GDPR

1. Does GDPR affect you?

Although GDPR is a data protection framework for the citizens residing in the EU, it also applies to all companies that handle personal data of individuals from the EU. This means that almost every major corporation in the world will need to be ready when GDPR comes into effect. If you or your organization stores and processes personal data in connection to services or goods offered in EU, then the laws applies to you as well. Also, in the the event of infringement of these laws, you can face fines and penalties from 10 million to 20 million dollars or 2% to 4% of the annual revenue of the organization depending upon whichever is higher.

2. Our commitment to GDPR

We are fully GDPR compliant since the 1st Oct 2019. Over the past few months, multiple internal teams have been working towards making sure that we are aligned to the GDPR framework. Also, we’ve built product features for greater privacy and data control.

3. GDPR Readiness Initiatives at Healerplus

Healerplus is committed towards upholding the underlying principles of GDPR and here are some of the initiatives we’ve undertaken.

4. Accountability

At Healerplus, there exists an established Privacy Policy created with support from our leadership. Our leaders commit to support and provide guidelines for data protection compliance through a framework of standard policies and procedures.

5. Customer's Personal Data with Healerplus

The GDPR requires organizations to provide more information about the way individuals’ information is used. Healerplus delivers on our customer’s privacy policy objective by enabling comprehensive data flow and process maps for the customer’s data which is updated and is in line with the GDPR guidelines. We incorporated a Data Processing Addendum (DPA) into our Terms of Service so customers who subscribe to Healerplus have their data protected by GDPR.
Know more about the Data Processing Addendum here.

6. Privacy by Design and Default

Programs, projects, and processes at Healerplus are aligned to Privacy Principles right from the inception of an idea or project, thereby supporting Privacy by Design and Default principles.

7. Individual Rights, Subject Access, and Communication

The GDPR program thoroughly evaluates how Healerplus, both as a data controller and processor, is placed with its existing procedures for readiness to

• Provide rights of individuals under GDPR
• Assist customers in responding to data access requests from individuals.

8. Right to Portability

Healerplus supports export request from customers. A customer can export user contact details, cliets and all their details like. casefiles, sessions, payments, invoces etc..
An export request from a customer would have to be routed via the admin who validates if the requestor is genuine. Customers can leverage the following APIs to assist with their GDPR compliance efforts on data portability: Note: will be updating the above section continuously with our latest road map and progress.

9. Do I need to move my data to an EU data centre?

• GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on the transfer of personal data outside the EU. GDPR only mandates that such transfers be legitimized through any of the mechanisms provided in the regulation.
• Healerplus supports both EU-US Privacy Shield Certification and Model Contractual Clauses for data transfer provided in the regulation.