GDPR COMPLIANCE POLICY

Effective Date: 30th August 2023

1. Introduction

This GDPR (General Data Protection Regulation) policy outlines how hannahgaboardi.com ("we," "our," or "the website") collects, processes, and stores personal data, particularly patients' data, in accordance with the provisions set forth in the GDPR and other relevant data protection laws.

2. Types of Data Collected

We may collect and process the following categories of personal data from patients:

  • Basic contact information (e.g.: name, email address, phone number)

  • Medical history and health-related information

  • Treatment and medication information

  • Any other information relevant to the patient's medical care and treatment

3. Purpose of Data Collection

We collect and process patients' personal data for the following purposes:

  • Providing medical care, treatment, and related services

  • Managing patient appointments and scheduling

  • Keeping accurate medical records

  • Communicating with patients about their health and treatment

  • Complying with legal obligations related to patient data

4. Legal Basis for Data Processing

Our legal basis for processing patients' personal data is typically:

  • The necessity of processing for the provision of healthcare services

  • Compliance with legal obligations, particularly in the medical and healthcare sector

  • Consent obtained from the patient for specific processing activities, where applicable

5. Data Security Measures

We take data security seriously and implement appropriate technical and organizational measures to protect patients' personal data from unauthorized access, loss, alteration, or disclosure. These measures include:

  • Encryption of sensitive data

  • Regular security assessments and audits

  • Access controls and restricted access to patient data

  • Secure transmission of data over the website

  • Secure storage on protected servers

6. Data Retention

We retain patients' personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. After this period, the data will be securely deleted or anonymized.

7. Data Subject Rights

Patients have the following rights regarding their personal data:

  • Right to access: Patients can request access to the personal data we hold about them.

  • Right to rectification: Patients can request corrections to their inaccurate or incomplete data.

  • Right to erasure: Patients can request the deletion of their personal data under certain circumstances.

  • Right to restrict processing: Patients can request limitations on the processing of their data.

  • Right to data portability: Patients can request their data to be provided in a machine-readable format.

  • Right to object: Patients can object to the processing of their data in certain situations.

8. Data Breach Notification

In the event of a data breach that poses a risk to patients' rights and freedoms, we will notify the relevant authorities and affected individuals within the timelines prescribed by the GDPR.

9. Contact Information

If patients have any questions, concerns, or requests related to their personal data or this GDPR policy, they can contact us at:

info@hannahgaboardi.com

10. Changes to the Policy

We may update this GDPR policy from time to time to reflect changes in legal or operational requirements. The latest version will always be available on hannahgaboardi.com.

By using hannahgaboardi.com and providing personal data, patients acknowledge and agree to the practices described in this GDPR policy.