-
Notifications
You must be signed in to change notification settings - Fork 0
Privacy
This is an interdisciplinary student project. It is run by University of Maribor Faculty of medicine. Our goal is to develop an open-source software to help track and analyse Out of Hospital Cardiac Arrest (OHCA).
We process data already gathered by EMS as stated in the EMS rules from 2015. We also gather additional data required to meet the Utstein 2015 standard and EuReCa 3 standard.
We gather and use data with vital interest. Processing activity that could be required to save someone’s life. With our data gathering we can improve outcomes of patients having OHCA in Slovenia and Europe.
Personal data is anonymised using SHA-256 and date of birth. This ensures that it can be quality controlled and errors addressed. Data used for research and analysis is always anonymous. We will not forward any identifiable data points.
Data is stored indefinitely, with vital indication
- The data subject's right of access which means 1) the right to know whether data concerning him or her are being processed and 2) if so, access it with loads of additional stipulations (GDPR Article 15).
- The data subject's right to rectification. When personal data are inaccurate, then controllers need to correct them indeed (GDPR Article 16).
- The previously mentioned right to erasure or right to be forgotten with additional stipulations, among others if personal data has been made public (GDPR Article 17).
- The data subject right to restriction of processing. Simply said, the right of the consumer or whatever you call the natural person under the scope of the GDPR, to limit the processing of his/her personal data with, once more, several rules and exceptions of course (GDPR Article 18).
- The right to be informed. Here we stretch it a bit. In general, the GDPR asks controllers and so on to inform data subjects on several matters. Providing clear and correct information is a key duty in many regards. Simply said, the GDPR wants consumers to know because if you don't know you can't decide, right? However, here we rather mean GDPR Article 19 which, again simply put, means that personal data that have undergone an action as a consequence of one of the other, just mentioned data subject rights, the controller must inform recipients who got these data, where feasible. And then the data subject also has a right, even if not strictly called a right, to ask "who are all these recipients who got to see my data". So, right or not? It explains why we said 7.5 but it really is a right. More about information duties further below.
- The right to data portability. This is again one of those data subject rights that are in the infographic and which we covered more in depth previously. With the right to data portability we're in GDPR Article 20, so, keeping in mind that data subject rights are covered in Articles 5 until 22 that means two more to go.
- GDPR Article 21 is all about the data subject's right to object. That does indeed mean what it says: data subjects can say they don't want the personal data processing to be done or going on. This might seem a bit overlapping with other data subject rights but it isn't. Of course in practice the data subject can, again within specific conditions, exercise the right to object and the right to be forgotten. Especially direct marketers and people who do profiling should pay a lot of attention to the right to object as it's a lot about them and certainly profiling with automated means (though not solely).
- The data subject right not not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This is pretty much a copy and paste of GDPR Article 22, Paragraph 1, which ends the 'official' list of data subject rights.
For more information please see this webpage.
Our database project is APPROVED by Komisija Republike Slovenije za medicinsko etiko. Reference number 0120-153/2022/3.
©SiOHCA 2022