In focus: Data Security

Contents

General Data Protection Regulation (GDPR) is a tricky topic, especially when you don’t deal with it daily. On this page, we provide you with information about data security, GDPR and your Animana account.

Animana and data security

This page relates only to data security concerning Animana. For security measures at a local or practice level, such as the use of virus scanners, logging out users, automatic shutdown of your computer, or additional corporate security, we advise you to contact your IT administrator.

Data security is a shared responsibility between you as a user and IDEXX as your software provider. On our side, we do everything possible to keep your data safe; however, you – as the data processor – are ultimately responsible for your data.

In addition to Animana’s security features and our constant monitoring of security risks, we also provide you with tools and resources to reduce the risks of a data-related incident related to your Animana account.

Frequently asked questions

What is the GDPR?

The GDPR is an EU privacy regulation that provides higher levels of protection for EU citizen data.

When did the GDPR go into effect?

GDPR took came into effect on the 25th of May 2018. From this date, the same privacy laws apply across the European Union (EU).

Who does the GDPR apply to?

The GDPR has a very far-reaching scope. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The regulation also applies in Switzerland, Norway, Iceland, and Liechtenstein, and will continue to apply in the UK post-Brexit.

What are the penalties for failing to comply with the GDPR?

Organisations can be fined up to 4% of annual global turnover or €20 million for serious GDPR breaches.

What are IDEXX doing to comply with the GDPR?

IDEXX considers the proper processing of personal data essential to fulfilling our Purpose and Guiding Principles. Our efforts to meet and exceed GDPR include; investing in cyber security, reviewing privacy policies, and assessing customer and partner relationships involving the sharing of personal data. This assessment includes determining where a more formal confirmation of our respective data protection commitments is required through a Data Protection Agreement (DPA).

What is the difference between a data controller and a data processor?

A data controller determines the purposes and means of processing personal data. A data processor simply processes any data that the data controller gives them.

Animana practices will typically be the data controller and IDEXX is the data processor.

May Animana release my data to third parties?

As a company, just like you, we have to deal with the GDPR. We make every effort, both in the Animana platform and in our data transfer procedures, to ensure that your data is handled securely. The GDPR stipulates who may request data and who is the responsible data processor. Only the responsible data processor may (order a) transfer data to an applicant and then only in a limited number of circumstances.

In the case of Animana, we are not a responsible data processor for the purposes of the GDPR; this means that we may never disclose data to an applicant on our own and without your consent. The responsible data processor is you as the practice; we only process data on your behalf. Requests from clients, insurance companies and disciplinary boards will always go through the responsible data processor. It sometimes happens that people contact us with such a request. We always refer these back to the practice. This also applies to viewing changes that can only go through you.

The only exception to this is the judicial or executive authorities, e.g. the police, tax authorities or the Ministry of Agriculture. A request from such parties must then always, without exception, go through a court or enforcement order. If we receive such a request for data from an Animana account, we forward this order to our legal department, which assesses whether the requesting party is authorised to issue a subpoena for the requested data. If the application is legally correct, we are obliged to transfer the data. We will always refuse a direct request without legal or injunctive relief, simply because we are prohibited under the GDPR from sharing personal data for which we are not the responsible data processor.

Does Animana use subcontractors to process personal data from IDEXX Animana's terms of service?

Yes, we use subcontractors as data processors. Our subcontractors and locations can be found on this page.

The IDEXX terms of use can be found on this page.

Where do I find the Data Protection Agreement?

You can find the Data Protection Agreement on this page.

Where do I find the General Terms?

You can find our General Terms and Conditions on this page.