GDPR Compliance

Last updated: December 2024

Our Commitment to GDPR

My Business Care Team ("MyBCAT") is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

Data Controller Information

My Business Care Team acts as a data controller for personal information collected through our website and marketing activities. For processing related to our client services, we act as a data processor on behalf of our healthcare clients.

Contact:
Email: gdpr@mybcat.com
Website: mybcat.com

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: For marketing communications and non-essential cookies
  • Contract: To provide services requested by you
  • Legitimate Interest: To improve our services and ensure security
  • Legal Obligation: To comply with applicable laws

Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

Right to Object

You have the right to object to processing of your personal data for direct marketing or based on legitimate interests.

Right to Withdraw Consent

Where we rely on consent, you have the right to withdraw it at any time.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods:

  • Marketing contact data: Until consent is withdrawn
  • Client service data: Duration of contract plus 7 years
  • Website analytics: 26 months

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with our service providers
  • Technical and organizational security measures

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Staff training on data protection

Data Protection Officer

For questions about this policy or to exercise your GDPR rights, please contact us at:

Email: gdpr@mybcat.com
Subject: GDPR Request

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

Changes to This Notice

We may update this GDPR compliance notice from time to time. We will notify you of any material changes by posting the updated notice on our website.