GDPR COMPLIANCE POLICY
Effective Date: 30th August 2023
1. Introduction
This GDPR (General Data Protection Regulation) policy outlines how hannahgaboardi.com ("we," "our," or "the website") collects, processes, and stores personal data, particularly patients' data, in accordance with the provisions set forth in the GDPR and other relevant data protection laws.
2. Types of Data Collected
We may collect and process the following categories of personal data from patients:
Basic contact information (e.g.: name, email address, phone number)
Medical history and health-related information
Treatment and medication information
Any other information relevant to the patient's medical care and treatment
3. Purpose of Data Collection
We collect and process patients' personal data for the following purposes:
Providing medical care, treatment, and related services
Managing patient appointments and scheduling
Keeping accurate medical records
Communicating with patients about their health and treatment
Complying with legal obligations related to patient data
4. Legal Basis for Data Processing
Our legal basis for processing patients' personal data is typically:
The necessity of processing for the provision of healthcare services
Compliance with legal obligations, particularly in the medical and healthcare sector
Consent obtained from the patient for specific processing activities, where applicable
5. Data Security Measures
We take data security seriously and implement appropriate technical and organizational measures to protect patients' personal data from unauthorized access, loss, alteration, or disclosure. These measures include:
Encryption of sensitive data
Regular security assessments and audits
Access controls and restricted access to patient data
Secure transmission of data over the website
Secure storage on protected servers
6. Data Retention
We retain patients' personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. After this period, the data will be securely deleted or anonymized.
7. Data Subject Rights
Patients have the following rights regarding their personal data:
Right to access: Patients can request access to the personal data we hold about them.
Right to rectification: Patients can request corrections to their inaccurate or incomplete data.
Right to erasure: Patients can request the deletion of their personal data under certain circumstances.
Right to restrict processing: Patients can request limitations on the processing of their data.
Right to data portability: Patients can request their data to be provided in a machine-readable format.
Right to object: Patients can object to the processing of their data in certain situations.
8. Data Breach Notification
In the event of a data breach that poses a risk to patients' rights and freedoms, we will notify the relevant authorities and affected individuals within the timelines prescribed by the GDPR.
9. Contact Information
If patients have any questions, concerns, or requests related to their personal data or this GDPR policy, they can contact us at:
info@hannahgaboardi.com
10. Changes to the Policy
We may update this GDPR policy from time to time to reflect changes in legal or operational requirements. The latest version will always be available on hannahgaboardi.com.
By using hannahgaboardi.com and providing personal data, patients acknowledge and agree to the practices described in this GDPR policy.