Skip to main content

Security

GDPR

At Viggotech, data privacy isn’t a checkbox—it’s embedded in our culture. We’ve always prioritized protecting customer data beyond what regulations require, and the GDPR has only strengthened that resolve. Our goal is simple: collect only what’s essential, process it transparently, and give you full control.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a landmark privacy law enacted by the European Union, effective from May 25, 2018. It grants EU residents enhanced rights over their personal data and enforces strict rules on how organizations collect, store, and use that data. GDPR applies to any company processing EU residents’ data—regardless of where the company is based.

At Viggotech, we’ve chosen to uphold GDPR standards globally—not just for our European customers.

What is Personal Data?

Under the GDPR, personal data refers to any information related to an identified or identifiable natural person. This includes:

  • Names, email addresses, physical addresses
  • IP addresses, device IDs
  • Financial and health data
  • Biometric identifiers
  • Demographic data such as ethnicity or sexual orientation

How Viggotech Ensures GDPR Compliance

We’ve undertaken comprehensive actions across teams, products, and operations to meet and exceed GDPR obligations:

Organizational Training & Awareness

  • Employees trained on data privacy and GDPR handling standards
  • Cross-department awareness sessions to embed a privacy-first mindset

Product-by-Product GDPR Review

  • Each Viggotech platform and product has been audited and updated with GDPR-aligned features
  • Enhanced data export, deletion, consent tracking, and user control modules

Product Areas Covered Include:

  • viggoVet, viggoVetAI, viggoMedAI, viggoFinAI
  • viggoVetX, Veterinary Hub
  • And all supporting services and modules in the Viggotech ecosystem

Information Asset Register (IAR)

  • Documents all types of personal data handled across departments
  • Tracks data flow, controller/processor roles, and storage purposes

Third-Party Vendor Review

  • Contracts updated to reflect data protection expectations
  • Subprocessors assessed for GDPR readiness and security practices

Appointed Data Protection Roles

  • A Data Protection Officer (DPO) is in place
  • Internal Privacy Champions designated across teams

Privacy by Design & Control Enhancements

  • Privacy built into every new feature or service
  • Data minimization, granular permissions, audit trails, retention policies

Updated Data Processing Addendum (DPA)

  • Based on the EU Standard Contractual Clauses (SCCs)
  • Available upon request for customers and administrators at legal@viggotech.io

DPIAs (Data Protection Impact Assessments)

  • Conducted regularly for high-risk processing activities
  • Mitigations implemented based on assessment findings

Internal Audits & Risk Analysis

  • Periodic internal reviews of systems, processes, and security practices
  • Identified issues are tracked, addressed, and re-audited

Security Enhancements

  • Data encryption at rest and in transit
  • Role-based access control, strong authentication mechanisms
  • In-house monitoring and incident detection tools

Data Retention & Cleanup

  • Dormant and inactive accounts periodically removed
  • Retention policies aligned with GDPR’s storage limitation principle

Breach Notification Process

  • Customers will be informed of any confirmed data breach within 72 hours
  • Incident-specific and general updates will be shared via email, blog, or platform

Privacy Policy Updates

  • Our Privacy Policy is regularly revised to reflect new laws and actual practices
  • It now includes full transparency on data inventory, flows, and usage rationale

For questions or to request a signed DPA, contact: legal@viggotech.io

You can always review our Privacy Policy or reach out to our Data Protection Officer at legal@viggotech.io for GDPR-related inquiries.