BlueCloud Compliance & Privacy Policy

BlueCloud Compliance and Privacy Policy

Network Compliance

The type and amount of personal data you may process depends on the reason you are processing it (legal reason used) and what you want to do with it.  The BlueCloud Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR).  BlueCloud also follows the Standard Contractual Clauses and the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework Principles (Swiss-US DPF), and to the rights of EU and UK individuals and Swiss individuals.

The BlueCloud Network respects the privacy of its members and has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using appropriate state-of-the-art technology.

Purpose Limitation

The BlueCloud Network does not process personal data, and only stores personal data for specified, explicit, and legitimate purposes. The BlueCloud Network does not use personal data for purposes that are not compatible with the original purpose for which the data is stored. Members own their own personal data and have the power to use the BlueCloud Network tools to allow private and shareable access with third parties (e.g pharmaceutical companies, hospitals, medical groups) to view personal limited data sets (e.g. CVs, medical licenses, required training certificates). When sharing their personal data, Members are required to indicate when, where, and how the data is shared as well as the purpose of the data sharing with third parties.

Data Minimization

The BlueCloud Network limits the amount of personal data that it keeps to the minimum necessary.

Accuracy & Accessibility

The personal data of a BlueCloud Network member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date. The BlueCloud Network provides its members with tools to help the members correct personal data and keep it up to date.  Member has access 24/7 to personal information about them that an organization holds and may correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Storage Limitation

Any personal data held by the BlueCloud Network will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.

Removal of Data

The BlueCloud Network has processes in place to allow the removal of personal data from the BlueCloud Network subject to limitations that may be imposed by applicable laws, regulations, or other requirements. Examples include regulations that may require personal data to be retained for human subject research, such as documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.

Breach of Personal Data

In the unlikely event a member’s personal data is stolen or illegally accessed, the BlueCloud Network will notify the appropriate authorities within 72 hours and will communicate the personal data breach to the affected data subjects without undue delay.

 

Consent to Process Personal Data

The BlueCloud Network does not directly process personal data; it provides a place for members to store personal data and allows members and organizations the right to use BlueCloud Networking tools for business, compliance, and other purposes.  Before a member can store personal data, BlueCloud Network requires members to provide consent for BlueCloud Network to store their data.

Opt-Out / Choice

BlueCloud will provide member the choice to opt-out or opt-in for sensitive data, before a member’s data can be shared with third parties other than agents of BlueCloud, or before it is used for a purpose other than which it was originally collected or subsequently authorized.  To limit the use and disclosure of your personal information, please submit a written request to:

 Compliance

The BlueCloud Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR).  BlueCloud also follows the Standard Contractual Clauses, the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Programs.

Standard Contractual Clauses

 Data Importer

    • BlueCloud (the Data Importer) is a global technology private secure network that provides management systems to healthcare professionals and business organizations to connect, centralize and share required information.
  • Data Subjects
    • The Personal Data transferred concerns the following categories of Data Subjects: Healthcare professionals.
  • Categories of Data
    • The Personal Data transferred includes the following categories of data: First name, last name, address, phone number, mobile number, email address, professional title and preferences.
  • Special Categories of Data (if applicable)
    • Not applicable as Personal data not transferred out of BlueCloud.
  • Data Transfer Processing Operations
    • Personal Data is transferred via technical upload through the cloud process (e.g. web browser, FTP) to the BlueCloud as follows: Healthcare professionals set up their own private personal accounts, upload professional, experience and training records then opt-in to connect and share information with affiliated BlueCloud organizations for business and compliance purposes.

Data Privacy Framework Compliance

BlueCloud complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  BlueCloud has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union, and the United Kingdom in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF.  BlueCloud has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, and the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Data Privacy Framework Principles, BlueCloud commits to resolve complaints free of charge about its collection or use of member personal information.  Individuals, including those from the European Union and Switzerland, with inquiries or complaints regarding our Data Privacy Framework policy should first contact BlueCloud as follows:

Sheri Campbell Midkiff – COO

[email protected]

Office 512-302-3113

In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, BlueCloud commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. You may also refer to Data Privacy Framework Program FAQs for UK Information Commissioner’s Office additional information.

BlueCloud is required to abide by the following:

  • To the investigatory and enforcement powers of the Federal Trade Commission (FTC).
  • Under certain conditions, individuals may invoke binding arbitration.
  • Disclose personal information in response to lawful requests by public authorities, including requests to comply with national security or law enforcement requirements.
  • For liability in cases of onward transfers to third parties.

 

SUMMARY: BlueCloud is a secure, reliable environment that maintains hosting, physical security, and logical security via Element Critical ISO 27001:2013 compliant certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes are used when creating new software and technology improvements. Whenever required, each separate BlueCloud networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require virtual and/or on-site proof of vendor audits. BlueCloud’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies.  BlueCloud’s Primary Engines and Networking Systems are not created using open-source technologies.

 

Updated:  7/2/2024