GDPR Compliance

Descripción general

vitalera fully complies with the General Data Protection Regulation (GDPR), ensuring the protection and privacy of personal health data for all users within the European Union. As a CE-marked MDR medical device software platform for remote patient monitoring, GDPR compliance is integral to how vitalera handles patient vital signs, clinical observations, and healthcare communications.

Principios clave

Principle	Implementation
Lawfulness	Data processing based on consent and legitimate interest
Purpose Limitation	Data collected only for specified healthcare purposes
Data Minimization	Only necessary data is collected and processed
Accuracy	Tools for patients to review and update their data
Storage Limitation	Data retention policies aligned with regulatory requirements
Security	Encryption, access controls, and security monitoring

Derechos de los interesados

vitalera supports all GDPR data subject rights:

Right of Access: Patients can view all their personal data
Right to Rectification: Patients can update incorrect data
Right to Erasure: Account deletion functionality available
Right to Data Portability: Data export in standard formats
Right to Object: Patients can withdraw consent at any time

Residencia de datos

All patient data is stored in the EU (Ireland, eu-west-1) on AWS infrastructure with AES-256 encryption at rest and TLS 1.2+ in transit. No health data leaves the European Economic Area.

Procesamiento de datos

Data Controller: The healthcare organization using vitalera
Data Processor: FOLLOWHEALTH S.L. (vitalera platform operator)
Data Processing Agreement: Available for all clients

Descripción general​

Principios clave​

Derechos de los interesados​

Residencia de datos​

Procesamiento de datos​

Descripción general

Principios clave

Derechos de los interesados

Residencia de datos

Procesamiento de datos