When collecting, using and sharing such information, we are guided by the respect to the individual rights and freedoms, compliance with the data protection laws such as the EU General Data Protection Regulation (GDPR) and U.S. Health Insurance Portability and Accountability Act (HIPAA), and implementation of the recognized information security standards.
What you can expect from us
We believe it is important to think about data protection beyond legal requirements. At Falck, we care about people, and such a standard of care extends to their personal data.
We believe that by being open and transparent about what we do and by following rules, we improve the services for the individuals. Whenever we process personal data, our customers, clients and employees can expect us to responsibly follow these key rules:
- We use the information we collect only in accordance with the law
- We clearly explain why and how we collect, use and share personal data and follow these promises in practice
- We do not collect more personal data than necessary to meet a specific business need or a legal requirement and do not keep it longer than necessary to e.g. provide a service
- We ensure that personal data we hold is not outdated or incorrect, and provide individuals with the necessary means to verify it
- We ensure that security controls, such as encryption, are in place to protect personal data from malicious third-parties
- We take responsibility for how we handle personal data and cooperate with our business partners and authorities in good faith
To ensure that these principles are embedded in all our activities, we have put in place Group Data Protection and Information Security Management systems, supported by the global processes and documentation, awareness-raising, training for our employees, internal audits and continuous improvement.
What we expect from our suppliers
All suppliers and individual consultants doing business with Falck are expected to follow the same high standards as we set for ourselves. This includes, for example:
- Entering into the necessary contractual arrangements, such as a data processing agreement, with Falck
- Ensuring that all international data transfers outside the EU/EEA are based on the GDPR-approved mechanisms, such as Standard Contractual Clauses
- Cooperating with Falck without undue delay and in a good faith in case of security incidents or data breaches
- Complying and, in some instances, being certified to the recognized information security standards, such as ISO 27001
- Being in control of sub-suppliers and ensuring that their practices are compliant with the law
We expect our suppliers to read and follow Group Data Protection Policy (see the link below) and the relevant agreements.
Falck is becoming a more digitalised and data-driven organisation as part of the global developments in digitisation and the use of data, believing in the value of data to improve healthcare services to the benefit of our customers, clients, patients, and society in general. Therefore, Falck has decided to establish certain ethical principles for the use of data, which are set out in Falck's Data Ethics Policy, approved by the Board in 2021.
The term "data" covers data of all types and from all sources, including publicly available data, such as statistical and research data, financial and corporate data, data collected from individuals, and data de-rived from other data.
- Purpose and usage: Human interests prevail over commercial interests. The human being is at the centre and should have the primary benefit of use of data.
- Individual data control: We believe that individuals should have primary control over the usage of their own data.
- Transparency: We strive to be transparent, when we communicate purposes and interests of data usage to the individuals via privacy notices and policies.
- Accountability and governance: Efforts are made to reduce the risks for the individual and to mitigate undesirable social and ethical implications.
A Data Ethics Committee is established comprised of Global Functions and Business Segment representatives serving as an advisory board to local and global management on data ethical manners.