Start Free Demo or call sales

Sélectionnez votre région

Amériques

United States United States English Canada Canada English Mexico Mexico Español Brazil Brazil Português Argentina Argentina Español

Europe

United Kingdom United Kingdom English Germany Germany Deutsch France France Français Spain Spain Español Italy Italy Italiano Portugal Portugal Português Türkiye Türkiye Türkçe Russia Russia Русский Ukraine Ukraine Русский Belarus Belarus Русский Netherlands Netherlands Nederlands
Poland Poland Polski

Asie-Pacifique

China China 中文 Japan Japan 日本語 Korea Korea 한국어 Kazakhstan Kazakhstan Русский India India हिन्दी Australia Australia English Singapore Singapore English
Indonesia Indonesia Bahasa

Moyen-Orient et Afrique

Azerbaijan Azerbaijan Azərbaycan UAE UAE English Saudi Arabia Saudi Arabia العربية Iran Iran فارسی South Africa South Africa English Egypt Egypt العربية
+1 917 920 6630

GDPR Compliance

General Data Protection Regulation

Fully GDPR Compliant

Our Commitment to GDPR Compliance

WIO CLINIC is committed to protecting the privacy and data rights of all individuals, especially those in the European Union. We comply with the General Data Protection Regulation (GDPR) and implement appropriate technical and organizational measures to ensure data protection.

As a data processor for healthcare providers and a data controller for account information, we take our GDPR obligations seriously and maintain comprehensive compliance programs.

Legal Basis for Processing

We process personal data based on the following legal grounds under GDPR Article 6:

Contract Performance

Processing necessary to provide our services under our Terms of Service

  • Account management
  • Service delivery
  • Billing and payments

Legitimate Interests

Processing for our legitimate business interests, balanced against your rights

  • Service improvement
  • Security and fraud prevention
  • Analytics and optimization

Legal Obligation

Processing required to comply with applicable laws

  • Tax and accounting requirements
  • Regulatory compliance
  • Law enforcement requests

Consent

Processing based on your explicit consent

  • Marketing communications
  • Optional features
  • Research participation

Your Rights Under GDPR

As a data subject, you have the following rights:

👁️

Right to Access

Request a copy of your personal data we hold

✏️

Right to Rectification

Correct inaccurate or incomplete personal data

🗑️

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

⏸️

Right to Restriction

Limit how we process your personal data

📦

Right to Portability

Receive your data in a structured, machine-readable format

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing

🤖

Automated Decision-Making

Not be subject to decisions based solely on automated processing

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

How to Exercise Your Rights

To exercise any of these rights, contact us at gdpr@wio.clinic. We will respond within 30 days of receiving your request.

You also have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR.

Data Protection Measures

Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3)

Access Controls

Role-based access controls with multi-factor authentication

Data Minimization

We collect only the data necessary for specified purposes

Pseudonymization

Personal data is pseudonymized where appropriate

Regular Audits

Annual security audits and penetration testing

Staff Training

Regular GDPR and data protection training for all employees

Incident Response

Breach notification procedures compliant with Article 33 & 34

Data Protection Officer

Dedicated DPO overseeing compliance and handling inquiries

International Data Transfers

We may transfer personal data from the EU to other countries. When we do, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs)

We use European Commission-approved Standard Contractual Clauses for transfers to third countries without adequacy decisions.

Adequacy Decisions

We transfer data to countries with adequacy decisions from the European Commission, such as:

  • United Kingdom
  • Switzerland
  • Canada (commercial organizations)
  • Japan

Data Processing Agreements

All service providers and subprocessors sign Data Processing Agreements (DPAs) that include appropriate transfer mechanisms.

Subprocessors

We work with the following subprocessors to provide our services:

Subprocessor
Purpose
Location
Amazon Web Services (AWS)
Cloud infrastructure and hosting
EU (Frankfurt), USA
Google Cloud Platform
Cloud services and analytics
EU (Belgium), USA
Stripe
Payment processing
USA (SCC applied)
SendGrid
Email delivery service
USA (SCC applied)

We will notify you of any changes to our subprocessors list at least 30 days in advance.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Account Data

Retained while your account is active and for 90 days after account closure

Healthcare Records

Retained according to applicable medical records retention laws (typically 7-10 years)

Financial Records

Retained for 7 years to comply with tax and accounting requirements

Marketing Data

Retained until you withdraw consent or 3 years of inactivity

Contact Our Data Protection Officer

For questions about GDPR compliance or to exercise your rights:

Data Protection Officer

WIO CLINIC

Email: gdpr@wio.clinic

Email: dpo@wio.clinic

Phone: +1 917 920 6630

Address: 48 Wall Street, Suite 1100, New York, NY 10005, USA

EU Supervisory Authorities

You have the right to lodge a complaint with your local supervisory authority. Find your authority at: European Data Protection Board

Questions About GDPR?

Our Data Protection team is here to help.

Contact Us