Data Protection Policy
As a data processor, Trice Imaging is committed to preserving the confidentiality and integrity of all data in its possession.
Trice Imaging proudly operates in compliance with the requirements of the General Data Protection Regulation (GDPR), HIPAA, Singapore Personal Data Protection Act, and other applicable data-privacy laws, regulations, and related rules.
This Data Protection Policy enumerates the principles and commitments regarding the processing of personal data and confidential information. Trice Imaging processes personal data and confidential information as a Data Processor while carrying out its software-as-a-service solution.
Learn more about what it means to be a data processor by visiting www.tricefy.help/help/processors.
Questions regarding this policy or data protection should be sent to the Data Protection Officer, whose contact information is shown at the end of this document.
PRINCIPLES OF PROCESSING PERSONAL DATA
Personal data shall be:
- Processed lawfully, fairly and in a transparent manner with respect to the data subject
- Collected for specified, explicit and legitimate purposes only (not further processed in any manner that is incompatible with those purposes)
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up-to-date
- Kept in a form that permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security of personal data by using technical and organization measures
Principle 1: Fair and Lawful Processing
“Fair and lawful” means the data controller must ensure transparency so that data subjects are aware of who is processing their personal data and why. This is primarily an obligation for the data controller because they determine what is being processed and are responsible for communicating with their patients.
Processing typically performed by Trice Imaging includes storage, archiving, patient sharing, image compression, anonymization, and download options. Trice Imaging works with each customer to help determine their needs and processing instructions are documented in the Business Agreement (contract).
Principle 2: Purpose Limitation Principle
The Purpose Limitation Principle states that personal data collected for one purpose should not be used for a new, incompatible purpose. Therefore, personal data obtained for lawful purposes cannot be further processed in an incompatible manner without explicit consent from the data subject.
To adhere to this principle, Trice does not process or add any additional processing outside of those specified in the contractual instructions/Business Agreement.
In addition, Trice Imaging does not engage other processors unless specified within the written customer contract. Learn more about who Trice Imaging works with to properly handle personal data by visiting www.tricefy.help/help/processors.
Principle 3: Data Minimization Principle
The Data Minimization principle states that an organization should only process the personal data it needs in order to achieve its processing purposes.
Trice does not process any data outside of what is needed to fulfill their contractual agreement with each customer. Contracts are reviewed as part of the sales process to ensure clear and accurate instructions.
In addition, Trice Imaging does not allow or engage in, under any circumstance, processing of data that could reveal “sensitive personal data” (as defined at the end of this document).
Principle 4: Accurate and Up-to-Date
The Accuracy Principle states that personal data must be accurate and kept up-to-date. Every reasonable step must be taken to ensure that inaccurate and/or incomplete data is either erased or rectified. Trice Imaging’s software, Tricefy:
- Accurately records data received from the data controller
- Includes mechanisms to ensure accuracy
- Includes mechanisms to provide rectification
- Includes mechanisms for personal data to be deleted (in support of the “Right to be forgotten”- see Principle 5)
Trice does not correct data on behalf of controllers, but provides training (in-person or by video call), written instructions, and support for doing so (available at http://www.tricefy.help/help/correctdata).
Principle 5: Data Retention Principle
Legislation requires that personal data processed for any purpose must not be kept for longer than necessary for that purpose.
Specifically, personal data kept in a form that permits identification of data subjects cannot be retained for longer than what is necessary for the purposes of processing. Personal data may be stored for longer periods insofar as the data will be processed for archiving, scientific, historical, or statistical purposes as long as there is no privacy breach possible.
The retention period for personal data is contained in the contract with the data controller (Trice customer). Trice will ensure that all patient data is removed in a timely fashion when the retention period is over.
Additionally, Tricefy includes mechanisms for personal data to be deleted before the retention period is reached (in support of the “Right to be forgotten”). Trice Imaging, including support staff, does not have the authority or ability to delete patient data on behalf of the controller. If data needs to be deleted before the retention period has passed for any reason, Trice Imaging provides training, written instructions and support to the clinic for doing so.
Principle 6: Security
Trice Imaging has technical and organizational measures and procedures in place to protect personal data from accidental loss/destruction and unwarranted/unlawful processing. More detail can be found in other Trice Imaging security documents, including:
DATA TRANSPORT AND PORTABILITY
Data subjects can transport data between controllers by downloading their personal data. This can be done by the controller (and given to the data subject electronically) or by the data subject themselves using any computer or mobile device. Data can be downloaded in multiple formats, including DICOM, which is the standard for transmitting medical images.
Instructions are provided to both the controller and the data subject on how to download personal data.
Secure download of the data is explained Trice Imaging’s security whitepaper.
- Data Protection Officer: Kris Kumler (firstname.lastname@example.org)
- Quality / Regulatory Director: Maria Samuel (email@example.com)
- European Union Representative: Bernd Nuber (firstname.lastname@example.org)
The European Union (EU) Representative shall be addressed (with the Data Protection Officer) for all issues related to data processing for the purposes of ensuring compliance with GDPR (Article 27). The EU Representative is responsible for handling communication between European customers and supervisory authorities in response to issues regarding data protection and privacy concerns. EU Representative functions on behalf of the interest of the data subject and is without prejudice to legal actions that could be initiated against Trice.
RISK AND IMPACT ASSESSMENTS
Risk Assessment for Processing Personal Data
Trice Imaging routinely undergoes a risk analysis process as part of their software development cycle. This process has been updated to include routine risk assessments regarding the processing of personal data. The assessment consists of three distinct pieces:
- Assessing the system architecture, workflows, and business to assemble a company-wide risk profile
- Taking appropriate measures to mitigate all security risks
- Repeating the risk assessment and mitigation process continuously
Data Protection Impact Assessments
GDPR requires Data Controllers to conduct impact assessments prior to any high-risk processing activities. As a Data Processor, Trice Imaging is committed to helping our customers meet this requirement by assisting with impact and/or privacy assessments upon request.
Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by statement or clear affirmative action, signifies agreement to processing of personal data relating to him or her
Controller: Natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier (such as a name, an identification number, location data, an online identifier) or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Processing: Any operation or set of operations that is performed on personal data (or sets of personal data), whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Processor: Natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller
Sensitive Data: Processing of personal data that would reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation
Supervisory Authority: Independent public authority established by a Member State pursuant to Article 51 of GDPR