacy notices or fair processing policies we may provide during specific data collection or processing activities. This ensures you fully understand how and why we handle your data. This Privacy Policy complements other notices and does not replace them.

We are dedicated to protecting the privacy and confidentiality of your personal information. This Privacy Policy complies with the Personal Data (Privacy) Ordinance (Cap. 486). By accessing, downloading, or using our Services and providing your information, you consent to this Privacy Policy and acknowledge understanding its terms. We invite you to review our privacy practices and reach out with any questions.

Links to Third-Party Websites

Our Services may occasionally include links to websites operated by our partners, advertisers, or affiliates. Please be aware that these external websites and their associated services have their own privacy policies. We are not responsible or liable for these policies or for any personal data, such as contact or location information, collected through these websites or services. We recommend reviewing their privacy policies before submitting any personal data or using their services.

‍Collection of Personal Data

Personal data, or personal information, refers to any information relating to an individual that can identify them. This does not include data where identifying information has been removed (anonymous data).

Typically, we process personal data collected by healthcare providers through Vital Clinic System. For example, a doctor or clinic may record details such as patient complaints, findings, diagnoses, actions taken during consultations, prescription details, health metrics (e.g., BMI, blood pressure, glucose levels), and other medical data uploaded to our systems, such as X-ray or radiology images.

To deliver our Services, we may collect, use, store, and transfer various types of personal data, categorized as follows:

Identity Data: Includes identification numbers (e.g., HKID), first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender.
Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
Technical Data: Includes internet protocol (IP) address, login details, browser type and version, time zone and location settings, browser plug-in types and versions, operating system, platform, and other device-related information used to access our website or Services.
Profile Data: Includes your username, password, purchase or order history, interests, preferences, feedback, and survey responses.
Usage Data: Includes details about how you interact with our website, products, and Services.
Marketing and Communications Data: Includes your preferences for receiving marketing materials from us or our third parties and your communication preferences.

If you use Vital Booking, we may also collect, use, store, and transfer Medical Data, which includes details about your previous healthcare providers, reasons for your visit, visit dates, payment methods, and other medical information you choose to provide.

Aggregated Data

We collect, use, and share aggregated data, such as statistical or demographic information, for various purposes (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data under the law, as it does not directly or indirectly identify you. For instance, we may aggregate Usage Data to determine the percentage of users engaging with specific features of our website or software. If Aggregated Data is combined with personal data in a way that could identify you, we treat the combined data as personal data and handle it in accordance with this Privacy Policy.

We do not collect special categories of personal data, such as information about your race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, genetic or biometric data, or details about criminal convictions or offenses.

Failure to Provide Personal Data

If we are required to collect personal data by law or under the terms of a contract with you, and you do not provide the requested data, we may be unable to fulfill the contract (e.g., to provide goods or services). In such cases, we may need to cancel a product or service, but we will notify you if this occurs.

De-identified Data

We use de-identified data for the following purposes:

To provide our AI Services, such as generating insights for healthcare professionals, transcribing audio, and extracting text from documents, leveraging models from Third-Party AI Providers.
To monitor and analyze usage to ensure service performance and security.
To comply with legal requirements, such as data retention obligations.

Our AI conversation outputs, provided as part of the Service, contain only de-identified data.

No AI Training: In line with principles similar to those in OpenAI’s Enterprise Privacy Policy (https://openai.com/enterprise-privacy/), neither we nor our Third-Party AI Providers use data submitted to our Services—including de-identified healthcare data, audio transcriptions, or extracted text—for training or enhancing AI models. Our Third-Party AI Providers are contractually barred from using your data for model training or any unauthorized purposes. Any improvements to AI models are made using separate, non-customer datasets that comply with applicable privacy laws.

How Your Personal Data Is Collected

We employ various methods to gather data from and about you, including the following:

Direct Interactions

You may provide us with your Identity, Contact, and Medical Data when you engage with our Services or communicate with us via mail, phone, email, or other channels. This includes personal data you supply when you:

Sign up for our products or Services;
Register an account on our website or through our applications, Vital Clinic System and/or Vital Booking;
Opt in to receive marketing communications;
Participate in a promotion or survey; or
Submit feedback or contact us.

Automated Technologies or Interactions

As you navigate our website or use our Services, we automatically collect Technical Data about your device, browsing behavior, and patterns. We utilize cookies and other tracking technologies to differentiate you from other users, store your preferences, and enhance your experience. These tools also enable us to optimize and improve our Services.

Third Parties or Publicly Available Sources

We may obtain personal data about you from third parties or public sources, as outlined below, for specific purposes:

Substitute decision-makers or authorized individuals (e.g., parents, guardians, or family members); and/or
Healthcare providers (e.g., doctors or clinics) and their authorized users.

Consent and Transparency

By using our Services, you confirm that:

You have secured all necessary consents from patients, where required, prior to uploading audio recordings or documents, in compliance with applicable laws (e.g., privacy and surveillance regulations).
Any AI conversation dialogue provided as part of the Service output will contain only de-identified data.
You are responsible for ensuring that any uploaded data is de-identified and adheres to relevant privacy laws.

By engaging with Vital Clinic System or clinics utilizing our system, you agree to:

The collection, use, and transmission of your personal and appointment data as outlined in this Privacy Policy.
The synchronization of appointment data between Vital Clinic System and Vital Booking to facilitate efficient clinic operations.
The use of your data to manage clinic schedules and securely communicate appointment details.

‍Use of Your Personal Data

We collect and use your personal information for various purposes, which may include, but are not limited to, the following:

Purpose	Legal Basis for Processing
Managing our products and Services, including fulfilling our obligations to you and delivering relevant Services as discussed before subscribing to a product or Service.	To perform our Services or to take steps prior to entering into a contract with you.
Providing Services, such as responding to inquiries or informing you about updates or changes.	To perform our Services and pursue our legitimate interests in maintaining and enhancing our relationship with you.
Maintaining records of your information and conducting internal business administration.	To comply with our legal obligations.
Designing and offering related products and Services.	Our legitimate interests in improving our products and Services, providing value-added offerings, developing our business, and understanding how our products are utilized.
Performing research and statistical analysis, including the use of new technologies.	Our legitimate interests in advancing our Services and gaining insights.
Any other purposes incidental or related to the above.	As applicable to the specific purpose and legal basis.

Additionally, we may use the personal data you provide (excluding patient data), combined with other information, to send you direct marketing offers via electronic and non-electronic methods, such as email or postal mail. This may include introducing products and services from carefully selected third parties, also sent by post. The legal basis for this processing is your consent.

We will only process your personal data for the purposes for which it was collected, unless we reasonably determine that another purpose is compatible with the original one. If you seek clarification on how a new purpose aligns with the original, please contact us.

Should we need to use your personal data for an unrelated purpose, we will notify you and provide the legal basis for doing so.

Please be aware that we may process your personal data without your knowledge or consent, in accordance with the above rules, where required or permitted by law.

Data Transmission and Synchronization

Vital Clinic System automatically synchronizes data with Vital Booking to ensure seamless clinic operations. This includes:

Receiving appointment details from Vital Booking for clinic scheduling.
Transmitting doctors’ available time slots and clinic information to Vital Booking for real-time updates.
Sharing necessary data with clinic staff to facilitate appointment management.

All data transmissions are protected using secure, encrypted protocols to prevent unauthorized access. We employ industry-standard security measures to safeguard your data during transmission and storage.

Sharing of Your Information

We share your information with third parties only as outlined in this Privacy Policy and for the following purposes:

Service Providers and Partners: We may share your personal data with third-party service providers (such as insurers, lawyers, accountants, bankers, financial institutions, trustees, and providers of administrative, telecommunications, IT, payment, printing, or redemption services) to support our business operations. Additionally, we may share data with professional advisors, debt collection agencies, financial or health institutions, and partnerships for purposes described in this Privacy Policy. Where applicable, we may also disclose your personal data to financial crime prevention agencies, legal, regulatory, or governmental authorities.
Aggregated Data: We may share non-personally identifiable demographic data (e.g., gender, date of birth) and Technical Data with advertisers and other third parties in an aggregated form that does not identify you.
Business Transfers: In the event of a merger, sale, or acquisition involving Vital Clinic System, we may transfer your personal data to another entity. We will make reasonable efforts to notify you before your information is transferred and becomes subject to a different privacy policy.
International Transfers: We may process your personal data in a country other than your place of residence. When transferring your data, we implement appropriate safeguards and comply with the laws of the destination country. You may request details of these safeguards by contacting us.

We do not sell or share your personal information with third parties, except in the following cases:

With clinics, doctors, and staff directly involved in your appointment to facilitate scheduling and service delivery.
With Vital Booking to enable synchronized appointment management.
When required by law or to comply with legal processes in Hong Kong.
With trusted service providers who assist in operating our system, all of whom are bound by strict confidentiality agreements.

Third-Party Service Providers

Vital Clinic System utilizes third-party cloud service providers for data storage. These providers are not permitted to access personal data except under the direct supervision of Vital Clinic System or pursuant to a contractual agreement with us. Such agreements include strict security and confidentiality obligations and are designed to comply with the requirements of DPP2(3) and DPP4(2) of the Personal Data (Privacy) Ordinance (Cap. 486).

International Data Transfers

Your data is stored on secure cloud servers, which may be located outside of Hong Kong. Additionally, our Third-Party AI Providers may process data in jurisdictions beyond Hong Kong. We ensure that all international data transfers adhere to applicable laws by implementing safeguards, such as contractual clauses, to maintain privacy protections comparable to those required in Hong Kong. Our Third-Party AI Providers and their subprocessors are contractually prohibited from using your data for AI training or any unauthorized purposes.

Controlling Your Personal Information

You can opt out of data collection by unsubscribing from our Services, such as Vital Clinic System or Vital Booking. You may follow the standard unsubscribe procedures provided through your device, the mobile apps’ marketplace, or network.

Regarding the use of your personal data, you have the following rights:

Request a copy of your personal data (we may charge a reasonable fee for processing this request).
Request corrections to inaccurate personal data or completion of incomplete data.
Lodge a complaint with a data protection authority or other independent regulator regarding our use of your personal data.

Complete Control Over AI Conversation Data: You can delete specific AI conversation dialogs, datasets, transcriptions, or extracted text directly via our platform’s user interface at any time, without needing to contact us. Deleted data is securely erased from our systems and those of our Third-Party AI Providers, in accordance with any legal retention obligations.

To exercise these rights or seek further explanation about them, please refer to the Contact Us section below for details on how to reach us. We may monitor or record communications, such as calls, for training, security, or quality assurance purposes.

Your Legal Rights

You have the right to file a complaint with the Office of the Privacy Commissioner for Personal Data (“Commissioner”), Hong Kong’s supervisory authority for data protection matters (www.pcpd.org.hk), at any time. We would, however, value the opportunity to address your concerns directly before you contact the Commissioner. Please reach out to us first, as outlined in the Contact Us section.

Data Retention

We will store the personal data you provide to us for the duration of your use of our Services and for seven years following the termination of our customer relationship, or longer if mandated by law. In certain cases, such as when a dispute arises, we may need to retain your personal data for an extended period.

Security

Protecting your personal information is a top priority for us. We implement appropriate administrative, physical, and procedural safeguards to protect your data from loss, theft, and unauthorized access. For instance, we restrict access to your information to authorized employees, contractors, and third parties who require it to operate, develop, or enhance our Services.

In the event that we discover your personal information has been disclosed in a way that violates this Privacy Policy, we will make reasonable efforts to inform you of the nature and scope of the disclosure (to the extent we are aware) as promptly as possible, in accordance with applicable laws.

Lost or Stolen Information

You are required to promptly inform us if your personal data is lost, stolen, or accessed without authorization. Upon notification, we will promptly delete that personal data from your account and update our records accordingly within a reasonable timeframe.

Updates and Changes to Privacy Policy

We may revise, amend, or update this Privacy Policy at any time, and we encourage you to review it regularly. We will notify you of any changes, including their effective date, as required by law. By continuing to use our Services after we post updates to the Privacy Policy on our website or software applications, you acknowledge the changes and agree to comply with the updated Privacy Policy. If you do not accept the updates or changes, you may discontinue using our Services. The use of any information we collect will be governed by the Privacy Policy in effect at the time of collection.

Direct Marketing

We may send you information regarding our products, services, and those offered by carefully selected third parties.

From time to time, we may also wish to contact you via electronic means to share details about products, services, or special offers. We will only do so if you have provided your explicit consent to receive such communications.

If at any point you decide to withdraw your consent or opt out of receiving electronic or non-electronic direct marketing, you can easily notify us using any of the methods outlined in the Contact Us section.

‍Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please feel free to contact us at info@vitalclinicsystem.com.

No Fee Usually Required

You will not be charged a fee to access your personal data or to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. In certain situations, we may also refuse to comply with your request under these circumstances.

What We May Need from You

To process your request, we may ask for specific information to confirm your identity and verify your right to access your personal data or exercise your other rights. This is a security measure to ensure that personal data is not shared with anyone who is not authorized to receive it. Additionally, we may contact you to request further details to expedite our response.

Time Limit to Respond

We aim to respond to all legitimate requests within one month. In some cases, if your request is particularly complex or involves multiple requests, it may take us longer. If this happens, we will notify you and keep you informed of any updates.