GDPR Compliance

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

Under GDPR, you have the following rights regarding your personal data:

• Right to be informed: You have the right to be informed about the collection and use of your personal data.
• Right of access: You have the right to request access to your personal data.
• Right to rectification: You have the right to have inaccurate personal data rectified.
• Right to erasure: You have the right to have your personal data erased in certain circumstances.
• Right to restrict processing: You have the right to request the restriction of processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used format.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances.
• Rights related to automated decision making: You have rights regarding automated decision making and profiling.

RXHMD is committed to protecting your personal data and complying with GDPR requirements:

• We process personal data lawfully, fairly, and transparently
• We collect data for specified, explicit, and legitimate purposes
• We ensure data is adequate, relevant, and limited to what is necessary
• We keep personal data accurate and up to date
• We retain personal data only as long as necessary
• We process data securely using appropriate technical and organizational measures

We process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for us to process your personal data for specific purposes
• Contract: When processing is necessary for the performance of a contract with you
• Legal obligation: When processing is necessary for compliance with a legal obligation
• Legitimate interests: When processing is necessary for our legitimate interests or those of a third party

For any questions regarding GDPR compliance or to exercise your rights, please contact our Data Protection Officer at [email protected]

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Certification schemes

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

To exercise any of your GDPR rights, please contact us at [email protected] with the following information:

• Your full name and contact information
• A clear description of the right you wish to exercise
• Any relevant details to help us locate your data
• Proof of identity (for security purposes)

We will respond to your request within one month of receipt.

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.