GDPR Compliance Statement
The EU General Data Protection Regulations (“GDPR”) focus on the collection, storage, retention and use of personally identifiable data (“PID”), along with providing those from whom data is collected notice of the procedure for ensuring their PID is deleted should it be stored after collection. Cadwell equipment and software are capable of being used in compliance with the GDPR so that PID can be collected, utilized and safeguarded in a GDPR-compliant manner. Cadwell’s software architecture includes log-in authentication for user access, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates and data encryption, which support GDPR-compliant use.
Clinicians use Cadwell equipment to collect PID, however Cadwell does not host, store or retain PID on behalf of clinicians. All collected PID remains under the control of the equipment/software user and the network host for the network into which the equipment is integrated. In the event equipment containing PID is sent back to Cadwell for service, Cadwell follows annually-reviewed and audited procedures (“Internal Procedures”) to safeguard PID and prevent all unauthorized disclosures while in Cadwell’s care. All employees are trained annually on the Internal Procedures.