The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable from May 25, 2018. It regulates how any organization that is subject to this regulation treats and uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you need to comply with the GDPR.
Our GDPR Commitment
Scope Health UK (hereafter referred as Company) stands ready to assist our customers to remain compliant with the GDPR. We only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Adding to this, our approach towards privacy, security, and data protection align with the goals of the GDPR. Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data.
We promise to safeguard customer data.
Scope Health UK as a Data Controller
Scope Health UK recognizes its responsibilities as a data controller towards its customers. Detailed out below are all the steps we are taking towards fulfilling all legal obligations under GDPR, as a data controller.
Data Categorization and Analysis
- We have carried out a detailed data mapping exercise to track the flow of personal data through our systems.
- We have established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.n
- We have also defined clear set of data processes to ensure data quality, data privacy, data access control and security control are periodically monitored for compliance.
- We store personal data with industry standard encryption techniques for as long as we find it necessary to fulfill the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes.
- This means that we may retain your personal data for a reasonable period of time after your last interaction with us.
- When the personal data that we have collected is no longer required, we will delete it in a secure manner.
- We are actively collecting consent from our customers from May 25th 2018, wherever it's applicable-especially in the case of any marketing communication sent to them.
- To give our customers the option to withdraw their consent at any given time, an easy process is being placed for our customers to provide consent during sign up. We want our customers to have complete control over whether they want to receive any communication from us. Customers can write to us at email@example.com to revoke your consent.
Feature Development and GDPR Principles
- We have an active process in place that will guarantee all our product features meet the standards of the GDPR. Our product and engineering teams will consider Privacy by Design and Privacy by Default while designing product features and pushing them to production environment.
Personal Data Collection
The table below provides a summary of how our company uses, retains and shares the categories of personal data which the Company processes, and related information.
|Personal data||How and why we use personal data||Who we share the personal data with||Lawful basis for processing the personal data|
|Contact information, such as title, name, title, email address and phone number||To send you materials you request like whitepapers, details of our events and webinars and to send you other marketing materials by email. If you choose to set up an account, we use your contact information to provide you support for our products.||With our marketing campaign providers' webinar software providers, email platforms, and selective re-sellers or business partners.||Our legitimate interests in promoting our business and assessing the success of our promotional activities|
|Information from your Web browser (such as browser type and browser language), your Internet Protocol ("IP") address, internet service provider (ISP), operating system, date/time stamp, and clickstream data and the actions you take on the Company's Web sites (such as the web pages viewed and the links clicked)||We use this information for what is usually called "analytics" - essentially to understand how visitors move around our Web sites, what content is popular and what is not - and to provide more personalized information about us.||Usage data is collected on our behalf and analyzed by third party analytics providers and marketing campaigners.||Our legitimate interests in monitoring and improving our websites|
|Contact information, such as name, company name, title, email address, mailing address and phone number. Billing information, such as billing name and address, credit card number, and the number of users or systems within the organization that will be using Software and Services.||To onboard a new client for invoicing and payment, to renew licenses and to provide product support to our customers who request via email or ticketing software.||With our payment processing provider. Customer support team based out of India process personal information||Use is necessary for our legitimate interests in providing our Software and Services on a commercial basis and to provide product support to our customers|
Processing Data Outside of European Economic Area (EEA)