GDPR Compliance
General Data Protection Regulation (EU) 2016/679 Compliance Information
Our GDPR Commitment
Sylk Health is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation. We process personal data lawfully, fairly, and transparently.
Data Controller
Sylk Health Inc.
DPO Contact
dpo@sylkhealth.com
EU Representative
[Representative Details]
Your Rights Under GDPR
Right to Access
Article 15
Obtain confirmation of whether we process your data and access to that data
Right to Rectification
Article 16
Request correction of inaccurate personal data
Right to Erasure
Article 17
Request deletion of your personal data ("right to be forgotten")
Right to Restrict
Article 18
Request restriction of processing in certain circumstances
Right to Portability
Article 20
Receive your data in a structured, machine-readable format
Right to Object
Article 21
Object to processing based on legitimate interests or direct marketing
To exercise any of these rights, please submit a request to gdpr@sylkhealth.com or use our Data Subject Request Form. We will respond within 30 days.
Lawful Bases for Processing
Consent
You have given clear consent for us to process your personal data
Used for: Marketing communications, optional services
Contract
Processing is necessary for a contract we have with you
Used for: Booking services, providing requested medical tourism services
Legal Obligation
Processing is necessary to comply with the law
Used for: Tax records, regulatory reporting, legal compliance
Vital Interests
Processing is necessary to protect someone's life
Used for: Emergency medical situations
Legitimate Interests
Processing is necessary for our legitimate interests
Used for: Fraud prevention, network security, service improvement
What We Process
- •Identity Data: Name, date of birth, gender
- •Contact Data: Email, phone, address
- •Service Preferences: Appointment types, communication preferencesWe do NOT collect health or medical data
- •Financial Data: Payment information, transactions
- •Technical Data: IP address, browser data, cookies
Data Retention
- •Active Accounts: Duration of service + 1 year
- •Financial Records: 7 years (tax requirement)
- •Financial Records: 7 years (tax purposes)
- •Marketing Data: Until consent withdrawn
- •Cookie Data: Per cookie policy (1-24 months)
International Data Transfers
Your data may be transferred outside the EEA. We ensure appropriate safeguards:
Standard Contractual Clauses
EU Commission-approved contracts for data transfers
Adequacy Decisions
Transfers to countries with adequate protection levels
Binding Corporate Rules
Internal policies for intra-group transfers
Technical and Organizational Measures
Technical Measures
- Pseudonymization and encryption
- Confidentiality and integrity assurance
- Availability and resilience of systems
- Regular security testing
Organizational Measures
- Staff training and awareness
- Data Protection Impact Assessments
- Privacy by Design principles
- Vendor management procedures
Data Breach Response
In case of a personal data breach, we will:
- • Notify supervisory authorities within 72 hours
- • Inform affected individuals without undue delay if high risk
- • Document all breaches and remedial actions taken
- • Implement measures to prevent recurrence
Cookie Consent
We use cookies in compliance with the ePrivacy Directive. You can manage your preferences at any time.
Data Protection Officer
Supervisory Authority:
You have the right to lodge a complaint with your local data protection authority.
Find your authority →