Security and Privacy

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in two decades. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.

Vital Images takes privacy very seriously. As a provider of technological based medical devices, our customers’ privacy has always been one of our top priorities. To this end, Vital Images commits to compliance with applicable GDPR regulations surrounding data security and privacy.

Ongoing Status

We have addressed GDPR data protection requirements that are applicable to us – whether we are acting as a Data Controller with our employees or potentially a Data Processor with our customers. Vital Images will continue to be vigilant and to ensure we appropriately respond to any applicable developing requirements.

Data processing

Vital Images will continue to ensure we’re doing the maximum to protect data and improve our processes and procedures where we identify the opportunity.

Controls

We regularly review our Security and Privacy Policies, procedures, processes and related work plans to ensure that they take into account all governing requirements, confirming we’re fulfilling our obligations to GDPR.

Our customers depend on us to develop and help maintain solution that work within their protected environments. Vital Images limits the number of roles within the organization that are authorized to access approved customer environments and then only when necessary, according to strict guidelines and documented actions. We comply with information security best practices including multiple-factor authentication and encryption.

Data Protection

Vital Images commits to conforming to information security best practices. In line with GDPR, appropriate measures are assessed in terms of a variety of factors including the sensitivity of the data, the risks to individuals associated with any security breach, state of the art technologies, and the nature of the processing. These measures include data anonymization in problem investigation/resolution and encryption. Regular testing of the effectiveness of security measures is a continuous process.

Customer Guidance for Data Subject Request (SAR) Responsiveness

We are prepared to help our customers respond and act on their customer queries and requests regarding GDPR Data Subject Rights. Our Data Protection Officers are ready to assist with requests on this front. It is important to note that Vital Images Customers’ prepare their procedures and processes to conform with SARs as they, as Data Controllers, are solely responsible for the handling of and response to SARs.

Requests and Responses

Any requests of information, access, rectification, restriction of processing, portability, deactivation or erasure should be made to the respective Data Protection Officer.

Vital Images commits to maintaining robust administrative, logical, technical and physical controls that embrace privacy rights, enhance security and promote GDPR compliance.