Data Processing Agreement

Between Healper (Data Controller) and Therapists (Data Processor)

Definitions and Interpretation

Data Controller, Data Processor, Data Subject, Personal Data, Processing, and other terms shall have the meanings ascribed to them in the European Commission's General Data Protection Regulation (GDPR).

Purpose and Duration

The purpose of processing is to provide mental health services facilitated by Healper. The duration corresponds to the period of service provision or as required by law.

Nature and Purpose of Processing:

The Data Processor will process personal data as necessary to provide therapy services, including but not limited to personal identifiers, health information, and appointment details.

Data Controller Responsibilities

The Data Controller is responsible for ensuring that the processing of personal data under this agreement is in accordance with GDPR.

Data Processor Responsibilities

  • Process personal data only on documented instructions from the Data Controller.

  • Ensure the confidentiality of personal data processed.

  • Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

  • Assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR.

Data Subject Rights

The Data Processor shall at no additional cost take appropriate measures to assist the Data Controller in facilitating the exercise of data subject rights under the GDPR.

Data Transfer

Personal data shall not be transferred to a third country - (a country which is not part of the EU/EEA) or an international organization unless required by EU or member state law, or subject to prior specific authorization of the Data Controller.

Subprocessing

It is the Data Controller's intention that the Data Processor can perform most or all of the data processing using the systems that the Data Controller makes available on its platform.

If the Data Processor needs to process data on other systems that involve a sub-processor or otherwise require the engagement of a sub-processor, the Data Processor must obtain prior consent from the Data Controller.

This acceptance is obtained by contacting and getting a written accept from support@healper.dk specifying the subprocessor. The specification must include: Category of personal data, Personal data being processed, The purpose of the processing, Legal basis for the processing of personal data, and elaboration thereof: Categories of data subjects, Disclosure of personal data, Category of recipients, Country of receipt, Transfer to third countries/international organizations, Documentation of appropriate safeguards for the transfer of personal data to third countries, Expected deadlines for the deletion of the personal data, Access to personal data. Data Breach Notification:

The Data Processor Notify the Data Controller without undue delay upon becoming aware of a personal data breach.

Audit and Inspection

The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this agreement and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.

Termination

On termination of data processing services, the Data Processor shall, at the choice of the Data Controller, delete or return all personal data to the Data Controller and delete existing copies unless EU or member state law requires storage of the personal data.

This agreement is subject to the laws of Denmark and has been entered into by accepting The Terms and Condition of Healper.