GDPR Terms and Conditions
These GDPR Terms and Conditions outline how Udenz TPA complies with the General Data Protection Regulation (GDPR) and protects the privacy rights of individuals whose personal data is processed within our dental insurance management platform. By using our services, you agree to the terms and practices described in this policy.
1.1. "GDPR" refers to the General Data Protection Regulation (EU) 2016/679, which governs the protection of personal data within the European Union and European Economic Area.
1.2. "Personal Data" means any information relating to an identified or identifiable natural person.
2. Data Controller and Data Processor:
2.1. Udenz TPA acts as both a Data Controller and a Data Processor, as defined by the GDPR.
2.2. As a Data Controller, we determine the purposes and means of processing personal data.
2.3. As a Data Processor, we process personal data on behalf of our users, the Data Controllers.
3. Lawfulness of Processing:
3.1. We process personal data in compliance with the principles of lawfulness, fairness, and transparency as outlined in the GDPR.
3.2. We rely on one or more lawful bases for processing personal data, including the necessity of processing for the performance of a contract, compliance with legal obligations, and legitimate interests pursued by Udenz TPA or third parties.
4.1. We obtain valid consent from individuals before processing their personal data, where consent is the lawful basis for processing.
4.2. Individuals have the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
5. Rights of Data Subjects:
5.1. Individuals have certain rights regarding their personal data under the GDPR. These rights include the right to access, rectify, erase, restrict processing, object to processing, data portability, and not to be subject to automated decision-making.
5.2. We facilitate the exercise of these rights and respond to individuals' requests in accordance with the GDPR's requirements and timelines.
6. Data Security:
6.1. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of personal data processing.
6.2. We maintain confidentiality, integrity, and availability of personal data, and regularly assess and update our security practices to mitigate risks.
7. Data Transfers:
7.1. We may transfer personal data to countries outside the European Economic Area (EEA) for processing or storage.
7.2. In the event of such transfers, we ensure adequate safeguards are in place, such as the use of Standard Contractual Clauses or reliance on a recognized data protection adequacy mechanism.
8. Data Breach Notification:
8.1. In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will promptly notify the relevant Data Protection Authority and affected individuals in accordance with the GDPR's requirements.
9. Data Retention:
9.1. We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
9.2. Upon request or termination of services, we will securely delete or anonymize personal data in accordance with applicable laws and regulations.
10. Third-Party Processors:
10.1. We may engage third-party processors to assist in providing our services.
10.2. We ensure that any third-party processors we engage comply with GDPR requirements and provide sufficient guarantees regarding the security and protection of personal data.
11. Updates to the GDPR Terms and Conditions:
11.1. We may update these GDPR Terms and Conditions from time to time to reflect changes in our practices, services, or legal requirements.
11.2. We encourage you to review this policy regularly for any updates. Continued use of our services after any modifications to the policy constitutes your consent to the updated terms.
12. Contact Us:
If you have any questions, concerns, or requests regarding the processing of personal data or this GDPR policy, please contact us at firstname.lastname@example.org.
By using Udenz TPA's website and services, you acknowledge that you have read, understood, and agreed to these GDPR Terms and Conditions.