GDPR Compliance

Last Updated: February 27, 2025

1. Introduction

At SANIDAT, we are committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines the rights of individuals under this regulation.

2. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the European Union (EU) and to organizations outside the EU that offer goods or services to individuals in the EU or monitor the behavior of EU residents.

3. Our Role Under GDPR

SANIDAT may act as both a data controller and a data processor:

  • As a Data Controller: We determine the purposes and means of processing personal data that we collect directly from you, such as when you visit our website, contact us, or create an account.
  • As a Data Processor: We process personal data on behalf of our clients (who are the data controllers) when providing our data anonymization services.

4. Our GDPR Compliance Measures

We have implemented the following measures to ensure compliance with GDPR:

  • Data Protection Officer: We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and implementation.
  • Data Protection Impact Assessments: We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
  • Data Processing Agreements: We have appropriate data processing agreements with our clients and third-party service providers.
  • Security Measures: We implement appropriate technical and organizational measures to ensure the security of personal data.
  • Data Breach Procedures: We have procedures in place to detect, report, and investigate personal data breaches.
  • Staff Training: Our staff receives regular training on data protection and GDPR compliance.

5. Lawful Basis for Processing

Under GDPR, we process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:

  • Consent: The individual has given clear consent for us to process their personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

6. Your Rights Under GDPR

Under GDPR, individuals have the following rights:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal data.
  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • Right to Erasure: You have the right to have your personal data erased in certain circumstances.
  • Right to Restrict Processing: You have the right to request the restriction or suppression of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights Related to Automated Decision Making and Profiling: You have rights related to automated decision making and profiling.

7. How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer at dpo@sanidat.com. We will respond to your request within one month. There is no charge for making a request, but we may charge a reasonable fee or refuse to act on the request if it is manifestly unfounded or excessive.

8. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data. These may include:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Transfers to countries with an adequacy decision from the European Commission

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process the data.

10. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer at:

Email: dpo@sanidat.com
Address: SANIDAT, 1013 Centre Rd. Suite 403-A, Wilmington DE 19805, USA

11. Complaints

If you are not satisfied with our response to your request or believe that we are not processing your personal data in accordance with the law, you have the right to lodge a complaint with the supervisory authority in your country of residence or the country where the alleged infringement occurred.