GDPR Compliance

Our Commitment to GDPR Compliance

Mahalo Health is committed to ensuring compliance with the General Data Protection Regulation (GDPR), which enhances the protection of personal data for individuals within the European Union (EU) and European Economic Area (EEA).

We have implemented comprehensive measures to ensure that our platform, processes, and practices align with GDPR requirements, providing our customers and users with the highest standards of data protection.

Data Protection Measures

We have implemented robust technical and organizational measures to protect personal data, including encryption, access controls, and regular security assessments.

Data Processing Agreements

We provide comprehensive Data Processing Agreements (DPAs) that outline our responsibilities and obligations regarding the processing of personal data.

Documentation and Records

We maintain detailed documentation of our data processing activities, including records of processing activities, data protection impact assessments, and breach notification procedures.

Individual Rights

We have implemented processes to facilitate the exercise of individual rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing.

Key GDPR Principles We Follow

Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
Purpose limitation: We collect personal data for specified, explicit, and legitimate purposes.
Data minimization: We limit the collection of personal data to what is necessary for the purposes for which it is processed.
Accuracy: We take reasonable steps to ensure that personal data is accurate and kept up to date.
Storage limitation: We retain personal data only for as long as necessary for the purposes for which it is processed.
Integrity and confidentiality: We process personal data in a manner that ensures appropriate security.
Accountability: We are responsible for and can demonstrate compliance with GDPR principles.

International Data Transfers

Mahalo Health may transfer personal data outside the EU/EEA. When we do, we ensure that appropriate safeguards are in place to protect the data, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (BCRs)
Adequacy decisions by the European Commission

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our DPO at dpo@mahalo.health.

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

Right to access: You have the right to request a copy of the personal data we hold about you.
Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to erasure: You have the right to request that we delete your personal data in certain circumstances.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability: You have the right to request that we transfer your personal data to another organization or to you in certain circumstances.
Right to object: You have the right to object to the processing of your personal data in certain circumstances.
Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@mahalo.health.

Contact Us

If you have any questions about our GDPR compliance or would like to exercise your rights under GDPR, please contact us at:

Mahalo Health, Inc.
123 Innovation Way
San Francisco, CA 94107
Email: privacy@mahalo.health
Phone: +1 (800) 555-1234