8 How and where do you store or transfer our personal data?

OKKO Health is committed to protecting the security of Personal Data by endeavouring to ensure appropriate technologies and processes are maintained to avoid unauthorised access or disclosure. All Personal Data collected by OKKO Health software products is encrypted to the highest possible degree both when it is stored in our databases and when it is being transmitted. Further details of how we manage and protect your personal data is captured in our Data Security and Data Protection policies.

We have Data Processing Agreements in place with all our third-party service providers which are required to take appropriate security measures to protect your Personal Data in line with our policies. We only allow them to process your Personal Data for specified purposes and in accordance with our instructions.

In the majority of cases, we will store your Personal Data within the UK and/or European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that this storage of Personal Data will be fully protected under the Data Protection Legislation, GDPR, and/or to equivalent standards by law.

Through our use of certain systems, we may also store or transfer some or all of your Personal Data to countries that are not part of the EEA or UK. These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. In all such instances, we ensure safeguards are in place to protect your data including ensuring to enter into Data Processing Agreements with any company or individual processing data on our behalf either as a service or in the provision of a system or ensure such provisions are either written into Terms of Service or a Data Processing Addendum including Standard Contractual Sections where applicable.

Examples of such systems include: