SonoAssist - Best Real-Time Virtual Assistant for Ultrasound Reporting Logo | Live Medical Transcription Service

GDPR Compliance

Committed to Protecting Your Data Rights

Last updated: October 29, 2025

Our GDPR Commitment

Full compliance with European data protection laws

SonoAssist is committed to full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines our GDPR compliance measures and your rights.

1. What is GDPR?

Understanding the regulation

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.

2. Our GDPR Compliance Framework

Data protection principles we follow

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and transparently

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes

Data Minimization

We collect only data that is adequate, relevant, and necessary

Accuracy

Personal data is kept accurate and up-to-date

Storage Limitation

Data is kept for no longer than necessary

Security

Appropriate technical and organizational measures protect data

3. Your Rights Under GDPR

Control over your personal data

Right to Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.

  • Request copies of your personal data
  • Information about processing purposes
  • Details about data retention periods

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

  • Correct inaccurate information
  • Complete incomplete data
  • Update outdated information

Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances.

  • Data no longer necessary
  • Withdrawal of consent
  • Unlawful processing

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

  • Export your data
  • Transfer to another service
  • Machine-readable format

4. Lawful Basis for Processing

How we legally process your data

1

Consent

You have given clear consent for processing your personal data for specific purposes.

2

Contract Performance

Processing is necessary for the performance of a contract with you.

3

Legal Obligation

Processing is necessary for compliance with legal obligations.

4

Legitimate Interests

Processing is necessary for our legitimate interests, balanced against your rights.

5. Data Security Measures

How we protect your personal data

We implement comprehensive security measures to protect your personal data:

Technical Measures

  • End-to-end encryption
  • Secure data transmission (HTTPS/TLS)
  • Encrypted data storage
  • Regular security updates
  • Access controls and authentication

Organizational Measures

  • Staff training on data protection
  • Data protection impact assessments
  • Regular security audits
  • Incident response procedures
  • Data breach notification protocols

6. Data Processing Records

We maintain detailed records of our data processing activities as required by GDPR Article 30:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • Data retention periods
  • Security measures implemented
  • Data transfers to third countries

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct
  • Derogations for specific situations

9. Exercising Your Rights

To exercise your GDPR rights, please contact us using the information below. We will respond to your request within one month.

Required Information:

  • Your full name and contact information
  • Description of the right you wish to exercise
  • Any relevant details to help us locate your data
  • Proof of identity (if required)

10. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Before Filing a Complaint:

We encourage you to contact us first so we can try to resolve any concerns directly.

11. Contact Us

Get in touch with our GDPR team

For any questions about our GDPR compliance or to exercise your rights, please contact us:

hello@sonoassist.pk
+92 317 8417178
Karachi, Pakistan

Full GDPR Compliance Document

Complete text version for detailed review

Read Full GDPR Compliance Document

GDPR Compliance

Last updated: October 29, 2025

SonoAssist is committed to full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page outlines our GDPR compliance measures and your rights.

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.

2. Our GDPR Compliance Framework

Data Protection Principles

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only data that is adequate, relevant, and necessary
  • Accuracy: Personal data is kept accurate and up-to-date
  • Storage Limitation: Data is kept for no longer than necessary
  • Security: Appropriate technical and organizational measures protect data

3. Your Rights Under GDPR

Right to Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.

  • Request copies of your personal data
  • Information about processing purposes
  • Details about data retention periods

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

  • Correct inaccurate information
  • Complete incomplete data
  • Update outdated information

Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances.

  • Data no longer necessary
  • Withdrawal of consent
  • Unlawful processing

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

  • Export your data
  • Transfer to another service
  • Machine-readable format

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

  1. Consent: You have given clear consent for processing your personal data for specific purposes.
  2. Contract Performance: Processing is necessary for the performance of a contract with you.
  3. Legal Obligation: Processing is necessary for compliance with legal obligations.
  4. Legitimate Interests: Processing is necessary for our legitimate interests, balanced against your rights.

5. Data Security Measures

We implement comprehensive security measures to protect your personal data:

Technical Measures

  • End-to-end encryption
  • Secure data transmission (HTTPS/TLS)
  • Encrypted data storage
  • Regular security updates
  • Access controls and authentication

Organizational Measures

  • Staff training on data protection
  • Data protection impact assessments
  • Regular security audits
  • Incident response procedures
  • Data breach notification protocols

6. Data Processing Records

We maintain detailed records of our data processing activities as required by GDPR Article 30:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • Data retention periods
  • Security measures implemented
  • Data transfers to third countries

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance and handle data protection matters.

Contact Our DPO:

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct
  • Derogations for specific situations

9. Exercising Your Rights

To exercise your GDPR rights, please contact us using the information below. We will respond to your request within one month.

Required Information:

When making a request, please provide:

  • Your full name and contact information
  • Description of the right you wish to exercise
  • Any relevant details to help us locate your data
  • Proof of identity (if required)

10. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Before Filing a Complaint:

We encourage you to contact us first so we can try to resolve any concerns directly. You can reach us at hello@sonoassist.pk or +92 317 8417178.

11. Contact Us

For any questions about our GDPR compliance or to exercise your rights, please contact us: