Data Processing Addendum
Data Processing Addendum
This Data Processing Addendum (“DPA”) is applicable when Patient7.com (“Patient7”) processes personal data subject to the General Data Protection Regulation (GDPR) on behalf of an organization or person (“Subscriber”) subscribing to Patient7’s clinic management platform (the “Services”).
This DPA is integral to and constitutes part of the Terms of Use for the Services and will remain in effect for as long as the Subscriber holds a valid paid subscription to the Services.
Terminology
- GDPR: Refers to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
- Personal Data: Encompasses any information pertaining to an identified natural person or details that can be utilized, directly or indirectly, to identify a natural person. This includes but is not limited to name, address, email address, username, credit card information, billing information, health information, or similar data.
- Process or Processing: Denotes the collection, use, storage, disclosure, erasure, or destruction of Personal Data, or any other operation performed on Personal Data, whether automated or not.
Terms
- Roles:
The Subscriber is deemed the “Controller,” responsible for determining the purposes and means of Personal Data Processing.
Patient7 acts as the “Processor,” serving as the service provider that Processes Personal Data on behalf of the Subscriber. Both parties pledge compliance with applicable GDPR provisions based on their respective roles.
- Purpose and Duration of Processing:
Personal Data will be Processed solely for the provision and utilization of the Services.
Processing will continue as long as the Subscriber maintains a valid paid subscription to the Services.
- Categories of Personal Data:
Specific categories of Personal Data to be Processed are determined by the Subscriber and may encompass information such as name, address, email address, telephone number, health insurance details, billing information, and health-related data.
Individuals whose Personal Data may be Processed include employees, contractors, and patients of the Subscriber.
Obligations:
Patient7 will:
- Ensure confidentiality commitments from authorized personnel and implement security measures to protect the security, confidentiality, and integrity of Personal Data.
- Use sub-processors with adequate security measures and safeguards, notifying the Subscriber of any changes.
- Promptly notify the Subscriber of security breaches and take necessary steps to mitigate and remediate such breaches.
- Assist the Subscriber in responding to individuals’ requests and meeting legal obligations regarding breach notification, data protection impact assessments, or cooperation with supervisory authorities.
- Delete or return Personal Data upon the Subscriber’s request after completing the Services.
- Provide necessary information to demonstrate compliance with GDPR and contribute to audits or inspections conducted by the Subscriber, charging for time expended at prevailing rates.
This DPA ensures a framework for compliant and secure Personal Data Processing by Patient7 on behalf of its Subscribers.
Contact Us
If you have any questions or concerns about our Privacy Policy and our privacy practices, please contact us at: Tel: +1 (844) 727-8860, Email: support@patient7.com