GDPR Compliance

GDPR Compliance &
Data Protection Standards

GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union. At Medrotic, we are fully committed to complying with GDPR requirements and ensuring that all personal data is processed lawfully, fairly, and transparently.

This page outlines how Medrotic adheres to GDPR principles and what rights you have as a data subject. Whether you are a patient, healthcare provider, or partner organization, we ensure your data is handled with the highest standards of care and compliance.

Data Protection Principles

Medrotic processes all personal data in accordance with the core principles established by the GDPR. These principles guide every aspect of our data handling practices:

  • Lawfulness, Fairness & Transparency: We process data only with a valid legal basis and communicate clearly about our practices
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only
  • Data Minimization: We collect only the data that is strictly necessary for our services
  • Accuracy: We take reasonable steps to ensure personal data is accurate and up to date
  • Storage Limitation: Data is retained only for as long as necessary for the intended purpose
  • Integrity & Confidentiality: We implement appropriate security measures to protect personal data

Legal Basis for Processing

Under GDPR, we process personal data based on one or more of the following legal grounds:

  • Consent: You have given clear, informed consent for us to process your personal data for specific purposes
  • Contractual Necessity: Processing is necessary to fulfill our service agreement with you
  • Legal Obligation: Processing is required to comply with healthcare regulations and applicable laws
  • Vital Interests: Processing is necessary to protect someone's life in emergency healthcare situations
  • Legitimate Interests: Processing is necessary for our legitimate business interests, balanced against your rights

Your Rights Under GDPR

As a data subject, you have comprehensive rights under the GDPR. Medrotic is committed to facilitating the exercise of these rights in a timely and transparent manner:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place. These may include Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, or other approved transfer mechanisms as specified by GDPR.

Data Breach Notification

In the event of a personal data breach, Medrotic will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

Data Protection Officer

Medrotic has appointed a Data Protection Officer (DPO) to oversee our compliance with GDPR and other data protection regulations. The DPO is responsible for monitoring our data processing activities, advising on data protection impact assessments, and serving as a point of contact for data subjects and supervisory authorities.

Complaints and Inquiries

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence. You may also contact our Data Protection Officer directly for any concerns or inquiries regarding how we handle your personal data.