GDPR Commitments

VETERINARIUM DATA PROTECTION COMMITMENTS
(INCLUDING PURSUANT TO GDPR REQUIREMENTS)

Why are we writing this right now?

From 25 May 2018 on the protection of personal data will be regulated in a different way it used to across and even outside Europe. 25 May 2018 is the effective date for the EU General Data Protection Regulation (GDPR). As the most significant data privacy change in decades, the GDPR will strengthen the rights of the data subjects, regardless of where one’s data are processed.

In contrast to thousands of EU statutes and other documents, the GDPR is the only one that most organizations outside the EU knows. We are not an exception. Therefore, we want to ensure you that Veterinarium Inc., its agents and contractors are committed to GDPR compliance and enforcement. Below we want to share with you our understanding of our future cooperation. That is the mutually beneficial data protection cooperation built on trust and respect.

GDPR preparation: we are aware of its territorial scope

The GDPR has a unique feature that is its exterritorial application. If earlier EU data protection enforced through Directive 95/46/EC and the internal member states legislation was limited to the organizations residing within EU, now the GDPR will affect any other company in the world that processes personal data of EU data subjects under certain conditions. These conditions are either offering of goods or services to data subjects in the EU or the monitoring of behavior that takes place within the EU.

Veterinarium Inc. is incorporated in Canada. Even in case the GDPR has no direct effect on Veterinarium we understand that in modern world the compliance with the world trends of the personal data protection is a must. Our devotedness to your privacy makes us believe that we have nothing to be afraid of in face of the GDPR. But let put the general phrases and nice words aside. We do not want our words to be just mere assertions and prepared this agenda for Veterinarium’s GDPR compliance.

Our Commitments as a controller

We remind you that the personal data are any information related to a natural person or data subject that can be used to directly or indirectly identify the person. While delivering its services Veterinarium can act as the controller or as the processor. When Veterinarium collects the personal data from its users that register within the Smart Flow platform acting as a controller of personal data he is subject to the many rules GDPR sets in order the collection and use of data is lawful. This concerns the obtaining of consent for processing as well as the provision of all the relevant information on processing to the data subject. In order to comply we completely substituted our previous Privacy Policy with a new one (we did not forget about Terms and Conditions, although they do not directly refer to privacy issues). The new Privacy Policy is designed to provide as wide information as possible to the data subjects on all that is going on with their personal data once typed into the registration forms. As usual, we keep informing you about our identity, legal basis for processing personal data and about our purposes of using your information. But that is only the crumbs of information you can find in the Privacy Policy.

Our Commitments: we respect the individuals’ rights

The list of data subject’s rights remains almost the same, as it used to be, namely:

For more interesting information on the rights you have as a data subject we invite you to read our Privacy Policy here.

Our Commitments: Security Measures

Under the GDPR, all data controllers and data processors have to implement the principle called “Privacy by Design”. Accordingly, we include data protection from the onset of the designing of systems. In other words, we take technical and organizational measures to meet the GDPR.

Besides that, Veterinarium uses HubSpot CRM software, Microsoft Azure, a cloud computing service, Chargify and Stripe to store and process information needed to provide services. These well-known software providers that together with Veterinarium will ensure your data is secured within Smart Flow in the following ways:

Confidentiality:

Veterinarium signs NDA with employees and contractors;

Physical Access Control

Electronic Access Control

Internal access control (permissions for user rights of access to and amendment of data) Veterinarium takes measures in order that that no unauthorized reading, copying, changes or deletions of data within the system, e.g. rights authorisation concept, need-based rights of access;

Personnel training

Veterinarium arranges and provides training for its personnel and contractors regarding confidentiality, integrity and availability and resilience of processing systems and services within the GDPR compliance;

Isolation control

Integrity measures

Data transfer control
Veterinarium takes measures in order that no unauthorized reading, copying, changes or deletions of data with electronic transfer or transport, transfer within the secured internet channels

Data entry control
Veterinarium ensures verification, whether and by whom personal data is entered into a data processing system, is changed or deleted, e.g.: Logging control

Availability and Resilience measures

Availability control

Procedures for regular testing, assessment and evaluation

Veterinarium conducts periodical compliance checks with the requirements of the current data protection legislation.

Veterinarium provides regular identification and record of the data processing risks in relation to the data importer’s contractual and legislative obligations.

Contract Control
Veterinarium takes measures in order that no third-party processes data as per Article 28 GDPR without corresponding instructions from the data controller, e.g.: clear and unambiguous contractual arrangements, duty of pre-evaluation, supervisory follow-up checks.

Our Commitments as a processor

We provide our services to the clients that have a need to digitalize, visualize, and optimize their work flow in veterinary clinics. In such cases Veterinarium processes the personal data provided to the platform based on the services agreement between Veterinarium and its corporate clients as well as based on the instructions of such clients on the data processing.

Taking into account the fact that Veterinarium Inc. is incorporated in the Canada and Canada is on the list of the countries that provide the adequate level of protection of personal data. That means that the transfer of personal data from clinics in EU to Smart Flow in Canada is secure in terms of cross border transfers outside EEA.

Veterinarium Inc. has the IT services contractors in Ukraine as well as subsidiary company in Australia. These countries are not on the list of the countries that provide the adequate level of protection of personal data. For these purposes special legal basis or “safeguard mechanism” as the GDPR calls it for the transfer of personal data from the EU to the Ukraine on Australia based processor has to be applied. The most common safeguard mechanism for such cases is the execution of Standard Contractual Clauses.

It is a common practice throughout the world to use the Standard Clauses that were adopted by the European Commission before the GDPR was passed as there are no newer Standard Clauses adopted yet. These Standard Clauses are traditionally supplemented by the additional requirements set by GDPR. Altogether such documents form the Data Processing Agreements that guarantee the data is being processed by Veterinarium and its sub-processors upon the instructions of its clients and within the requirements of GDPR.

Therefore, the transfer of the client’s data to the recipients in these countries are secured by the Standard data protection clauses adopted by the European Commission and compliant with the EU data protection laws.

Our Commitments: breach notification

Under the GDPR, we will have to provide the breach notification in all EU member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach.

GDPR: staying tuned

We keep monitoring the official updates from the EU side regarding the implementation of the GDPR, including but not limited to:

Join us in monitoring any amendments and comments from the EU data protection authorities concerning the GDPR compliance. Please drop us a line if you have something to add, give an advice or recommendation or correct us. The more we understand, the more beneficial our endeavors to protect personal data properly will be.

Yours,

Veterinarium Team

> Last Updated: May 2018

Veterinary Emergency Hospital Practice management

Veterinary Referral Hospital Practice management

Cloud Veterinary practice management software

Veterinary patient management

Veterinary treatment sheet

Veterinary Whiteboard

Veterinary Drug calculator

Veterinary Fluid calculator

Maintenance fluid rate

CRI (Constant Rate Infusion) Calculator

How to select veterinary practice software?

Veterinary Software

Automatic Treatment Reminders

Veterinary practice Billing & Invoicing

Pet Boarding Management

Veterinary Hospital Inventory Management

Veterinary Patient Records

Veterinary Hospital Treatment Management

Animal Shelter Management Software