GDPR Compliance
At Sigma RCM, we prioritize the protection of personal data in
compliance with the General Data Protection Regulation (GDPR). Our GDPR
compliance framework ensures that all personal data handled by us is processed
with the highest standards of security and confidentiality. Below is an
overview of our GDPR compliance policy:
Data Protection Principles
Sigma RCM adheres to the following data protection principles as outlined in the GDPR:
Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data Minimization: Personal data collection is limited to what is necessary for the purposes for which it is processed.
Accuracy: Personal data is kept accurate and, where necessary, up to date.
Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the data is processed.
Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Data Subject Rights
Sigma RCM respects and facilitates the rights of data subjects as provided under the GDPR, including:
Right to Access: Data subjects have the right to access their personal data and obtain information about how it is being processed.
Right to Rectification: Data subjects can request the correction of inaccurate personal data.
Right to Erasure: Data subjects can request the deletion of their personal data under certain conditions.
Right to Restrict Processing: Data subjects can request the restriction of processing of their personal data under certain conditions.
Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to Object: Data subjects can object to the processing of their personal data under certain conditions.
Rights Related to Automated Decision Making and Profiling: Data subjects have rights related to automated decision making, including profiling.
Legal Basis for Processing
Sigma RCM processes personal data based on one or more of the following legal bases:
Consent: Where data subjects have given clear consent for the processing of their personal data for a specific purpose.
Contractual Necessity: Where processing is necessary for the performance of a contract with the data subject.
Legal Obligation: Where processing is necessary to comply with a legal obligation.
Legitimate Interests: Where processing is necessary for the purposes of legitimate interests pursued by Sigma RCM or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Data Security
Sigma RCM implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption and Pseudonymization:
Where appropriate, personal data is encrypted or pseudonymized.
Access Controls: Access to personal data is restricted to authorized personnel only.
Data Integrity: Measures are in place to protect personal data from unauthorized alteration or destruction.
Incident Response: Procedures are in place to detect, report, and investigate data breaches promptly.
Data Transfers
Sigma RCM ensures that any transfer of personal data outside the European Economic Area (EEA) is conducted in compliance with GDPR requirements, using approved mechanisms such as Standard Contractual Clauses (SCCs) or obtaining explicit consent from the data subject.
Data Protection Officer
Sigma RCM has appointed a Data Protection Officer (DPO) responsible for overseeing our GDPR compliance and data protection strategies. The DPO can be contacted at compliacneofficer@sigmarcm.com
Training and Awareness
All employees and contractors at Sigma RCM undergo regular training on GDPR requirements and data protection best practices to ensure compliance and awareness across the organization.
Continuous Improvement Sigma RCM is committed to continuously reviewing and improving our GDPR compliance framework. Regular audits and assessments are conducted to ensure ongoing adherence to GDPR requirements.
Contact Us
For any questions or concerns regarding our GDPR compliance
policy, please contact our Data Protection Officer at compliance@sigmarcm.com