Get A Demo

CAREAR SECURITY AND TRUST CENTER

icon lock network white

Compliance Engineered for the Cloud

To affirm our unwavering commitment to Trust, CareAR upholds compliance reports and attestations as a testament to our core values

A-LIGN SOC 2 Badge

SOC 2

The SOC2 Type 2 report is an independent auditor’s attestation of the security controls that CareAR has had in place during the report’s coverage period. This report is provided for customers and prospects to review to ensure No Exceptions to the documented policies and procedures in the policy documentation.

icon globe purple

GDPR

General Data Protection Regulation
The European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018. This regulation is the EU’s attempt to provide better protection of personal data and privacy protection for EU citizens and to allow them greater control over their personal data.

Learn more

CareAR was founded after the GDPR went into effect which gave us the advantage of designing a service with privacy protections included from the beginning. The protection of personal data is fundamental to the trust CareAR users expect when choosing our service. This publication contains highlights of our commitment to privacy and data protection. Our formal description is available on our website here: https://carear.com/privacy-policy/

Compliance, Policy and Process

 

From the beginning, CareAR worked diligently to meet both the spirit and requirements of GDPR. Here are several additional highlights of what we do to comply.

Privacy Policy

We are transparent about our commitment to personal data protection and privacy as described in our Privacy Policy which reflects the steps that we take to ensure users’ ability to control how we store, secure and use their personal data. Our policy is easily accessible at https://carear.com/privacy-policy/ with the latest revision date and a summary of the most recent changes displayed. There, we explain what personal data we collect, for what purposes we collect it, our commitment to handling and storing it securely, and how individuals may exercise their rights as to their personal data under GDPR.

On the privacy page on our website (link above), CareAR sets forth the process for data subjects to exercise their rights and provides a link to communicate with us on privacy-related topics such as when data subjects want to request a copy of their personal data, request deletion or restrict processing of it, or if they wish to withdraw their consent to use of their personal data. As the law requires, before we process any data subject requests, the data subject must reasonably authenticate themselves and provide assurances that the personal data belongs to them. To the extent required by our customer contracts, where we are able to associate a data subject with a specific customer, we consult with the customer to confirm that we may comply with the data subject’s request.

Subprocessors

A list of our subprocessors is publicly available at http://carear.com/gdpr-subprocessors and we have contractual arrangements with each that satisfy GDPR requirements. This list is evergreen and will be promptly updated as we bring new subprocessors into our production environment.

Xerox Infosec

Finally, as part of Xerox, we have the benefit of consultation with Xerox’s global Chief Privacy Officer and information security team. This bolsters our commitment to data protection and privacy and ensures that we have internal policies, processes, and protections in place for the personal data we handle. In addition, our employees are all required to take annual information security and privacy training to ensure that they understand how to handle and protect personal data. We also have well-documented methods for our employees to report potential security incidents as well as an anonymous whistleblower hotline to report abuses without the fear of retribution.

Our Ongoing Commitment To Privacy And Data Protection

At CareAR, we believe that this process does not end with GDPR regulations. We are committed to continually improving the protection of the personal data we collect and process

Privacy Team Contact Information

Data Privacy Team
CareAR Holdings
201 Merritt 7
Norwalk, CT 06851-1056
Attn: Compliance Department – Privacy
CareARPrivacy@carear.com

Recommended Resources

icon security checklist

Privacy Policy

icon lock shield

Security & Privacy Measures

icon chip

Sub-Processor Lists

icon database

Data Processing Addendum

icon firewall

Network Firewall Settings

icon contact card

PII White Paper

icon medical

CareAR and HIPAA

icon question

Security and Privacy FAQ

icon email alert

Stay Informed

Sign up to the CareAR information security & critical update notifications

Subscribe >

icon email alert

Stay Informed

Sign up to the CareAR information security & critical update notifications

Subscribe >

icon security alert

Report a Security Issue

XSRC investigates Xerox product/service vulnerability reports.

Report issue now >

icon security alert

Report a Security Issue

XSRC investigates Xerox product/service vulnerability reports.

Report issue now >

Transform your service organization with augmented reality and computer vision

Schedule A Demo