Data Transfers and Access to Personal Health Data
Persei Vivarium ensures that personal health data (DSCP) is hosted within the European Economic Area (EEA).
However, certain subprocessors involved in the hosting service (such as cloud providers) may be subject to non-European legislation that could result in access requests from foreign authorities.
Transfers and Remote Access
- No transfer of DSCP outside the EEA is performed
- Remote access from outside the EEA may occur under strict control and security measures
Applicable Non-European Regulations
- US CLOUD Act
- FISA 702
Risk Mitigation Measures
- Encryption of data at rest and in transit
- Strict access control and authentication
- Data segregation
- Standard Contractual Clauses (SCCs)
- Transfer Impact Assessments (TIA)
Residual Risks
Despite the implementation of these technical and organizational measures, and in line with regulatory requirements, a limited residual risk may remain. This risk has been formally assessed, documented, and accepted within the organization’s Information Security Management System (ISMS), in accordance with ISO 27001 and GDPR requirements.
