GDPR Compliance

GDPR Compliance

Last Updated: March 15, 2026

Table of Contents
Introduction
GDPR Scope
Your GDPR Rights
Legal Basis for Processing
Data Collection & Use
Data Sharing & Transfers
Data Security
Data Retention
Data Subject Rights
Data Breach Notification
Cookies & Tracking
Minors' Rights
International Transfers
Data Protection Officer
Filing Complaints
Contact Us

Introduction

At Abgrat, we are deeply committed to protecting the privacy and data rights of all users, especially those located in the European Union (EU), European Economic Area (EEA), and United Kingdom.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals significant control over their personal data. We fully adhere to GDPR principles and all its requirements.

Who We Are Under GDPR

Data Controller

We determine the purposes and means of processing your personal data.

Entity Details

Abgrat operates as a health information platform, committed to data protection excellence.

GDPR Scope

GDPR applies to:

  • ✅ Individuals in the EU, EEA, and United Kingdom
  • ✅ Data processing that occurs within the EU/EEA
  • ✅ Offering goods/services to individuals in the EU/EEA
  • ✅ Monitoring behavior of individuals in the EU/EEA

What is Personal Data?

Under GDPR, personal data is any information relating to an identified or identifiable natural person.

Identity Data

Name, username, unique identifier

Contact Data

Email address, phone number (optional)

Technical Data

IP address, browser type, device, OS

Usage Data

How you use our service

Special Category Data

Health information you voluntarily provide

Your Rights Under GDPR

Under GDPR, you have the following rights:

1

Right to Access (Article 15)

Right to obtain confirmation and a copy of your personal data.

2

Right to Rectification (Article 16)

Right to correct inaccurate or incomplete personal data.

3

Right to Erasure (Article 17)

Right to delete your personal data ("right to be forgotten").

4

Right to Restrict Processing (Article 18)

Right to limit how we use your data.

5

Data Portability (Article 20)

Right to receive your data in a structured, commonly used format.

6

Right to Object (Article 21)

Right to object to certain processing of your data.

7

Automated Decision-Making (Article 22)

Right not to be subject to decisions based solely on automated processing.

8

Right to Withdraw Consent (Article 7)

Right to withdraw consent at any time if processing is based on consent.

Data Security

Technical Measures

Encryption

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • End-to-end encryption for health data

Access Control

  • Multi-factor authentication
  • Need-based access only
  • Regular access reviews

Monitoring

  • Intrusion detection systems
  • 24/7 security monitoring
  • Comprehensive logging

Backups

  • Daily encrypted backups
  • Off-site storage
  • Regular recovery testing

Organizational Measures

Employee Training

Comprehensive data privacy training and regular GDPR awareness programs

Policies & Procedures

Information security policy, breach response plan, vendor management procedures

Testing & Auditing

Regular vulnerability assessments, annual penetration testing, GDPR compliance audits

Frequently Asked Questions

Contact Us

Data Protection Officer

Privacy Team

Security Team

General Support

GDPR compliance is not a one-time event - it's an ongoing commitment. We are dedicated to protecting your privacy and data rights.

Last Updated: March 15, 2026Version: 2.0© 2026 Abgrat. All rights reserved.