Data privacy is a part of PFPs data security and is related to the proper handling of data – how PFP collect it, how use it, and maintain for compliance. PFPs Data security is about access and protecting data from unauthorized users through different forms of encryption, key management, and authentication.

The type and amount of personal data PFP may process depends on the reason we are processing it (legal reason used) and what PFP wants to do with data based 100% on consent from Data Owners.

PFP respects all rules, including but not limited to EU General Data Protection Regulation (GDPR), HIPAA, CCPA.

PFP Compliance

PFP respects the privacy of its members and is in compliance with all aspects of the GDPR.  PFP only stores personal information in limited data sets, and the type and amount of personal data you may process depends on the reasons you are requesting to process the data and the end result you desire.  Any personal data stored on PFP is processed lawfully, fairly and in a transparent manner.

PFP has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate state-of-the-art technology.

Purpose Limitation

PFP does not process personal data, and only stores personal data for specified, explicit and legitimate purposes. PFP does not use personal data for purposes that are not compatible with the original purpose for which data is stored. Members own their personal data and have the power to use PFP tools to allow private and shareable access to third parties who must indicate the purpose of when, where, how and what is the ultimate purpose of sharing their own personal data.

Data Minimization

PFP  keeps no more than the minimum amount of personal data for specific processing and that personal data is restricted to what is adequate, relevant and limited to what is necessary.


The personal data of a PFP member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date, having regard to the purposes for which it is processed.  PFP also provides its members with the proper networking tools to help the members correct personal data and keep it up to date.

Storage Limitation

Any personal data held by PFP  will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.

Removal of Data

PFP has processes in place to allow the removal of personal data from PFP subject to limitations that may be imposed by regulatory agencies and regulators, who may require personal data to be stored for the specific purpose as related to human subject protection, such as in the case of documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.

Breach of Personal Data

In the unlikely event member’s personal data is stolen or illegally accessed, PFP will notify the necessary authority within 72 hours (unless unlikely to result in risk to data subjects) and will communicate the personal data breach to the affected data subjects without undue delay.

Consent to Process Personal Data

PFP does not directly process personal data; it merely provides a place to store personal data and the provides individuals and organizations the right to use PFP tools for business, compliance and human subject protection purposes.  PFP feels it is in the best interest of the parties to follow the guidelines of the GDPR, and in order to provide the highest level of protection to its Members, requires the freely given, specific, informed and unambiguous consent to process personal data.

PFP follows an array of compliance guidelines including the document 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records “Draft Guidance For Industry” prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office Counsel and the Office of Regulatory Affairs.  We also follow the EU-US Privacy Shield Program Update.


Privacy Shield Compliance

PFP complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  PFP has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, BlueCloud by HealthCarePoint commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PFP  at:

Mimi Choon-Quinones

Board Chairman

Email:  [email protected]

Phone: +41 79 505 30 18

PFP  has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.  You may also refer to Privacy Policy FAQs for additional information.

PFP is required to abide by the following:

  • To the investigatory and enforcement powers of the Federal Trade Commission (FTC).
  • Under certain conditions, individuals may invoke binding arbitration.
  • Disclose personal information in response to lawful requests by public. authorities, including to meet national security or law enforcement requirements.
  • For liability in cases of onward transfers to third parties.


SUMMARY: A secure, reliable environment that maintains hosting, physical security, logical security via vXCHNG -SSAE-16-SOCI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes is used when creating new software and technology improvements. Whenever required, each separate PFP networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require such virtual and on-site proof of vendor audits. PFP’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. PFP’s Primary Engines and Networking Systems are not created using open-source technologies.