When collecting, using and sharing such information, we are guided by the respect to the individual rights and freedoms, compliance with the data protection laws such U.S. Health Insurance Portability and Accountability Act (HIPPA) and the EU General Data Protection Regulation (GDPR), and implementation of the recognized information security standards.
What you can expect from us
We believe it is important to think about data protection beyond legal requirements. At Falck, we care about people, and such a standard of care extends to their personal data.
We believe that by being open and transparent about what we do and by following rules, we improve the services for the individuals. Whenever we process personal data, our customers, clients and employees can expect us to responsibly follow these key rules:
- We use the information we collect only in accordance with the law
- We clearly explain why and how we collect, use and share personal data and follow these promises in practice
- We do not collect more personal data than necessary to meet a specific business need or a legal requirement and do not keep it longer than necessary to e.g. provide a service
- We ensure that personal data we hold is not outdated or incorrect, and provide individuals with the necessary means to verify it
- We ensure that security controls, such as encryption, are in place to protect personal data from malicious third-parties
- We take responsibility for how we handle personal data and cooperate with our business partners and authorities in good faith
To ensure that these principles are embedded in all our activities, we have put in place Group Data Protection and Information Security Management systems, supported by the global processes and documentation, awareness-raising, training for our employees, internal audits and continuous improvement.
What we expect from our suppliers
All suppliers and individual consultants doing business with Falck are expected to follow the same high standards as we set for ourselves. This includes, for example:
- Entering into the necessary contractual arrangements, such as a data processing agreement, with Falck
- Ensuring that all international data transfers outside the EU/EEA are based on the GDPR-approved mechanisms, such as Standard Contractual Clauses
- Cooperating with Falck without undue delay and in a good faith in case of security incidents or data breaches
- Complying and, in some instances, being certified to the recognized information security standards, such as ISO 27001
- Being in control of sub-suppliers and ensuring that their practices are compliant with the law
We expect our suppliers to read and follow Group Data Protection Policy (see the link below) and the relevant agreements.
Where you can find more information
You can read more about our efforts to protect personal data in our Group Data Protection Policy.
If you have any questions, comments or inquiries, you are welcome to contact the Group Data Protection Officer at firstname.lastname@example.org.
We have earned independent certifications recognizing our high-quality personal data processing and information security practices:
- Our Assistance business in Norway, Ambulance business in Denmark and Healthcare business in Denmark hold independent ISAE3000 assurance reports attesting their compliance to selected GDPR controls
- In addition, our Healthcare business in Denmark holds ISAE3402 assurances report certifying its compliance to selected information security controls
- We are in process of certifying our global data protection and information security management systems to the internationally recognized ISO 27001 and ISO 27701 standards as the way to recognize Falck’s dedication and care towards information we hold.