Data Privacy and Data Protection
Data privacy is a part of Partners for Patients NGO data security and is related to the proper handling of data – how Partners for Patients NGO collect it, how use it, and maintain for compliance. Partners for Patients NGO’s data security is about access and protecting data from unauthorized users through different forms of encryption, key management, and authentication.
The type and amount of personal data Partners for Patients NGO may process depends on the reason we are processing it (legal reason used) and what Partners for Patients NGO wants to do with data based 100% on consent from Data Owners.
Partners for Patients NGO respects all rules, including but not limited to EU General Data Protection Regulation (GDPR), HIPAA, CCPA.
Partners for Patients NGO Compliance
Partners for Patients NGO respects the privacy of its members and is in compliance with all aspects of the GDPR. Partners for Patients NGO only stores personal information in limited data sets, and the type and amount of personal data you may process depends on the reasons you are requesting to process the data and the end result you desire. Any personal data stored on Partners for Patients NGO is processed lawfully, fairly and in a transparent manner.
Partners for Patients NGO has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate state-of-the-art technology.
Purpose Limitation
Partners for Patients NGO does not process personal data, and only stores personal data for specified, explicit and legitimate purposes. Partners for Patients NGO does not use personal data for purposes that are not compatible with the original purpose for which data is stored. Members own their personal data and have the power to use Partners for Patients NGO tools to allow private and shareable access to third parties who must indicate the purpose of when, where, how and what is the ultimate purpose of sharing their own personal data.
Data Minimization
Partners for Patients NGO keeps no more than the minimum amount of personal data for specific processing and that personal data is restricted to what is adequate, relevant and limited to what is necessary.
Accuracy
The personal data of a Partners for Patients NGO member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date, having regard to the purposes for which it is processed. Partners for Patients NGO also provides its members with the proper networking tools to help the members correct personal data and keep it up to date.
Storage Limitation
Any personal data held by Partners for Patients NGO will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.
Removal of Data
Partners for Patients NGO has processes in place to allow the removal of personal data from Partners for Patients NGO subject to limitations that may be imposed by regulatory agencies and regulators, who may require personal data to be stored for the specific purpose as related to human subject protection, such as in the case of documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.
Breach of Personal Data
In the unlikely event member’s personal data is stolen or illegally accessed, Partners for Patients NGO will notify the necessary authority within 72 hours (unless unlikely to result in risk to data subjects) and will communicate the personal data breach to the affected data subjects without undue delay.
Consent to Process Personal Data
Partners for Patients NGO does not directly process personal data; it merely provides a place to store personal data and the provides individuals and organizations the right to use Partners for Patients NGO tools for business, compliance and human subject protection purposes. Partners for Patients NGO feels it is in the best interest of the parties to follow the guidelines of the GDPR, and in order to provide the highest level of protection to its Members, requires the freely given, specific, informed and unambiguous consent to process personal data.
Partners for Patients NGO follows an array of compliance guidelines including the document 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records “Draft Guidance For Industry” prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office Counsel and the Office of Regulatory Affairs.
We also follow the EU-US Privacy Shield Program Update.
Partners for Patients NGO complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Partners for Patients NGO has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, BlueCloud by HealthCarePoint commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Partners for Patients NGO at:
Mimi Choon-Quinones
Board Chairman
Email: mimichoonquinones@pfp.ngo
Phone: +41 79 505 30 18
Partners for Patients NGO has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. You may also refer to Privacy Policy FAQs for additional information.
Partners for Patients NGO is required to abide by the following:
-
- To the investigatory and enforcement powers of the Federal Trade Commission (FTC).
- Under certain conditions, individuals may invoke binding arbitration.
- Disclose personal information in response to lawful requests by public. authorities, including to meet national security or law enforcement requirements.
- For liability in cases of onward transfers to third parties.
SUMMARY:
A secure, reliable environment that maintains hosting, physical security, logical security via vXCHNG -SSAE-16-SOCI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes is used when creating new software and technology improvements. Whenever required, each separate Partners for Patients NGO networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require such virtual and on-site proof of vendor audits. Partners for Patients NGO’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. Partners for Patients NGO’s Primary Engines and Networking Systems are not created using open-source technologies.