GDPR
Heidi diligently adheres to GDPR regulations, safeguarding your personal data with strict protocols and robust security measures, reinforcing trust and accountability in our operations.
Try Heidi - it’s freeSecure your customers' data
We process all personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
We ensure that the collection of personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Consent is important, and we support clinicians in getting clear agreement from patients before using Heidi in a consultation. That’s part of the normal clinical process. From a data protection perspective, Heidi doesn’t rely on consent under GDPR. Instead, we process data on the controller’s instructions, under Article 6(1)(e) (public task) or Article 6(1)(f) (legitimate interests), and Article 9(2)(h) for health data.
We fully support the rights of individuals under GDPR, including the right to access, correct, delete, and restrict processing of their data, the right to data portability, and the right to object.
We implement appropriate technical and organizational measures that ensure and demonstrate that we process personal data in compliance with GDPR. This includes measures to protect data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
We ensure your data remains within the EU/EEA and is protected in accordance with GDPR requirements.
We have in place robust procedures to detect, report, and investigate personal data breaches. We will notify the relevant supervisory authority and affected individuals of a breach when legally required to do so.
We have appointed a DPO responsible for overseeing compliance with GDPR, providing a point of contact for data subjects and supervisory authorities.