Data Transfers and Access to Personal Health Data
Persei Vivarium ensures that personal health data (DSCP) is hosted within the European Economic Area (EEA).
However, certain subprocessors involved in the hosting service, such as cloud infrastructure providers, may be subject to non-European legislation that could result in access requests from foreign authorities.
Transfers and Remote Access
- No transfer of DSCP outside the EEA is performed
- Remote access from outside the EEA may occur under strict control and security measures
Subprocessors involved in the HDS hosting service
The following cloud infrastructure providers may intervene in the provision of the HDS hosting service:
- Amazon Web Services (AWS)
- Microsoft Azure
These subprocessors are used for cloud infrastructure, hosting, storage, backup or related technical services necessary for the provision, operation and security of the HDS hosting service.
Applicable Non-European Regulations
- US CLOUD Act
- FISA 702
Risk Mitigation Measures
- Encryption of data at rest and in transit
- Strict access control and authentication
- Data segregation
- Standard Contractual Clauses (SCCs), where applicable
- Transfer Impact Assessments (TIA), where applicable
Residual Risks
Despite the implementation of these technical and organizational measures, and in line with regulatory requirements, a limited residual risk may remain. This risk has been formally assessed, documented, and accepted within the organization’s Information Security Management System (ISMS), in accordance with ISO 27001 and GDPR requirements.
