Processors and Sub-Processors

The General Data Protection Regulation (GDPR) categorizes companies that handle personal data into two categories:

1) Controllers: These companies collect data directly from the data subjects

  • Controllers are responsible for obtaining permission from their patients to collect data
  • Controllers are responsible for ensuring data was collected with consent 
  • Controllers are responsible for correcting data and deleting data upon request of the data subject
    • Tricefy provides controls for clinics to easily correct and delete their data as needed

 Learn more at www.tricefy.help/help/correctdata

2) Processors: These companies store, maintain, and process data on behalf of the Controller

  • Trice Imaging is a processor
  • The type of processing Trice performs varies depending on the needs of each specific customer; they are defined in the business agreement. The most common forms of processing include:

Trice Imaging cannot do everything alone - we rely on carefully selected companies.  These companies are known as sub-processors.

Sub-Processors

The following companies are used by Trice Imaging in the handling of personal data. They have been selected based on their qualifications and are subjected to annual review.  

Amazon Web Services (AWS)

  • AWS hosts the Tricefy Cloud and is known for their variety of security compliance standards (ISO 27001, ISO 9001, HIPAA...just to name a few)
  • AWS is ready for GDPR

 https://aws.amazon.com/compliance/gdpr-center/

Twilio

  • Twilio is the service used to send patient links via text message
  • Twilio is ISO 27001, Privacy Shield, and SOC2 certified
  • Twilio is ready for GDPR

 https://www.twilio.com/gdpr

Postmark

  • Postmark is the service used to send patient links via email
  • Postmark is Privacy Shield certified
  • Postmark is ready for GDPR

 https://postmarkapp.com/eu-privacy

Sentry

  • Sentry provides error tracking so that we can quickly identify and fix issues
  • Sentry is HIPAA and Privacy Shield certified
  • Sentry is ready for GDPR

 https://blog.sentry.io/2018/03/14/gdpr-sentry-and-you

Loggly (Solarwinds)

  • Loggly provides log management 
  • Loggly is GDPR ready 

 https://www.solarwinds.com/general-data-protection-regulation-cloud

Working with Sub-Processors

Trice Imaging has a Data Processing Agreement with each of our sub-processors, just like we have an agreement with every Controller. 

In the event of a data breach, our sub-processors will contact us immediately so that we can inform our customers.  By selecting to work with only companies that support GDPR with their high security standards, your data will always be treated with the best care.

Additional Sub-Processors

Trice Imaging also works with companies that have access to our customer data, such as clinic locations, email addresses and phone numbers. We handle this data with the same respect as patient data.  These sub-processors include:

Salesforce

  • Salesforce is where we track and store our customer data so that we know how to reach our customers
  • Salesforce is GDPR ready

 https://www.salesforce.com/eu/campaign/gdpr/

Zendesk

  • Zendesk is our support ticketing platform that allows us to help our customers
  • Trice Imaging policy prohibits entering patient data into tickets
  • Zendesk is ready for GDPR

 https://www.zendesk.com/blog/zendesk-eu-data-protection/

Mailchimp

  • Mailchimp allows us to send bulk email communications to our customers
  • Mailchimp is GDPR ready

 https://kb.mailchimp.com