Like HIPAA, GDPR is an important privacy and security policy for those of you living or servicing people in the EU. We support GDPR on our premium plans. Read on for more information on how Doxy.me allows you to comply with GDPR.
We don't store identifiable data of your patients
As with all our Plans we do not store Personally Identified Information about your patients. While certain information might be gathered for system performance and high-level analytics, PHI is not store persistently.
We'll sign a Data Protection Addendum
Email email@example.com to sign the EU Data Protection Addendum
Data centers not in the EU
GDPR does not require that our data centers be in the EU. GDPR allows a company to transfer data outside of the EU as long as practices are put in place to make sure that personal data is properly protected. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield (pending status) frameworks to satisfy this requirement and also offer up our Data Processing Agreement (DPA).
Data Subject Right (DSR) request to delete or update data
Any requests to correct, access, or delete information, will be handled by emailing firstname.lastname@example.org. We'll respond to this requests within 3 days.
GDPR only on premium plans
GDPR requires an additional step that HIPPA does not require. That step requires you to have a Custom TOS checkbox. Our Custom TOS checkbox has always been on our paid plans.
For any other non legal-specific questions about Doxy.me, reach out to our support team, and we'll be able to help.