Overview
This Data Security Statement describes the general security approach for the Doseclaw website, business inquiry channels, partnership communications and future cooperation discussions relating to intelligent drug dispensing solutions.
Doseclaw operates in a B2B healthcare technology context, where potential cooperation may involve hospitals, pharmacies, care homes, distributors, public-sector bodies, insurance partners, pharmaceutical partners or technical implementation partners.
This statement is provided for general transparency. It does not replace a project-specific security schedule, data processing agreement, technical specification, hospital IT review, procurement assessment or regulatory documentation required for a real-world deployment.
Scope of This Statement
This statement applies to general website interactions and B2B business communications with Doseclaw. It covers information submitted or generated through website visits, contact forms, email communications, demo requests, distributor inquiries, investor inquiries, pilot discussions and similar business channels.
| Area | Covered by this statement | Important note |
|---|---|---|
| Website visits | Basic technical data, server logs, cookie-related data and analytics data where applicable. | Cookie details should be read together with the Cookie Policy. |
| Business inquiries | Name, organisation, role, email, phone, country, inquiry type and message content. | General forms should not be used to submit patient-identifiable information. |
| Demo and pilot discussions | Business, technical and operational information shared during preliminary discussions. | Detailed pilot security requirements must be confirmed separately. |
| Future deployment | May include system, integration, operational, pharmacy or healthcare workflow data. | Requires separate agreements, security review and deployment-specific controls. |
Data We Aim to Protect
Doseclaw’s security approach is designed to protect the confidentiality, integrity and availability of information that may be handled through our website and business communication channels.
Business contact data
Names, job titles, organisations, business emails, telephone numbers, countries and professional roles.
Partnership inquiry data
Institution type, cooperation interest, market focus, demo request, pilot interest and project descriptions.
Technical discussion data
General IT requirements, workflow expectations, deployment preferences and system evaluation notes.
Website technical data
IP address, device data, browser data, page visits, session information, security logs and cookie preferences.
General website forms are not intended for patient-identifiable data, prescription records, diagnosis details, clinical records, medication histories or other sensitive health information.
Security Principles
Doseclaw’s security approach is guided by practical principles appropriate for a B2B healthcare technology website and future deployment discussions.
Risk-based protection
Security controls should reflect the data type, processing context, deployment model and potential impact.
Data minimisation
Only information reasonably needed for website operation, inquiry response or cooperation assessment should be collected.
Need-to-know access
Access to business records and inquiry data should be limited to people or partners with a legitimate business need.
Secure by design
Security, privacy and operational safeguards should be considered early in website, pilot and deployment planning.
Human oversight
Medication-related automation should be supported by appropriate pharmacist review, audit trails and accountability.
Continuous improvement
Security measures should be reviewed as the website, business model, technology and cooperation scope develop.
Technical and Organisational Measures
Doseclaw aims to apply appropriate technical and organisational measures based on the nature of the data, the purpose of processing and the cooperation model involved.
| Measure Area | Examples of Measures | Purpose |
|---|---|---|
| Access control | Role-based access, need-to-know permissions, account management and access review. | Reduce unauthorised access to inquiry data and business records. |
| Authentication | Strong passwords, account protection and stronger authentication for sensitive systems where applicable. | Protect user accounts, administration panels and business tools. |
| Encryption | Secure transmission, encryption for relevant systems and secure handling of stored data where applicable. | Protect data from unauthorised access during storage or transmission. |
| System security | Software updates, vulnerability management, secure configuration and reputable technology providers. | Reduce technical exposure and maintain reliable website operation. |
| Monitoring | Security logs, system alerts, website activity monitoring and abuse detection where applicable. | Identify suspicious activity, technical errors or potential security events. |
| Incident response | Escalation steps, containment, investigation, notification assessment and corrective actions. | Respond appropriately to suspected data or security incidents. |
| Backup and recovery | Backups, recovery planning and restoration processes where applicable. | Support availability and recovery after technical or operational incidents. |
| Staff and partner controls | Confidentiality expectations, internal procedures, limited access and security awareness. | Reduce human error and unauthorised handling of business data. |
The exact measures used may vary depending on the website tools, hosting provider, email system, CRM, analytics tools, cloud services, deployment architecture and contractual obligations involved.
Access Control
Access control is a core part of protecting business inquiry data, partner communications and future project information.
- Need-to-know access: Business and technical data should be accessed only by people who need it for inquiry response, project evaluation or cooperation follow-up.
- Role-based permissions: Website, email, CRM, storage and administration systems should use appropriate permission levels where available.
- Account management: Accounts should be created, updated, suspended or removed based on business need and personnel changes.
- Privileged access: Administrative accounts should receive additional protection and be limited to authorised users.
- Access review: Access rights should be reviewed periodically as the project, website and partner network develop.
Encryption and Secure Transmission
Doseclaw aims to use secure transmission and appropriate encryption controls where relevant to the systems, tools and deployment model involved.
Website connection
The website should use HTTPS / TLS to help protect data transmitted between visitors and the website.
Email and business tools
Email, CRM, storage and collaboration tools should be selected and configured with appropriate security features.
Stored data
Stored data should be protected through provider-level safeguards, access controls and encryption where applicable.
Deployment-specific data
For pilots or deployments, encryption requirements should be assessed according to the data sensitivity and local requirements.
No general website or ordinary email channel should be used to send patient-identifiable information or highly sensitive clinical data unless an appropriate secure channel has been agreed.
Cloud, On-Premises and Hybrid Deployment
Doseclaw may support discussions involving cloud, on-premises or hybrid deployment models depending on the institution, technical requirements, data sensitivity, local infrastructure and jurisdiction.
Flexible service delivery
Cloud-based services may support scalability, remote management, analytics, updates and centralised coordination where appropriate.
Institution-controlled environment
On-premises deployment may be discussed where institutions require local hosting, internal infrastructure control or specific IT governance.
Balanced architecture
Hybrid deployment may combine local system control with selected cloud-based reporting, monitoring, management or support functions.
The appropriate deployment model must be reviewed based on the intended use, institution type, technical environment, regulatory context, data flow, cybersecurity requirements and operational responsibilities.
Website Security
Doseclaw aims to maintain reasonable website security practices to protect the website, inquiry channels and related business communications.
- Use of reputable hosting, domain, email and technology service providers.
- Administrative access controls for website and business systems.
- Website software, theme and plugin maintenance where applicable.
- Spam, abuse and malicious activity reduction measures where applicable.
- Server, system or provider logs for security, troubleshooting and administration.
- Review of website forms to avoid collecting unnecessary sensitive data.
Website security measures may evolve as the website expands, new integrations are added or additional jurisdictions and cooperation models are introduced.
Third-Party Service Providers
Doseclaw may use third-party providers for website hosting, domain management, email, analytics, security, CRM, cloud storage, scheduling, forms, communications, professional services or technical support.
- Provider selection: We aim to use reputable providers appropriate for the website and business purpose.
- Limited access: Providers should access data only as reasonably necessary for their services.
- Contractual safeguards: Where appropriate, service arrangements may include confidentiality, security and data protection obligations.
- International processing: Some providers may process or store data in other countries or regions.
- Ongoing review: Provider choices may be reviewed as Doseclaw’s website, markets and cooperation model develop.
Details about personal data handling should be read together with our Privacy Policy and Cookie Policy.
Data Retention and Minimisation
Doseclaw aims to keep personal data and business inquiry records only for as long as reasonably necessary for the purpose for which they were collected, unless a longer period is required or permitted by law, contract, dispute management or compliance needs.
| Data Area | Security Approach | Retention Approach |
|---|---|---|
| General inquiries | Limited access and appropriate business handling. | Kept for a reasonable period to respond and manage follow-up. |
| Partnership discussions | Access limited to relevant business, technical or management personnel. | Kept while the opportunity remains active and for reasonable business records afterwards. |
| Website logs | Used for security, troubleshooting and system administration where applicable. | Kept based on provider settings, security needs and operational requirements. |
| Cookie and analytics data | Managed according to cookie settings, provider controls and website configuration. | Explained further in the Cookie Policy where applicable. |
Where data is no longer needed, it should be deleted, anonymised or archived according to applicable legal, technical and business requirements.
Incident Response
Doseclaw aims to maintain a practical incident response approach for suspected security events involving the website, business inquiry records or related communication systems.
Identify
Detect or receive notice of a suspected security event, system issue or data incident.
Contain
Take steps designed to limit further exposure, unauthorised access or operational impact.
Assess
Review affected systems, data categories, potential impact, jurisdictions and involved providers.
Notify
Assess whether notification to affected parties, partners, regulators or service providers is required.
Improve
Apply corrective actions, update procedures and review security controls where appropriate.
Incident response steps may vary depending on the nature of the incident, affected data, system architecture, provider involvement, contractual obligations and applicable law.
Pilot and Deployment Security
Any pilot, technical integration or real-world deployment involving healthcare, pharmacy, care home, public-sector or patient-facing workflows requires a separate security and data protection assessment.
Project-specific security review required
Website-level statements are not sufficient for deployment. Each pilot or deployment should define the intended use, data flows, system boundaries, hosting model, access rights, support responsibilities, audit requirements, incident handling and local regulatory expectations.
- Data flow mapping: Identify what data is collected, where it is stored, who can access it and how it moves between systems.
- Role and responsibility mapping: Define responsibilities between Doseclaw, institution, distributor, integrator and other partners.
- Pharmacist and human oversight: Confirm review, approval, exception handling and audit trail requirements.
- Local IT review: Assess network, hosting, device, access, integration, backup and support requirements.
- Data protection documentation: Consider DPIA, DPA, privacy notices, retention schedule and cross-border transfer terms where applicable.
- Security testing: Consider testing, validation, user acceptance, incident simulation and go-live readiness review.
Human Oversight and Auditability
For medication-related workflows, technology should be supported by appropriate human oversight, professional review, operational controls and auditability.
Pharmacist review
Medication-related workflows may require pharmacist approval, exception handling and documented professional responsibility.
Audit trails
System actions, approvals, exceptions, access events and operational changes may need to be recorded based on the deployment model.
Training
Personnel may require training on system use, workflow limits, escalation paths and data handling responsibilities.
Accountability
Institutions should define who is responsible for review, approval, maintenance, monitoring and incident response.
Limitations
No website, email system, cloud service, network, database, device, integration or internet transmission can be guaranteed to be completely secure.
This Data Security Statement does not represent a certification, audit report, regulatory approval, penetration test result, security warranty, service level commitment or confirmation that any particular security standard has been achieved.
Any security commitment for a pilot, deployment, distributor arrangement, integration or commercial project must be documented in a separate written agreement.
Changes to This Statement
Doseclaw may update this Data Security Statement from time to time to reflect changes in our website, technology stack, service providers, security practices, deployment models, legal requirements or partnership structure.
When we make changes, we will update the “Last Updated” date at the top of this page.
Contact Us
If you have questions about this Data Security Statement, website security, deployment security, pilot security, data protection arrangements or technical cooperation discussions, please contact us:
This Data Security Statement is provided as a general website transparency document for Doseclaw and should be reviewed with legal, data protection, cybersecurity and healthcare compliance advisers before use in regulated healthcare, pharmacy, public-sector, patient-facing or cross-border deployment contexts.