Heidi diligently adheres to GDPR regulations, safeguarding your personal data with strict protocols and robust security measures, reinforcing trust and accountability in our operations.
We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
Data Minimization
We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
Consent
Consent is important, and we support clinicians in getting clear agreement from patients before using Heidi in a consultation. That’s part of the normal clinical process. From a data protection perspective, Heidi doesn’t rely on consent under GDPR. Instead, we process data on the controller’s instructions, under Article 6(1)(e) (public task) or Article 6(1)(f) (legitimate interests), and Article 9(2)(h) for health data.
Rights of the Data Subject
We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.
Data Protection by Design and by Default
We implement appropriate technical and organizational measures that ensure and demonstrate that we process personal data in compliance with GDPR. This includes measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Related articles
Data Transfer
We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.
Data Breach Notification
We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.
Data Protection Officer (DPO)
We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.
