Select Page

Healthguard GDPR Compliance Statement

What is the GDPR?

As of the 25th of May 2018, the EU General Data Protection Regulation (GDPR) strengthens the rights of individuals regarding their personal data and seeks to unify local data protection laws across Europe. GDPR requires new or additional obligations on organizations in the EU processing personal data, and organizations outside the EU processing personal data of EU residents.

GDPR in Healthguard

Healthguard complies with the GDPR and is committed to embrace and uphold the principles of the GDPR in the processing of personal data of all our users. In particular, we aim to ensure:

  • transparency with regard to the use of data
  • that any processing is lawful, fair, transparent, and necessary for a specific purpose
  • that data is accurate, kept up to date, and removed when no longer necessary
  • that data is kept safely and securely

To gain more information on how we collect, store, and process personal data, please see our Privacy Policy.

How does Healthguard protect personal data?

Healthguard takes the privacy and security of individuals and their personal data seriously. We take every reasonable measure and precaution to protect and secure the personal data that we process. We have dedicated information security policies and procedures in place to protect personal data from unauthorized access, alteration, disclosure, or destruction.

We are committed to regularly reviewing our policies for changes, effectiveness, changes in handling of data, and changes to the state of affairs of other countries where your data flows to.

What security measures are in place at Healthguard?

Healthguard has adopted several layers of security measures. For instance:

  • Technical and organizational measures are in place to ensure an appropriate level of security and data integrity for the data we process (encryption, penetration testing, password protection, Secure Socket Layer, and more).
  • Measures are in place to ensure timely and effective notification in the case of a data breach.
  • Healthguard enters into written contracts with all our sub-processors imposing the same level of security and data protection obligations that are undertaken by Healthguard.
  • Access to personal data is provided on a need-to-know basis, and all employees are subject to a duty of confidentiality. Mandatory security, awareness, and privacy training is provided annually.

Does Healthguard respect the fundamental principles of the GDPR?

Healthguard ensures the lawful, fair, and transparent processing of personal data through clearly laying out the purposes for processing, the legal bases for the processing, as well as the rights of the data subject, in our Privacy Policy.

Healthguard ensures that personal data is not processed for purposes other than those clearly defined in our Privacy Policy.

Healthguard ensures that personal data collected is kept to the minimum required for providing the service to the user.

Healthguard has taken steps to ensure that the personal data processed is accurate, and procedures are in place to rectify and/or erase inaccurate information.

Healthguard has procedures in place to ensure that personal data is kept in a form that limits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Healthguard has put in place extensive and appropriate technical and organizational measures to ensure the appropriate security of the personal data against unauthorized and unlawful processing and against accidental loss, destruction, and damage.

How does Healthguard comply with the data subjects´ rights?

Under the GDPR, data subjects have eight rights, and Healthguard is committed to ensuring compliance with each of them:

Healthguard provides information to data subjects about the personal data we process about them, the purposes of processing, and who else the data may be passed to. More information about this can be found in our Privacy Policy.

Healthguard ensures that the data subjects are presented with the opportunity to access, rectify, erase, and/or restrict personal data.

Healthguard ensures that the data subject is presented with the opportunity to ask for any data supplied directly to us by them, to be provided in a structured, commonly used, and machine-readable format (‘data portability’).

Healthguard gives data subjects the opportunity to object to further processing of their data for direct marketing purposes and otherwise as required by the GDPR.

You can exercise your rights by contacting us at privacy@healthguard.systems.

Does Healthguard transfer data to countries outside the EU/EEA?

No, Healthguard stores data at our sub-processors (hosting providers) in EU/EEA.

All of our sub-processors hold the highest level of security and hold ISO270001, SOC2 type 2, or similar.