General Data Protection Regulation
CamNtech General Data Protection Regulation (GDPR) Compliance Statement
CamNtech does not act as data controller or data processor, as defined in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation or GDPR), for any patient personal or biometric data collected using its equipment or stored using its Cloud Data Management (CDM) service.
Pseudonymisation (anonymisation) of patient data stored in the CamNtech CDM is the responsibility of the owner or user of the equipment, in their part as data controller and/or processor.
Any personal patient data submitted to CamNtech during and for the process of technical support or device problem resolution will be permanently erased following resolution of the problem to the customer’s satisfaction.
CDM Data Security
Data uploaded to or downloaded from the CDM are encrypted using Advanced Encryption Standard (AES) with a 256 bit key during transmission and storage. Transport Layer Security (TLS) is additionally used for additional security during data transmission. Weekly backups of encrypted data are made.
CamNtech’s CDM is hosted on ‘cloud’ servers which are hardware and software firewall-protected and subject to security measures based on industry best practice and elements of the international standard ISO 20071 ‘Information Security Management’.
Patient ‘Right of Access’ Provision Within the CDM
The CamNtech HQ Software supplied to customers using the CDM allows patients to view their data held within the CDM should they request to do so.
Patient ‘Right to be Forgotten’ Provision Within the CDM
Bulk deletion of CDM data is available from the CamNtech HQ software. Facility to remove individual encrypted personal and biometric data if requested by a patient is available from within the CDM HQ software.
Personal Data Portability
Patient data can be exported from CamNtech device software and also from the CDM in a number of standard formats for supply to the patient if requested. These formats include XML and comma- or tab-delimited text.
Patient Data Retention Within the CDM
Patient data stored within the CDM backup data will remain so unless CamNtech is explicitly instructed to remove said data. It is the responsibility of the data controller to ensure that patient data are retained for no longer than is necessary for completion of purpose, and to inform CamNtech as and when permanent removal of backup data is required.
Download our GDPR statement as a pdf.