GDPR Compliance Policy for Nordic American Physicians Association
Introduction
This policy outlines how the Nordic American Physicians Association handles personal data in accordance with the General Data Protection Regulation (GDPR). We value the privacy of our members and are committed to ensuring that all processing of personal data is conducted lawfully, fairly, and transparently.
Responsibility
The Nordic American Physicians Association is the data controller for the personal data processed. This means we are responsible for ensuring that all personal data handling complies with GDPR.
Purpose and Legal Basis for Processing Personal Data
We collect and process personal data only for specific and legitimate purposes:
-
Administration of Membership and Membership Wait-list
-
Personal data: Name, email address, country of origin/residence, and current career stage (e.g., medical student, resident, attending physician).
-
Purpose: To maintain an accurate membership registry, provide tailored career guidance, and share relevant opportunities based on the member's professional level and geographic background.
-
Legal basis: Fulfillment of a contract (membership agreement) and legitimate interest (providing personalized professional development).
-
Data Protection Principles
We adhere to the following principles when handling personal data.
-
Lawfulness, Fairness, and Transparency
-
We ensure that the processing of personal data complies with GDPR and clearly inform members about how their data is used.
-
-
Purpose Limitation
-
We only collect personal data for specific and legitimate purposes, such as membership administratio
-
-
Data Minimization
-
We collect only the personal data necessary to achieve the stated purpose
-
-
Accuracy
-
We ensure that personal data is accurate and up to date. Members may request updates to their data at any time.
-
-
Storage Limitation
-
We delete personal data when it is no longer needed for the purposes it was collected. For example, data is deleted when a person terminates their membership.
-
-
Integrity and Confidentiality
-
We protect personal data with appropriate technical and organizational measures to prevent unauthorized access, loss, or destruction.
-
How We Collect Personal Data
Personal data is collected via Google Forms when an individual applies for membership. At the point of collection, the individual is informed about:
-
What data is collected
-
The purpose of the processing
-
The legal basis for the processing
-
Their rights to access, rectify, or delete their data
Storage and Access
-
Membership data is stored securely in a Google Drive account, accessible only to authorized individuals within the association.
-
We regularly review security settings to ensure data is protected.
Deletion of Personal Data
-
Membership data is promptly deleted when membership ends or upon the member’s request unless we are legally required to retain the data.
Members' Rights
Members have the right to:
-
Access their personal data and receive a copy of it
-
Request the correction of inaccurate or incomplete data
-
Request the deletion of their personal data
-
Object to the processing of their personal data
-
Receive information about how their data is processed
To exercise these rights, members can contact us at contact@napaofficial.org.
Incident Management
In the event of a data breach (e.g., unauthorized access to personal data), we will:
-
Report the incident to the Data Protection Authority within 72 hours if there is a risk to the rights and freedoms of the affected individuals.
-
Inform the affected individuals about the incident, if necessary.
Documentation and Compliance
-
We document our personal data processing activities to demonstrate compliance with GDPR.
-
This policy is updated as needed to ensure it remains current and aligned with applicable legislation.
Contact
If you have any questions about this policy or how we handle personal data, please contact us at:
-
Email: contact@napaofficial.org
This GDPR policy was adopted by the Nordic American Physicians Association on 28th January 2025