General Data Protection Regulation




This document outlines how Mahiri-Telehealth Limited (“Mahiri-Telehealth”) complies with the European Union General Data Protection Regulation (“GDPR”).


Mahiri-Telehealth’s data protection project (the “Project”) is designed to safeguard Personal Data according to the GDPR requirements.  In particular, this document describes the elements pursuant to which Mahiri-Telehealth intends to ensure the security and confidentiality of Personal Data, (ii) protect against any anticipated threats or hazards to the security of Personal Data, and (iii) protect against the unauthorised access or use of Personal Data in ways that could result in substantial harm to Mahiri-Telehealth’ customers and their respective clients.


Scope of the Project


This applies to personal data (as defined by the GDPR) that is accessed or received by Mahiri-Telehealth acting as a data processor on behalf of its customers (data controllers) in connection with providing the contracted services (“Personal Data”).


Official GDPR Compliance Statement


Mahiri-Telehealth currently processes Personal Data lawfully in accordance with the Data Protection Directive.  With respect to the GDPR, which will apply from 25 May 2018, we are now compliant.


Appointment of a Data Protection Officer


Mahiri-Telehealth’ Data Protection Officer (“DPO”) is responsible for coordinating and overseeing the Project. The DPO may designate other representatives of Mahiri-Telehealth to oversee and coordinate elements of the Project.


Privacy Impact Assessment


Mahiri-Telehealth identifies and assesses external and internal risks to the security, confidentiality, and integrity of the Personal Data that could result in the unauthorised disclosure, misuse, alteration, destruction or other compromise of such information.  The DPO will, on a regular basis, implement safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards.


Overseeing Sub-Processors of Personal Data


The DPO coordinates with those responsible for the sub-processors related activities to raise awareness of, and to institute methods for selecting sub-processors that are capable of maintaining appropriate safeguards for Personal Data. In addition, the DPO works with Mahiri-Telehealth’ legal team to develop and incorporate standard contractual protections applicable to sub-processors, which will require such providers to implement and maintain appropriate data protection safeguards.  The DPO can provide evidence on these agreements upon request.


Data Hosting Services


Generally, Mahiri-Telehealth utilises data hosting services provided by CustomPublish AS (“CustomPublish”), and access is controlled by CustomPublish according to its data protection policies and procedures. You can read further details on CustomPublish’ GDPR compliance


Protecting Access to Data


Mahiri-Telehealth has in place a management system that allows controlled access to its computing resources and data owned or controlled by Mahiri-Telehealth.  Mahiri-Telehealth  enforces information security controls,  data classification policies and authorisation mechanisms that specifies the level of access for a user, a process, or a system.   Mahiri-Telehealth  has also established the requirements for ensuring authorised use of its computing resources via proper user identification and password authentication.


Data Retention


Mahiri-Telehealth retains and destroys as necessary the records received or created in the transaction of its business in accordance with regulatory requirements and contractual agreements.   Mahiri-Telehealth actively applies a data retention policy to all systems.




Mahiri-Telehealth’ encrypts all personal data at rest and in-transit when it acts as the data processor or controller.


Data Breach Notification


Mahiri-Telehealth has developed and implemented a data breach response plan designed to provide guidance to employees and contractors on how to report suspected data breaches. Upon becoming aware of an issue involving Personal Data, employees and contractors must report the issue immediately to the DPO.   These steps include performing a risk analysis of each suspected data breach to determine whether the event requires notification under the GDPR.


Training and Education


The Project policies and procedures are communicated to all employees and contractors either directly on hire or annually as part of formal Quality and Information Security Training. Significant changes to policy and legislation including GDPR are delivered via special training sessions to the entire organisation.  A record of this is held centrally by the DPO.  Further, employees and contractors are bound by confidentiality provisions written into all contracts both permanent and temporary.


Contacting Us


If you have any additional questions or need assistance, please contact our DPO,  For more information on Terms of UsePrivacy Policy and Cookies.