Search Our Knowledge Base…
Search Knowledge
Legal Docs
GDPR Compliance
The GDPR is an important component of EU privacy law and human rights law.
Written By: Shubham Aggarwal
Last Updated on December 25, 2023
Legal Docs
GDPR Compliance
The GDPR is an important component of EU privacy law and human rights law.
Written By: Shubham Aggarwal
Last Updated on December 25, 2023
Legal Docs
GDPR Compliance
The GDPR is an important component of EU privacy law and human rights law.
Written By: Shubham Aggarwal
Last Updated on December 25, 2023
INTERNATIONAL USE AND THE GDPR
FyndFlow Platform advises both its Client/Users and practicing Platform Providers to be aware of and respect and comply with the local laws of any international based Client. FyndFlow is cognizant and respects the formal promulgation of the existing European Union (EU) data privacy regulations. The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA and is commonly referred to as “GDPR.” FyndFlow has always respected our Client’s Privacy (see our Privacy Policy) and we were already a HIPAA certified platform following stringent data privacy rules
The basic tenants of the promulgated GDPR regulations include, but are not limited to the following:
Disclosure when you sell, transfer or third party marketing of User’s data: As outlined in this Terms of Use, FyndFlow does not sell or transfer Client data and any marketing efforts are focused solely on internal information updates to our registered Clients.
Access to collected data: At FyndFlow, you already have the ability to access your shared data (Your personal information, your emergency contact information and all your interactions with your Providers) and use it as you wish.
Clear Consent: At FyndFlow our Terms of Use are clear on what consent we seek with regards to your data and prior to your engagement with your Provider, you review and agree to a further “informed consent” process.
Security: At FyndFlow we have encrypted our data from day one and has stored all Private Health Information with full HIPAA compliance and in an anonymized form as required by the GDPR.
Notice/Audit: At FyndFlow, we will provide our Clients notice of any data breach and we employ a full time security Officer, as well as engaging a third party security firm to periodically audit both or code and technology security as well as our HIPAA policies and procedures around data security.
Finally, dependent of your EU country or origin, the GDPR takes into account what was previously termed the right “to forget” or request deletion of your data once you cease using a particular application or site. This particular tenant of the GDPR may conflict with applicable medical records retention laws. In the United States, this requires at least seven years of retention, which is common around the world and is sometime up to ten years or more in certain countries. So, unlike some data platforms, FyndFlow cannot erase private health data directly upon a Client’s request, as it may be considered essential for other medical file retention purposes. Applicable individual country medical retention laws are generally considered an acceptable exception to the GDPR regulations regarding the right to deletion of certain data.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have 45 days to respond to you. If you would like to exercise any of these rights, please contact us on fyndflow@gmail.com
INTERNATIONAL USE AND THE GDPR
FyndFlow Platform advises both its Client/Users and practicing Platform Providers to be aware of and respect and comply with the local laws of any international based Client. FyndFlow is cognizant and respects the formal promulgation of the existing European Union (EU) data privacy regulations. The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA and is commonly referred to as “GDPR.” FyndFlow has always respected our Client’s Privacy (see our Privacy Policy) and we were already a HIPAA certified platform following stringent data privacy rules
The basic tenants of the promulgated GDPR regulations include, but are not limited to the following:
Disclosure when you sell, transfer or third party marketing of User’s data: As outlined in this Terms of Use, FyndFlow does not sell or transfer Client data and any marketing efforts are focused solely on internal information updates to our registered Clients.
Access to collected data: At FyndFlow, you already have the ability to access your shared data (Your personal information, your emergency contact information and all your interactions with your Providers) and use it as you wish.
Clear Consent: At FyndFlow our Terms of Use are clear on what consent we seek with regards to your data and prior to your engagement with your Provider, you review and agree to a further “informed consent” process.
Security: At FyndFlow we have encrypted our data from day one and has stored all Private Health Information with full HIPAA compliance and in an anonymized form as required by the GDPR.
Notice/Audit: At FyndFlow, we will provide our Clients notice of any data breach and we employ a full time security Officer, as well as engaging a third party security firm to periodically audit both or code and technology security as well as our HIPAA policies and procedures around data security.
Finally, dependent of your EU country or origin, the GDPR takes into account what was previously termed the right “to forget” or request deletion of your data once you cease using a particular application or site. This particular tenant of the GDPR may conflict with applicable medical records retention laws. In the United States, this requires at least seven years of retention, which is common around the world and is sometime up to ten years or more in certain countries. So, unlike some data platforms, FyndFlow cannot erase private health data directly upon a Client’s request, as it may be considered essential for other medical file retention purposes. Applicable individual country medical retention laws are generally considered an acceptable exception to the GDPR regulations regarding the right to deletion of certain data.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have 45 days to respond to you. If you would like to exercise any of these rights, please contact us on fyndflow@gmail.com
INTERNATIONAL USE AND THE GDPR
FyndFlow Platform advises both its Client/Users and practicing Platform Providers to be aware of and respect and comply with the local laws of any international based Client. FyndFlow is cognizant and respects the formal promulgation of the existing European Union (EU) data privacy regulations. The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA and is commonly referred to as “GDPR.” FyndFlow has always respected our Client’s Privacy (see our Privacy Policy) and we were already a HIPAA certified platform following stringent data privacy rules
The basic tenants of the promulgated GDPR regulations include, but are not limited to the following:
Disclosure when you sell, transfer or third party marketing of User’s data: As outlined in this Terms of Use, FyndFlow does not sell or transfer Client data and any marketing efforts are focused solely on internal information updates to our registered Clients.
Access to collected data: At FyndFlow, you already have the ability to access your shared data (Your personal information, your emergency contact information and all your interactions with your Providers) and use it as you wish.
Clear Consent: At FyndFlow our Terms of Use are clear on what consent we seek with regards to your data and prior to your engagement with your Provider, you review and agree to a further “informed consent” process.
Security: At FyndFlow we have encrypted our data from day one and has stored all Private Health Information with full HIPAA compliance and in an anonymized form as required by the GDPR.
Notice/Audit: At FyndFlow, we will provide our Clients notice of any data breach and we employ a full time security Officer, as well as engaging a third party security firm to periodically audit both or code and technology security as well as our HIPAA policies and procedures around data security.
Finally, dependent of your EU country or origin, the GDPR takes into account what was previously termed the right “to forget” or request deletion of your data once you cease using a particular application or site. This particular tenant of the GDPR may conflict with applicable medical records retention laws. In the United States, this requires at least seven years of retention, which is common around the world and is sometime up to ten years or more in certain countries. So, unlike some data platforms, FyndFlow cannot erase private health data directly upon a Client’s request, as it may be considered essential for other medical file retention purposes. Applicable individual country medical retention laws are generally considered an acceptable exception to the GDPR regulations regarding the right to deletion of certain data.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have 45 days to respond to you. If you would like to exercise any of these rights, please contact us on fyndflow@gmail.com