GDPR POLICY

Last Updated : October 1, 2025

This GDPR Policy governs Certify Health’s collection and use (“Processing”) of the Personal Data of persons residing in the European Union and other jurisdictions that have adopted the EU’s Data Protection Regulation (“GDPR”), and is incorporated by reference into Certify Health’s Privacy Policy. 

The capitalized terms that appear in this GDPR Policy have the same meanings as in Certify Health’s Terms of Use and Privacy Policy, unless they are defined in this policy.  The capitalized terms that are defined in this policy have the same meanings as in the GDPR.  Please click here for the text of the GDPR. 

SCOPE OF POLICY
This GDPR Policy protects the Personal Data of residents of countries that have adopted the GDPR (“Data Subjects”) and for which Certify Global Inc. is the data controller with a registered address at: Suite 305, 656 Quince Orchard Rd STE 300, Gaithersburg, MD 20878, United States.
CONSENT TO PROCESSING

Data Subjects who create an Account to use the Services or sign a separate agreement to use the Services will be asked to affirmatively consent to the Processing of their Personal Data and the receipt of electronic communications pursuant to Certify Health’s Privacy Policy.  Data Subjects are not required to provide their consent.  However, if Data Subjects do not consent to the Processing of their Personal Data, they will not be able to use the Services, and if they do not wish to provide certain types of information, their use of the Services may be adversely affected and they may not receive certain communications. 

PURPOSE OF PROCESSING
The purpose of Processing Data Subjects’ Personal Data is to provide the Services set forth on our Website.
LEGAL BASIS FOR PROCESSING

The legal bases for the Processing of Data Subjects’ Personal Data may include one or more of the following: 

  • The Data Subject’s consent, which may be provided when the Data Subject creates an Account to use the Services or opts int marketing content.   
  • Entry into a separate agreement with Certify Health requiring the collection and use of such information. 
  • Certify Health’s legal obligations (other than its contractual obligations to the Data Subject), such as when Certify Health is required to respond to governmental demands for such information. 
  • Certify Health’s legitimate interest in collecting and using such information, such as when we use the Data Subject’s Usage Data to improve the Services or Personal Data to provide communications.  For non-essential technical cookies and similar technologies, the processing is based on consent to the processing of personal data as per Article 6, paragraph 1, letter a) of the GDPR.  
RIGHTS OF DATA SUBJECTS

Data Subjects have the following rights under the GDPR. 

  • The right to be informed about Certify Health’s policies regarding their Personal Data, including with respect to the purposes of Processing the information, the legal basis for the Processing, the recipients of the information, where the Processing of the information takes place, and contacting Certify Health. 
  • The right to access their information. 
  • The right to the correction of their information. 
  • The right to the deletion of their information (i.e., the “right to be forgotten”), including if the information is no longer required for the purpose for which it was collected, if they withdraw their consent for the Processing of their information, if they request the deletion of their information, and if the Processing of the information has been unlawful. 
  • The right to restrict the Processing of their information, including if they contest the accuracy of the information or if the Processing of the information is unlawful. 
  • The right to receive a copy of the information that they provided to Certify Health in a structured, commonly used, and machine-readable format and to transmit the information to another entity. 
  • The right to object to the Processing of their information, including if the legal bases for the Processing no longer apply, or if the information is used for direct marketing purposes or profiling related to direct marketing purposes. 
  • The right not to be subject to decisions based solely on automated decision-making processes. 

To exercise any of these rights, Data Subjects may contact Certify Health as provided below. 

DATA PROCESSING JURISDICTION

Certify Health may process Data Subjects’ Personal Data or use third-party Data Processors to process such information.  Certify Health operates internationally, and such information may be processed in the United Sates or the European Union.  Certify Health’s servers are located in the United Sates, and the servers of third-party Data Processors may be located in the United States or the European Union.

DATA TRANSFERS

If your personal information is subject to data protection laws in EEA and EU member states, or the UK, Switzerland, or some other European countries, it may be transferred outside of the relevant jurisdiction based on one or more of the following legal mechanisms:  

  • Relevant authorities have decided that your personal information will be protected adequately once it is transferred.  
  • We, our client, or a third-party partner or service provider have signed contractual clauses with the recipient of personal information that relevant authorities have deemed to ensure adequate protection of personal information 
  • We, our client, or a third-party partner or service provider has binding corporate rules within their corporate group that relevant authorities have deemed to ensure adequate protection of personal information 
  • You have provided your consent for us to transfer data to allow us to carry out services for you or on behalf of a client 
COMMUNICATIONS

Questions, complaints, and other communications regarding any aspect of this GDPR Policy should be addressed to Certify Health at info@certifyhealth.com. 

Data Subjects who wish to direct their questions, complaints, or other communications to the person at Certify Health who monitors compliance with the GDPR (“Data Protection Officer”), including with regard to all issues related to the Processing of their Personal Data and the exercise of their rights under the GDPR, should contact Certify Health atinfo@certifyhealth.com.  Data Subjects who are not satisfied with the Data Protection Officer’s responses and who wish to obtain the contact information of the entity authorized to act on Certify Health’s behalf in the European Union (“Representative”), or the entities responsible for overseeing compliance with the GDPR in the countries where Certify Health provides the Services (“Supervisory Authority”), should also contact Certify Health atinfo@certifyhealth.com. 

Schedule a free demo

Eliminate Check-In Delays | Prevent Claim Denials | Simplify Patient Workflows
Please enable JavaScript in your browser to complete this form.
Name