The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It was adopted on 27 April 2016 and becomes enforceable from 25 May 2018. Healthwealthbridge is committed to be fully compliant with GDPR when it’s enforced.
As the Healthwealthbridge product team we are very proud to serve global customers and deeply appreciate our customers’ trust in us. We’ve always treated privacy, data security and integrity as our top priority and consider GDPR as a great opportunity to have a thorough review to our services and processes, and make further improvements as necessary. This article is for explaining how Healthwealthbridge internally collects, stores and shares data, as well as the specific actions we take to get fully compliant with GDPR
Healthwealthbridge GDPR Compliance
How do we collect, store and share data?
Healthwealthbridge integrates data from a wide variety of sources and help you visualize and analyze such data all in one place. By connecting data sources (like Google Analytics, Stripe, MySQL, file upload etc.), you authorize Healthwealthbridge to pull data out of such sources for rendering them as charts and tables. For speeding up data access and making additional computation over data possible, Healthwealthbridge may periodically pull data in background and persist into its own internal data store. The data store is designed to be secure and never directly exposed to the internet. Data from different customers are strictly isolated. Healthwealthbridge only reads data from your data sources, but never changes or deletes anything.
As Healthwealthbridge’s customer, you can view, edit and delete your data source connection at any time. When you delete a connection, the previous authorization is deleted completely from our system and Healthwealthbridge stops fetching data from it immediately. When you close your account, all your existing data connections are deleted.
Healthwealthbridge never shares your data with any third party, and usage of your data is restricted to providing data visualization and analysis service to you and people authorized by you (including people you invite into your space, or people you share dashboards with).
What actions did we take?
While reviewing GDPR requirements we’ve identified areas we should improve. Here is a list of major actions we took:
- Thoroughly reviewed our internal data flow and data storage, and maintain an up-to-date documentation.
- Improve messages for getting user consent on data authorization to make them clearer and more specific – ongoing.
- Implement retention control for service log files and database backups.
If you have any question, please don’t hesitate to contact us at firstname.lastname@example.org or email@example.com