GDPR
As a European based company we understand GDPR.
What is GDPR?
The General Data Protection Regulation (GDPR) aims to strengthen and unify data protection within the EU. As such, GDPR aims primarily to give control over your own personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Key Principles of GDPR
- Personal data collected needs to be processed in a fair, legal, and transparent way. It should only be used in way that a person would reasonably expect.
- Personal data should only be collected to fulfill a specific purpose and not further used in a manner that is incompatible with those purposes. Organizations must specify why they need the personal data when they collect it.
- Personal data held needs to be kept up to date and accurate. It should be held no longer than necessary to fulfill its purpose.
- EU citizens have the right to access their personal data. This also includes requesting a copy of data, and that data can be updated, deleted, restricted, or moved to another organisation.
- All personal data needs to be kept safe and secure .
- Companies undertaking certain types of activities must appoint a data protection officer.
Data Processed by Hi Rasmus
Hi Rasmus collects names of professionals and parents and their emails as well as log in information. Hi Rasmus does not allow collection or processing of data not relevant to our service. As such, Hi Rasmus does not collect nor process employee data on race, religion, political opinions, etc. Hi Rasmus maintains records of children’s names and data related to their behavioural treatment on behalf of the subscribing clinic. Data can be processed in anonymous form for statistical and analytical purposes and for improving the Hi Rasmus products.
Product
Privacy is key for Hi Rasmus and we develop our product in accordance with privacy by design guidelines. We will not collect nor expose unnecessary data from your organisation or your clients. See more information about privacy by design here: Article 25 of the GDPR.
Data Breach Procedures
Any employee of Hi Rasmus who knows of, or suspects of a data breach, will report immediately to the CEO (Nikolaj Hendriksen).
Hi Rasmus takes any data breach seriously. If we ever should experience a data breach, we have a defined process in place ensuring we learn from our mistakes after having closed the breach as highest priority.
Third-Party Providers
Hi Rasmus maintains an overview of all third-party providers and each one of them are GDPR compliant.
We do not allow any GDRP related data to be managed, processed or stored by third party providers, before undergoing evaluation.