GDPR Compliance | Tendral Health

This page explains how Tendral Health complies with the General Data Protection Regulation (GDPR) and what rights European Union residents have regarding their personal data.

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

Consent

We process your data based on your explicit consent when you create an account, participate in surveys, or subscribe to communications. You can withdraw consent at any time.

Contract Performance

We process data necessary to provide our services, including account management, survey delivery, and payment processing for healthcare professionals.

Legitimate Interests

We process data for our legitimate business interests, such as fraud prevention, security monitoring, and improving our services, balanced against your privacy rights.

Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

Right of Access

You can request access to your personal data and information about how we process it.

Confirmation of whether we process your data
Copy of your personal data we hold
Information about processing purposes and recipients

Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another service.

Data provided through consent or contract
Structured format (JSON, CSV)
Direct transfer when technically feasible

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances.

Data no longer necessary for original purpose
Withdrawal of consent
Data processed unlawfully

Right to Rectification

You can request correction of inaccurate or incomplete personal data. We will correct errors and update incomplete information promptly.

Right to Restrict Processing

You can request that we limit how we process your data while we investigate accuracy disputes or other concerns about processing.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds.

International Data Transfers

We may transfer your data outside the European Economic Area (EEA) under the following safeguards:

Adequacy Decisions: Transfers to countries with adequate data protection as determined by the European Commission
Standard Contractual Clauses: EU-approved contracts that provide appropriate safeguards
Binding Corporate Rules: Internal rules approved by supervisory authorities

How to Exercise Your Rights

To exercise any of your GDPR rights:

1. Submit Your Request: Email us at privacy@tendralhealth.com with the subject line "GDPR Request - [Type of Request]"
2. Identity Verification: We may request additional information to verify your identity before processing your request.
3. Processing: We will acknowledge your request within 72 hours and provide a substantive response within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can file a complaint in the country where you live, work, or where the alleged violation occurred.

Contact Information

For GDPR-related questions or to exercise your rights:

Email: privacy@tendralhealth.com

Response Time: 30 days maximum (GDPR requirement)