Legal
GDPR Compliance
Last updated: January 1, 2025
Our Commitment to GDPR
Sankorra is committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We respect the privacy rights of individuals and have implemented comprehensive measures to protect personal data.
This page provides information about how we comply with GDPR requirements and the rights available to individuals in the European Economic Area (EEA) and United Kingdom.
Data Controller vs. Data Processor
Under GDPR, Sankorra acts in two capacities:
- Data Controller: For personal data we collect directly from you (e.g., account registration, website visitors)
- Data Processor: For personal data that our customers (facilities) enter into our platform about their cases and families
Legal Bases for Processing
We process personal data based on the following legal grounds:
Contractual Necessity
Processing necessary to perform our contract with you (e.g., providing the Services, processing payments).
Legitimate Interests
Processing for our legitimate business interests (e.g., improving our services, fraud prevention, security), balanced against your rights.
Legal Obligation
Processing required to comply with applicable laws (e.g., tax requirements, regulatory compliance).
Consent
Where you have given explicit consent (e.g., marketing communications, optional cookies).
Your Rights Under GDPR
As an individual in the EEA or UK, you have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data in certain circumstances.
Right to Restrict Processing
Request that we limit how we use your data.
Right to Data Portability
Receive your data in a structured, commonly used format.
Right to Object
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent
Withdraw previously given consent at any time.
International Data Transfers
Sankorra is based in the United States. When we transfer personal data from the EEA or UK to the US or other countries, we implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with our service providers
- Technical and organizational security measures
Data Protection Officer
Sankorra has appointed a Data Protection Officer (DPO) to oversee our compliance with data protection laws. You can contact our DPO at:
Exercising Your Rights
To exercise any of your GDPR rights, please contact us at privacy@sankorra.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
For Our Customers (Facilities)
If you are a Sankorra customer processing personal data of EU/UK individuals through our platform, we offer:
- A comprehensive Data Processing Agreement (DPA)
- Standard Contractual Clauses for international transfers
- Technical documentation for your compliance records
- Tools to help you respond to data subject requests
Contact your account manager or email compliance@sankorra.com to request these documents.
Related Policies
For more information about how we handle personal data, please also review: