Compliance & Privacy Policy

Network Compliance

The type and amount of personal data you may process depends on the reason you are processing it (legal reason used) and what you want to do with it.  The BlueCloud Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR). BlueCloud also follows the Standard Contractual Clauses and the EU-US Privacy Shield and Swiss-U.S. Privacy Shield Frameworks.

The BlueCloud Network respects the privacy of its members and has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using appropriate state-of-the-art technology.

Purpose Limitation

The BlueCloud Network does not process personal data, and only stores personal data for specified, explicit, and legitimate purposes. The BlueCloud Network does not use personal data for purposes that are not compatible with the original purpose for which the data is stored. Members own their own personal data and have the power to use the BlueCloud Network tools to allow private and shareable access with third parties. When sharing their personal data, Members are required to indicate when, where, and how the data is shared as well as the purpose of the data sharing with third parties.

Data Minimization

The BlueCloud Network limits the amount of personal data that it keeps to the minimum necessary.

 Accuracy

The personal data of a BlueCloud Network member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date. The BlueCloud Network provides its members with tools to help the members correct personal data and keep it up to date.

Storage Limitation

Any personal data held by the BlueCloud Network will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.

Removal of Data

The BlueCloud Network has processes in place to allow the removal of personal data from the BlueCloud Network subject to limitations that may be imposed by applicable laws, regulations, or other requirements. Examples include, regulations that may require personal data to be retained for human subjects research, such as documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.

Breach of Personal Data

In the unlikely event a member’s personal data is stolen or illegally accessed, the BlueCloud Network will notify the appropriate authorities within 72 hours and will communicate the personal data breach to the affected data subjects without undue delay.

Consent to Process Personal Data

The BlueCloud Network does not directly process personal data; it provides a place for individuals to store personal data and allows individuals and organizations the right to use BlueCloud Networking tools for business, compliance, and other purposes.  Before an individual can store personal data, BlueCloud Network requires individuals to provide consent for BlueCloud Network to store their data.

 Compliance

The BlueCloud Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR). BlueCloud also follows the Standard Contractual Clauses and EU-US Privacy Shield Program.

Standard Contractual Clauses

  • Data Importer
    • BlueCloud (the Data Importer) is a global technology private secure network that provides management systems to healthcare professionals and business organizations to connect, centralize and share required information
  •  Data Subjects
    • The Personal Data transferred concern the following categories of Data Subjects: Healthcare professionals
  •  Categories of Data
    • The Personal Data transferred concern the following categories of data: First name, last name, address, phone number, mobile number, email address, professional title and preferences.
  •  Special Categories of Data (if appropriate)
    • The Personal Data transferred concern the following Special Categories of Data: Not applicable
  •  Data Transfer Processing Operations
    • Personal Data is transferred to the BlueCloud as follows: Healthcare professionals set up their own private personal accounts, upload professional, experience, and training records, and then opt-in to connect and share information with BlueCloud organizations for business and compliance purposes.

Privacy Shield Compliance

BlueCloud complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  BlueCloud has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, BlueCloud commits to resolve complaints about its collection or use of member personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BlueCloud as follows:

BlueCloud has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.  You may also refer to Privacy Policy FAQs for additional information.

 BlueCloud is required to abide by the following:

  • To the investigatory and enforcement powers of the Federal Trade Commission (FTC).
  • Under certain conditions, individuals may invoke binding arbitration.
  • Disclose personal information in response to lawful requests by public authorities, including requests to comply with national security or law enforcement requirements.
  • For liability in cases of onward transfers to third parties.

Opt-Out / Choice

BlueCloud will provide an individual opt-out choice, or opt-in for sensitive data, before a member’s data can be shared with third parties other than agents of BlueCloud, or before it is used for a purpose other than which it was originally collected or subsequently authorized.  To limit the use and disclosure of your personal information, please submit a written request to:

 

SUMMARY: BlueCloud is a secure, reliable environment that maintains hosting, physical security, and logical security via a vXCHNG -SSAE-16-SOI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes are used when creating new software and technology improvements. Whenever required, each separate BlueCloud networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require virtual and/or on-site proof of vendor audits. BlueCloud’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. BlueCloud’s Primary Engines and Networking Systems are not created using open-source technologies.