Tendral Health

GDPR Compliance

Last updated: September 6, 2025

This page explains how Tendral Health complies with the General Data Protection Regulation (GDPR) and what rights European Union residents have regarding their personal data.

Your GDPR Rights

EU residents have enhanced data protection rights under GDPR, including the right to access, rectify, erase, and port their personal data.

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

Consent

We process your data based on your explicit consent when you create an account, participate in surveys, or subscribe to communications. You can withdraw consent at any time.

Contract Performance

We process data necessary to provide our services, including account management, survey delivery, and payment processing for healthcare professionals.

Legitimate Interests

We process data for our legitimate business interests, such as fraud prevention, security monitoring, and improving our services, balanced against your privacy rights.

Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

Right of Access

You can request access to your personal data and information about how we process it.

  • Confirmation of whether we process your data
  • Copy of your personal data we hold
  • Information about processing purposes and recipients

Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another service.

  • Data provided through consent or contract
  • Structured format (JSON, CSV)
  • Direct transfer when technically feasible

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances.

  • Data no longer necessary for original purpose
  • Withdrawal of consent
  • Data processed unlawfully

Additional Rights

Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will correct errors and update incomplete information promptly.

Right to Restrict Processing

You can request that we limit how we process your data while we investigate accuracy disputes or other concerns about processing.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to automated decision-making that significantly affects you. Currently, we do not engage in automated decision-making that would trigger these protections.

International Data Transfers

We may transfer your data outside the European Economic Area (EEA) under the following safeguards:

  • Adequacy Decisions: Transfers to countries with adequate data protection as determined by the European Commission
  • Standard Contractual Clauses: EU-approved contracts that provide appropriate safeguards
  • Binding Corporate Rules: Internal rules approved by supervisory authorities
  • Certification Schemes: Data Protection Impact Assessment approved mechanisms

Data Protection Officer

While we are not currently required to appoint a Data Protection Officer (DPO), we have designated a privacy contact who handles GDPR-related inquiries and ensures compliance with data protection obligations.

Privacy Contact

For GDPR-related questions, data subject requests, or privacy concerns, contact our privacy team:

Email: privacy@tendralhealth.com

Subject Line: GDPR Request - [Your Request Type]

Response Time: Within 30 days as required by GDPR

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with GDPR.

How to File a Complaint

  • Contact your national data protection authority
  • File a complaint in the country where you live, work, or where the alleged violation occurred
  • You can file a complaint without first contacting us, though we encourage direct communication

Find your supervisory authority: Visit the European Data Protection Board website for a complete list of EU supervisory authorities.

How to Exercise Your Rights

To exercise any of your GDPR rights, please follow these steps:

Step 1: Submit Your Request

Email us at privacy@tendralhealth.com with the subject line "GDPR Request - [Type of Request]"

Include your full name, email address associated with your account, and a clear description of your request.

Step 2: Identity Verification

We may request additional information to verify your identity before processing your request. This protects your personal data from unauthorized access.

Step 3: Processing

We will acknowledge your request within 72 hours and provide a substantive response within 30 days (or 60 days for complex requests with prior notification).

Contact Information

For GDPR-related questions or to exercise your rights:

Privacy Team: privacy@tendralhealth.com

Address: Tendral Health LLC, 123 Market Street, Suite 500, Bozeman, Montana 59715

Response Time: 30 days maximum (GDPR requirement)

Fee: No fee for reasonable requests (excessive requests may incur administrative costs)