Healthy.io and the GDPR
On May 25, 2018, the General Data Protection Regulation (GDPR) took effect in the European Union (EU) and following Brexit the UK GDPR took effect in the UK.
As part of Healthy.io’s commitment to assist its customers on their journey to GDPR compliance, it developed product-specific papers to help its customers prepare for GDPR. These papers describe tools and capabilities Healthy.io builds into its products and other defined procedures that can assist organizations in addressing individual ‘data subject’ rights under the GDPR.
Healthy.io is committed to GDPR compliance. Healthy.io's Engineering, Product, Security, and Legal teams have been working to align its procedures, documentation, contracts, and services to support compliance with the GDPR. It also supports its customers on their GDPR compliance journey with its strong foundation of implemented security and privacy frameworks and certified security and privacy controls.
Data Processing Agreement
Healthy.io has published a Data Processing Agreement (DPA) for each of its product groups to incorporate the appropriate terms required by the GDPR into the relevant customer agreements. Under the supervision of EU privacy experts, Healthy.io created these DPAs, designed them to comply with the GDPR, and reflect the specific details of the data processing activities within Healthy.io services. All customers processing personal data that is subject to the GDPR through Healthy.io services must have a DPA with the company to allow both the customer and Healthy.io to comply with the GDPR DPA requirements.
If a customer subject to GDPR is currently using Healthy.io’s service agreement without a GDPR DPA, they should reach out to their relevant contact in Healthy.io and request a copy of the DPA.
Upon request of the customer, Healthy.io provides information regarding affiliates and trusted third-party vendors that are engaged as sub-processors to support Healthy.io in providing its services.