GDPR Compliance

Introduction

RxEze ("we," "our," or "us") is committed to protecting the privacy and personal data of individuals in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

This GDPR Compliance Statement explains how we collect, use, and protect your personal data when you use our website and services, and your rights under GDPR.

Data Controller

RxEze acts as the data controller for your personal data. If you have any questions about how we process your personal data, please contact us using the details provided at the end of this statement.

Personal Data We Collect

We collect various types of personal data depending on your interaction with us:

• Identity Data: Name, title, date of birth, gender
• Contact Data: Email address, phone number, mailing address
• Professional Data: Job title, organization, hospital name, professional credentials
• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, features used, time spent on website
• Marketing Data: Preferences, interests, responses to marketing communications

We only collect personal data that is necessary for the purposes identified in this statement. We do not collect more data than we need for those purposes.

Legal Basis for Processing

We only process your personal data when we have a lawful basis for doing so under GDPR. The lawful bases we rely on include:

• Contract: When processing is necessary for performance of a contract with you (e.g., providing services you requested)
• Legal Obligation: When processing is necessary to comply with legal obligations (e.g., healthcare regulations, tax laws)
• Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override these interests
• Consent: When you have given clear consent for processing (e.g., marketing communications, cookies)

Purposes of Processing

We process your personal data for the following purposes:

• Service Provision: To provide, maintain, and improve our HMIS services
• Communication: To respond to your inquiries, send updates, and provide customer support
• Marketing: To send you marketing communications (with your consent)
• Analytics: To analyze usage patterns and improve our website and services
• Security: To detect, prevent, and address technical issues and fraudulent activities
• Legal Compliance: To comply with legal obligations and enforce our terms
• Research: To conduct research and develop new features and services

Data Sharing

We may share your personal data with third parties in the following circumstances:

• Service Providers: With trusted third-party companies who assist us in operating our services (e.g., hosting, analytics, payment processing)
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition
• Legal Requirements: When required by law or to protect our rights, property, or safety
• Affiliates: With our corporate affiliates, subject to strict confidentiality agreements
• With Your Consent: When you have given us specific consent to share your data

We ensure that all third parties we share data with provide adequate protection for your personal data in accordance with GDPR requirements.

International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When we transfer your information outside the EEA, we ensure appropriate safeguards are in place to protect your privacy.

We rely on the following legal mechanisms for international data transfers:

• Standard Contractual Clauses: European Commission-approved standard contractual clauses
• Binding Corporate Rules: Approved binding corporate rules for data transfers
• Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and vulnerability testing
• Employee training on data protection practices
• Compliance with industry standards (ISO 27001, NABH, JCI)
• Incident response and breach notification procedures

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data, but we cannot guarantee its absolute security.

Data Retention

We retain your personal data for as long as necessary to provide our services, fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

When we no longer need your personal data, we will securely delete or anonymize it, except as required by law or for legitimate business purposes. We will notify you if we need to retain your data for longer than originally stated.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority
• Right to Not be Subject to Automated Decision Making: Not be subject to decisions based solely on automated processing, including profiling

To exercise these rights, please contact us at info@rxeze.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

Children's Data

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information immediately.

Changes to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. We will notify you of any material changes by posting the new statement on this page and updating the "Last updated" date.

We encourage you to review this statement periodically to stay informed about how we protect your personal data.