The General Data Protection Regulation (GDPR) categorizes companies that handle personal data into two categories:

1) Controllers: These companies collect data directly from the data subjects

• Controllers are responsible for obtaining permission from their patients to collect data
• Controllers are responsible for ensuring data was collected with consent 
• Controllers are responsible for correcting data and deleting data upon request of the data subject
  • Tricefy provides controls for clinics to easily correct and delete their data as needed

2) Processors: These companies store, maintain, and process data on behalf of the Controller

• Trice Imaging (Tricefy) is a processor
• The type of processing Tricefy performs varies depending on the needs of each specific customer; they are defined in the business agreement. The most common forms of processing include:
  • Secure cloud storage and archiving 
    • Learn more at our security page: www.triceimaging.com/security
  • Anonymization (removal of identifiable information)
  • Patient sharing/links
  • Downloading (as DICOM or as user-friendly formats, such as .jpg)
  • Routing to external systems

Sub-Processors

Trice Imaging cannot do everything alone - we rely on carefully selected companies. These companies are known as sub-processors. Tricefy and Trice Imaging may use the following Sub-processors to deliver the Services to you:

Working with Sub-Processors

Trice Imaging has a Data Processing Agreement with each of our sub-processors, just like we have an agreement with every Controller. 

In the event of a data breach, our sub-processors are required to notify us without undue delay so that we can inform our customers. By selecting to work with only companies that support GDPR with their high security standards, your data will always be treated with the best care.