GDPR Compliance

Last updated: December 2024

1. Introduction

ContextCare is fully committed to compliance with the General Data Protection Regulation (GDPR) and protecting your personal data. This document outlines our GDPR compliance measures and your rights as a data subject.

2. Our Compliance

We are fully compliant with GDPR and committed to protecting your data.

Compliance Overview ContextCare is fully compliant with the General Data Protection Regulation (GDPR) since its implementation in 2018. We conduct regular compliance audits and assessments, maintain comprehensive data protection policies, and provide ongoing staff training and awareness.

Our Commitment We are committed to protecting your data and respecting your rights through transparent data processing practices, strong technical and organizational measures, and regular security assessments.

3. Your Data Rights

Under GDPR, you have several rights regarding your personal data.

Right of Access You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Data Portability You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Restrict Processing You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Object You have the right to object to the processing of your personal data based on legitimate interests.

Rights Related to Automated Decision-Making You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Right to Lodge a Complaint You have the right to lodge a complaint with the Data Protection Commission (DPC) in Ireland if you have concerns about our data processing activities.

4. Data Processing

How we process your data in compliance with GDPR.

Legal Basis for Processing We process your personal data based on one or more legal grounds: contract performance, legitimate interests, consent, legal obligation, or vital interests.

Processing Purposes We process your data for specific purposes including service provision, communication, platform improvement, security, and legal compliance.

5. Security Measures

Technical and organizational measures we implement to protect your data.

Encryption All data is encrypted in transit and at rest using industry-standard TLS/SSL protocols and strong encryption algorithms.

Access Controls We implement strict access controls including role-based access controls, multi-factor authentication, and regular access reviews.

Regular Audits We conduct regular security assessments, penetration testing, and vulnerability scans to identify and address potential security risks.

Breach Notification We have incident response procedures in place and will notify the DPC and affected individuals within 72 hours of becoming aware of a data breach.

6. Data Transfers

How we handle international data transfers in compliance with GDPR.

EU-Based Processing We primarily process your data within the European Economic Area (EEA) to ensure GDPR compliance.

Third-Party Transfers When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

7. Jurisdiction and Supervisory Authority

ContextCare is established in Ireland. GDPR matters are governed by the laws of Ireland. Our lead supervisory authority is the Data Protection Commission (DPC) in Ireland: dataprotection.ie.

8. Contact Information

How to contact us regarding GDPR matters.

Data Protection Officer
Email: dpo@contextcare.eu
Phone: +353 1 234 5678