Privacy Policy

September 12, 2018

ProsFit Technologies JSC

  • Registered in Sofia, Bulgaria (EU)
  • UIC: 203184177, VAT: BG203184177
  • Address: Blvd. Nikola Vaptsarov 53A, 1407 Sofia, Bulgaria

To contact the Data Protection Officer, please email data@prosfit.com

ProsFit

  • is a Controller of data in the EU in accordance with GDPR, including for data related to health

  • has architected and implements best practices for data privacy into its systems and operations

  • is GDPR-compliant

ProsFit's Privacy Policy / Data Protection Policy could affect you in a number of ways.

How does ProsFit's Privacy Policy affect you?

You may be affected by ProsFit's Privacy Policy as:

  • Visitor to prosfit.com (and/or subdomain)

  • Customer / User of PandoFit and/or PandoFit Cloud

  • Wearer's Data input in to PandoFit; End-User of a ProsFit Product; "Patient Data"

  • Receiving emails; part of Direct Marketing and Sales list; CRM

  • We met and exchanged business cards, details; via email, or similar

  • Employee or potential employee

  • Processor / sub-contractor or potential processor / sub-contractor

  • I WANT TO UNSUBSCRIBE /STOP HEARING FROM PROSFIT!

  • I have a concern about my data, and/or otherwise want to speak to the person who is responsible for data protection – how can I contact the Data Protection Officer

For more information, visit How does ProsFit's Privacy Policy affect you?

Context

ProsFit

"ProsFit" represents the company ProsFit Technologies JSC, registered in Sofia, Bulgaria (EU); with UIC: 203184177, VAT: BG203184177, and at address: Blvd. Nikola Vaptsarov 53A, 1407 Sofia, Bulgaria.

ProsFit is a company with the vision:

  • “A World where innovation provides limb wearers a choice of
    affordable, reliable and desirable prosthetic products and services”

ProsFit delivers solutions, products and services primarily related to prosthetics, as well as orthotics, rehabilitation, and related fields.

Formally, ProsFit is a manufacturer of medical devices based in the EU, and accordingly is in compliance with medical device standards including Medical Devices Directive EC/93/42; and as applicable in other geographies.

ProsFit's activities include processing data, including data related to health – a special category of data according to GDPR.

Data and Privacy

ProsFit is driven for quality, robustness, outcomes, security, privacy and other rights related to personal sovereignty and ability to live as a free and independent human being.

In accordance with this, ProsFit's processing of data is taken from a principle of data privacy and security, including principles of minimization, practice of pseudonymisation of any patient data, and applicable security best practices.

GDPR and compliance

'GDPR' - ProsFit believes fundamentally in rights for data privacy and applies these, including in accordance with with GDPR - "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"

ProsFit general principles for privacy and data security

ProsFit applies general principles and practices related to privacy and data security:

  • Privacy and data security are fundamentally important

  • Appropriate privacy and data security practices are required and applied

  • Systems, data flows and security are mapped

  • All processors are stated and assured as GDPR compliant

  • Appropriate consent is required

  • We make as easy as possible to remove consent and "unsubscribe"

  • All processing of EU data takes place within the EU

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • Pseudonymization of Patient Data is applied

  • Obligations towards legal and regulatory standards including for Medical Devices are applied; This includes an obligation to keep data related to provision of Class I Medical Devices for a minimum of 5 years

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

  • The team are motivated, trusted, trained, supported, and contractually obligated to the appropriate and correct treatment of data and confidentiality

  • ProsFit's Privacy Policy is in accordance with ProsFit's Quality Management System

How does ProsFit's Privacy Policy affect you?

Visitor to prosfit.com (and/or subdomain)

  • Privacy and data security are fundamentally important (…)

  • Data is minimized

  • Visitors to prosfit.com do not generally have any data processed in relation to them, except the potential for fair use of anonymous Statistical Data.

  • ProsFit may use cookies on prosfit.com for the provision of in-browser behavior (such as remembering login name or that you have agreed to the Terms and Conditions (where applicable)), but does not use cookies to collect from you or share to 3rd parties any data.

  • Appropriate consent is required

  • Please note: Consent for Contact: When you input your name and contact data into a Contact Form, Sign up form, Newsletter signup, or otherwise -\> you provide consent that we may contact you in response to and in accordance with your request.

  • We make as easy as possible to remove consent and "unsubscribe"

  • At any time you may unsubscribe from receiving any further communication from us by contacting us at unsubscribe@prosfit.com .

  • You may be requested to specify for further information and/or for Customers whether you would like to also cancel your Subscription.

  • Note: For on-going or previous Customers: We reserve the right to exceptionally contact you including in case required to meet applicable regulatory or legal requirements

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

Customer / User of PandoFit and/or PandoFit Cloud

  • Privacy and data security are fundamentally important (…)

  • Appropriate privacy and data security practices are required and applied

  • Systems, data flows and security are mapped

  • All processors are stated and assured as GDPR compliant

  • Appropriate consent is required

  • We make as easy as possible to remove consent and "unsubscribe"

  • At any time you may unsubscribe from receiving any further communication from us by contacting us at unsubscribe@prosfit.com .

  • You may be requested to specify for further information and/or for Customers whether you would like to also cancel your Subscription.

  • Note: For on-going or previous Customers: We reserve the right to exceptionally contact you including in case required to meet applicable regulatory or legal requirements

  • You may Cancel your Subscription to PandoFit while logged in to your account at pandofit.prosfit.co.uk and/or via PayPal (where applicable)

  • All processing of EU data takes place within the EU

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • Pseudonymization of Patient Data is applied

  • Obligations towards legal and regulatory standards including for Medical Devices are applied; This includes an obligation to keep data related to provision of Class I Medical Devices for a minimum of 5 years

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

Wearer's Data input in to PandoFit; End-User of a ProsFit Product; "Patient Data"

  • Privacy and data security are fundamentally important (…)

  • Appropriate privacy and data security practices are required and applied

  • Systems, data flows and security are mapped

  • All processors are stated and assured as GDPR compliant

  • Appropriate consent is required

  • We make as easy as possible to remove consent and "unsubscribe"

  • All processing of EU data takes place within the EU

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • Pseudonymization of Patient Data is applied

  • Obligations towards legal and regulatory standards including for Medical Devices are applied; This includes an obligation to keep data related to provision of Class I Medical Devices for a minimum of 5 years

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

  • The team are motivated, trusted, trained, supported, and contractually obligated to the appropriate and correct treatment of data and confidentiality

  • ProsFit's Privacy Policy is in accordance with ProsFit's Quality Management System

Receiving emails; part of Direct Marketing and Sales list; CRM

  • Privacy and data security are fundamentally important (…)

  • Appropriate privacy and data security practices are required and applied

  • All processors are stated and assured as GDPR compliant

  • Appropriate consent is required

  • We make as easy as possible to remove consent and "unsubscribe"

  • All processing of EU data takes place within the EU

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • We make as easy as possible to remove consent and "unsubscribe"

  • At any time you may unsubscribe from receiving any further communication from us by contacting us at unsubscribe@prosfit.com .

  • You may be requested to specify for further information and/or for Customers whether you would like to also cancel your Subscription.

  • Note: For on-going or previous Customers: We reserve the right to exceptionally contact you including in case required to meet applicable regulatory or legal requirements

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

We met and exchanged business cards, details; via email, or similar

  • Appropriate consent is required

Prior consent assumed. Please see "Receiving emails; part of Direct Marketing and Sales list; CRM"

Employee or potential employee

  • Privacy and data security are fundamentally important (…)

  • Appropriate privacy and data security practices are required and applied

  • Systems, data flows and security are mapped

  • Appropriate consent is required

  • We make as easy as possible to remove consent and "unsubscribe"

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • Obligations towards legal and regulatory standards including for Medical Devices are applied; This includes an obligation to keep data related to provision of Class I Medical Devices for a minimum of 5 years

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • The team are motivated, trusted, trained, supported, and contractually obligated to the appropriate and correct treatment of data and confidentiality

  • ProsFit's Privacy Policy is in accordance with ProsFit's Quality Management System

Processor / sub-contractor or potential processor / sub-contractor

  • Privacy and data security are fundamentally important (…)

  • Appropriate privacy and data security practices are required and applied

  • Systems, data flows and security are mapped

  • All processors are stated and assured as GDPR compliant

  • All processing of EU data takes place within the EU

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • Data is minimized

  • Reference or access to data is minimized

  • Obligations towards legal and regulatory standards including for Medical Devices are applied; This includes an obligation to keep data related to provision of Class I Medical Devices for a minimum of 5 years

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

  • ProsFit's Privacy Policy is in accordance with ProsFit's Quality Management System

I WANT TO UNSUBSCRIBE /STOP HEARING FROM PROSFIT!

  • Privacy and data security are fundamentally important (…)

  • We make as easy as possible to remove consent and "unsubscribe"

  • At any time you may unsubscribe from receiving any further communication from us by contacting us at unsubscribe@prosfit.com .

  • You may be requested to specify for further information and/or for Customers whether you would like to also cancel your Subscription.

  • Note: For on-going or previous Customers: We reserve the right to exceptionally contact you including in case required to meet applicable regulatory or legal requirements

  • Data is treated in such a way to meet regulatory, contractual and legal obligations

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place

I have a concern about my data, and/or otherwise want to speak to the person who is responsible for data protection – how can I contact the Data Protection Officer

  • Privacy and data security are fundamentally important

  • Appropriate privacy and data security practices are required and applied

  • A Data Protection Officer is in place and may be contacted at data@prosfit.com

  • Procedures for Data Protection and response to concerns related to data are in place