Skip to content
Legal & Policies/GDPR

GDPR

Last updated: June 16, 2025

The GDPR is in place to protect personal information in the ever-increasing digital world that we live in. There are various video summaries available on YouTube to explain how GDPR might affect your practice.

Any company or organization who handles or processes data about individuals associated with goods or services used within the EU must comply with GDPR.

At Progo, the protection of our customers' data, including all client data is paramount. Below, we describe how Progo complies with all seven pillars set out by the GDPR. If you have any questions, please feel free to contact us at contact@canvaspx.com.

Consent

In obtaining consent for data use, companies cannot use indecipherable terms and conditions filled with legalese. It must be as easy to withdraw consent as to give it.

Progo's Terms of Service and Privacy Policy are written in clear English and divided into logical chunks. A practitioner can remove any client at any time, and remove their own account at any time as well.

Breach Notification

In the event of a data breach, data processors have to notify their controllers and customers of any risk within 72 hours.

Progo has a communications infrastructure in place which will let us quickly communicate information in the event of a data breach.

Right to Access

Data subjects have the right to obtain confirmation from the data controller of how their personal data is being processed by the data controller. On demand, the data controller should provide an electronic copy of personal data to data subjects at no charge.

At any time, practitioners can download their client information as easy to use spreadsheets. Further, information on how data is being processed is set forth in the Terms of Service and Privacy Policy referenced above.

Right to be Forgotten

When data is no longer relevant to its original purpose, data subjects can request the data controller to erase their personal data and cease its dissemination.

  • If you are a healthcare practitioner, you can remove any patient at any time, as well as remove your own Progo account.
  • If you are a patient, you can request that your healthcare practitioner remove your data from their Progo account.

Data Portability

Allow individuals to obtain and reuse their personal data for their own purposes by transferring it across different IT environments.

A practitioner can quickly export all of a client's data for re-use in other applications.

Privacy by Design

Inclusion of data protection from the onset of the system's design, with the implementation of appropriate technical and infrastructural measures.

Progo is tested regularly for various security vulnerabilities, both during development, where static analysis algorithms check code before it is checked into our continuous integration pipeline, and on our production systems, where weekly scans are conducted for (among others) OWASP-10 vulnerabilities.

Data Protection Officer (DPO)

Progo's DPO can be reached at contact@canvaspx.com.

Progo is registered with the UK Information Commissioner's Office (ICO) under number ZA396165.

Subprocessors & more information

For more information about how Progo processes data, including a list of which data we store and who our subprocessors are, please see our GDPR support section.

Please note that if you are reading a translated version of this policy, the text of the English version of this policy prevails.