Med DropoffMED DROPOFF← Back to Home

GDPR Compliance

Med Dropoff is fully compliant with the General Data Protection Regulation (GDPR), ensuring the highest standards of data protection and privacy for our European healthcare partners and patients.

GDPR Principles We Follow

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and with clear communication about our data practices.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes only.

Data Minimization

We collect and process only the minimum data necessary for medical delivery services.

Accuracy

Personal data is kept accurate and up-to-date, with mechanisms for correction.

Storage Limitation

Data is retained only as long as necessary for the specified purposes.

Integrity & Confidentiality

Appropriate security measures protect against unauthorized processing and data breaches.

Accountability

We demonstrate compliance through documentation, policies, and regular assessments.

Your Data Protection Rights

Right to Information

Clear information about how we collect, use, and protect your personal data.

Right of Access

Request copies of your personal data and information about our processing activities.

Right to Rectification

Correct inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Limit how we use your personal data in specific situations.

Right to Data Portability

Receive your data in a structured, machine-readable format for transfer.

Legal Bases for Processing

Contract Performance

We process personal data to fulfill our contractual obligations for medical delivery services, including:

  • • Delivery coordination and tracking
  • • Patient notification and updates
  • • Billing and payment processing
  • • Customer support and service

Legitimate Interest

We may process data based on legitimate business interests when balanced against individual rights:

  • • Fraud prevention and security
  • • System monitoring and optimization
  • • Business development and improvement
  • • Marketing to existing customers

Consent

For certain processing activities, we obtain explicit consent, which you can withdraw at any time. This includes marketing communications, cookies for analytics, and optional service features.

Technical & Organizational Measures

Data Security

Encryption

  • • AES-256 encryption for data at rest
  • • TLS 1.3 for data in transit
  • • End-to-end encryption for sensitive communications
  • • Encrypted database storage and backups

Access Controls

  • • Multi-factor authentication required
  • • Role-based access permissions
  • • Regular access reviews and deprovisioning
  • • Audit logging of all data access

Organizational Controls

Staff Training

  • • GDPR awareness training
  • • Data handling procedures
  • • Regular compliance updates
  • • Incident response training

Policies & Procedures

  • • Data protection policies
  • • Privacy impact assessments
  • • Data breach procedures
  • • Vendor management protocols

Oversight

  • • Designated Data Protection Officer
  • • Regular compliance audits
  • • Privacy committee oversight
  • • External legal review

International Data Transfers

Adequacy Decisions

When transferring data outside the EU, we ensure appropriate safeguards are in place, including relying on European Commission adequacy decisions where available.

Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

Transfer Impact Assessments

We conduct transfer impact assessments to evaluate the level of protection in destination countries and implement additional safeguards when necessary.

Data Localization

European customer data is primarily processed within the EU/EEA, with limited transfers only when necessary for service delivery.

Exercise Your Rights

Have questions about our data protection practices or want to exercise your GDPR rights? Our Data Protection Officer and privacy team are here to help.

Contact Privacy TeamPrivacy Policy

Data Protection Officer: privacy@meddropoff.com
Response Time: We respond to all privacy requests within 30 days