Plumm and GDPR

The General Data Protection Regulation (GDPR) is an act applicable from May 25th 2018 across the globe to all the organisations that collect, store, manage and process the personal data of European citizens. This regulation enables European citizens to have more control over their personal data which includes every information that reveals their identity. 

According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."

The GDPR is aimed to completely revolutionise the way organisations handle their user’s personal data. Once the law has come into effect, it is mandatory for all organisations to process the data transparently, legally and for a specific and genuine purpose. The breach of the new rules under the GDPR can lead to a penalty of €20 million (approximately $23.5 million USD) or 4% of your global annual turnover, whichever is greater.

Plumm complies with the GDPR guidelines. Some of them are the following.

Only collecting the data that is necessary for business operations. 

Any data that is no longer required should be deleted and need not be kept longer than required. 

Appointing a person in charge of data protection. 

Accessing and processing the data for which consent has been given by the user. 

Processing the data in accordance with the law. 

The terms and conditions as well as the privacy policy should be in simple, understandable language. 

The privacy policy should include, the purpose for which this information will be used, the type of data that will be held and much more. 

When asked for consent, it should be clear and visible to the user such as an “opt-in” tick box or button. 

The user should be allowed to withdraw his/her consent anytime by simply opting out. 

Not only the user but the employees should also have complete control over the information being shared with the organisation. 

If and when requested by the user, the organization must provide a copy of the relevant personal data being processed within 1 month of the request and free of cost. 

Ensuring that the third parties (if involved) comply with the GDPR while the data is being shared with them for a necessary reason. 

Plumm assures you that we are compliant with all guidelines of the GDPR. Our video sessions and chats are secure and fully encrypted. We have appointed an officer who manages data protection. We also use Virgil and SSL security to further ensure that the details are secured between you and your therapist with a condition that the therapist must protect confidentiality and records of sessions. 

To know more about your rights as a Plumm user, please refer to our privacy policy. 

You can also reach out to our Data Protection Officer at DPO@plummhealth.com for more details.