The European Union (“EU”) has defined the General Data Protection Regulation (“GDPR”) to give individuals control over their personal data and to in general to strengthen the protection of personal data. The regulation came into force as of May 25, 2018, where it replaced the previous EU Data Protection Directive and its national implementations in EU member states.
Visiana has been developing products through a privacy by design framework, since it was founded. Visiana builds its success on trustworthy products that fit into clinical environments. This includes a high level of security and protection of any data that our stakeholders entrust to us. We confirm that we comply with the GDPR.
In our work, we apply the following principles:
- We are accountable for ensuring lawful collection and processing of personal data.
- We maintain evidence of compliance to demonstrate that we are commited to these principles to interested parties, including data subjects, authorities, internal stakeholders and regulators.
- We use a privacy by design and by default approach. Privacy is a key consideration in all aspects the creation, delivery and support of our products and services.
- We focus on transparency, choice and individual participation, meaning that we provide appropriate privacy notices and information about our collection and use of personal data. We provide fair and reasonable choices for the collection and use of personal data, and we allow individuals to access, update and delete their personal data.
- We abide by collection and purpose limitation practices, meaning that we only collect and process personal data that is adequate and relevant to the specified, explicit and legitimate purposes for which it was collected.
- We apply responsible data management practices to govern the processing of personal data. We classify and catalogue information accordingly and in a systematic, holistic manner. We take measures to avoid extracting or copying personal data to unmanaged environments.
- We do not disclose personal data to law enforcement, governmental agencies or third parties unless required by law. We limit disclosures of personal data to our partners to what is described in our privacy notices, or to what has been authorized by our customers or end users.
- We implement appropriate security safeguards, including technical and organizational measures, to protect personal data against unauthorized access, use, modification or loss. We also require our partners to apply appropriate security and privacy safeguards.
Visiana welcomes GDPR as an opportunity to strengthen the commitment to data protection and privacy. Protecting privacy and ensuring that data stays in the customer's environment is a significant part of our success.
Visiana welcomes GDPR as an opportunity to strengthen the commitment to data protection and privacy. Protecting privacy and ensuring that data stays in the customer's environment is a significant part of our success. We have prepared a set of answers to the most frequently asked questions that we receive from our customers.
Has Visiana implemented GDPR only in Europe or globally?
Data privacy is a global issue, and Visiana therefore treats data protection and privacy with utmost care regardless of client location.
Under GDPR, is Visiana considered a data controller and/or a data processor and what are the implications?
BoneXpert runs as a service on a PC/Server/Virtual Machine in your local environment. BoneXpert is configured as a DICOM node for the PACS system. No personal data is stored in BoneXpert, and no personal data is transferred to external systems. Visiana has no access to local instances of BoneXpert, and Visiana ApS is therefore not a data controller and/or a dataprocessor.
Does BoneXpert send x-ray images or other patient-sensitive information sent out of the hospital?
No. BoneXpert is designed to not send sensitive information out of the hospital. BoneXpert Server and Standalone process images locally where the software is installed. BoneXpert Online annonymizes images before Visiana's own server processes and returns them.
Why does BoneXpert require internet connection when images are processed locally?
BoneXpert makes a handshake with a central license server for the analysis of each image. The connection allows Visiana to monitor the usage of BoneXpert for quality assurance purposes and to comply with regulatory requirements such as Post Market Surveillance.
What is Visiana's policy on disclosure to authorities or third parties?
Visiana does not disclose personal data to law enforcement, or governmental agencies unless required by law.
How does Visiana handle website visitor data?