Network Compliance
The type and amount of personal data you may process depends on the reason you are processing it (legal reason used) and what you want to do with it. The BlueCloudX Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR). BlueCloudX also follows the Standard Contractual Clauses and the EU-U.S. Data Privacy Framework (EU-US DPF), the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and to the rights of EU and UK individuals and Swiss individuals.
The BlueCloudX Network respects the privacy of its members and has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using appropriate state-of-the-art technology.
Purpose Limitation
The BlueCloudX Network does not process personal data, and only stores personal data for specified, explicit, and legitimate purposes. The BlueCloudX Network does not use personal data for purposes that are not compatible with the original purpose for which the data is stored. Members own their own personal data and have the power to use the BlueCloudX Network tools to allow private and shareable access with third parties (e.g. pharmaceutical companies, hospitals, medical groups) to view personal limited data sets (e.g. CVs, medical licenses, required training certificates). When sharing their personal data, Members are required to indicate when, where, and how the data is shared as well as the purpose of the data sharing with third parties.
Data Minimization
The BlueCloudX Network limits the amount of personal data that it keeps to the minimum necessary.
Accuracy & Accessibility
The personal data of a BlueCloudX Network member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date. The BlueCloudX Network provides its members with tools to help the members correct personal data and keep it up to date. Member has access 24/7 to personal information about them that an organization holds and may correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
Storage Limitation
Any personal data held by the BlueCloudX Network will be purged or kept in a form which permits identification of personal data subjects no longer than necessary for the purposes for which it was collected.
Removal of Data
The BlueCloudX Network has processes in place to allow the removal of personal data from the BlueCloudX Network subject to limitations that may be imposed by applicable laws, regulations, or other requirements. Examples include regulations that may require personal data to be retained for human subject research, such as documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.
Breach of Personal Data
In the unlikely event a member’s personal data is stolen or illegally accessed, the BlueCloudX Network will notify the appropriate authorities within 72 hours and will communicate the personal data breach to the affected data subjects without undue delay.
Consent to Process Personal Data
The BlueCloudX Network does not directly process personal data; it provides a place for members to store personal data and allows members and organizations the right to use BlueCloudX Networking tools for business, compliance, and other purposes. Before a member can store personal data, BlueCloudX Network requires members to provide consent for BlueCloudX Network to store their data.
Opt-Out / Choice
BlueCloudX will provide member the choice to opt-out or opt-in for sensitive data, before a member’s data can be shared with third parties other than agents of BlueCloudX, or before it is used for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to:
[email protected]
Office: 512-302-3113
Compliance
The BlueCloudX Network complies with applicable laws and regulations, including but not limited to, the EU General Data Protection Regulation (GDPR). BlueCloudX also follows the Standard Contractual Clauses, the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Programs.
Data Importer
BlueCloudX (the Data Importer) is a global technology private secure network that provides management systems to healthcare professionals and business organizations to connect, centralize and share required information.
Data Importer
- BlueCloud (the Data Importer) is a global technology private secure network that provides management systems to healthcare professionals and business organizations to connect, centralize and share required information.
- Data Subjects
- The Personal Data transferred concerns the following categories of Data Subjects: Healthcare professionals.
- Categories of Data
- The Personal Data transferred includes the following categories of data: First name, last name, address, phone number, mobile number, email address, professional title and preferences.
- Special Categories of Data (if applicable)
- Not applicable as Personal data not transferred out of BlueCloud.
- Data Transfer Processing Operations
- Personal Data is transferred via technical upload through the cloud process (e.g. web browser, FTP) to the BlueCloud as follows: Healthcare professionals set up their own private personal accounts, upload professional, experience and training records then opt-in to connect and share information with affiliated BlueCloud organizations for business and compliance purposes.
Data Privacy Framework Compliance
BlueCloudX complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. BlueCloudX has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. BlueCloudX has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data Privacy Framework Website.
In compliance with the Data Privacy Framework Principles, BlueCloudX commits to resolve complaints free of charge about its collection or use of member personal information. Individuals, including those from the European Union and Switzerland, with inquiries or complaints regarding our Data Privacy Framework policy should first contact BlueCloudX as follows:
Sheri Campbell Midkiff – COO
Office 512-302-3113
In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, BlueCloudX commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and as applicable, the UK Information Commissioner’s Office (ICO) (and the Gibraltar Regulatory Authority (GRA))and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. You may also refer to Data Privacy Framework Program FAQs for UK Information Commissioner’s Office additional information.
BlueCloudX is required to abide by the following:
- Subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the U.S. Department of Transportation or any other U.S. authorized statutory body.
- The possibility, under certain conditions, for the individual to invoke binding arbitration.
- Disclose personal information in response to lawful requests by public authorities, including requests to comply with national security or law enforcement requirements.
- For liability in cases of onward transfers to third parties.
Updated: 5/15/2025