GDPR Compliance

Last updated: February 20, 2026

SONIC is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and your rights as a data subject.

Our Commitment to GDPR

As a platform handling sensitive medical training data, we take data protection seriously. We have implemented comprehensive measures to ensure GDPR compliance across all our operations.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Restrict Processing

Request limitation of how we use your data.

Right to Object

Object to processing of your personal data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contractual Necessity: To provide our medical training services as agreed
Legitimate Interests: To improve our platform and ensure security
Consent: Where you have explicitly agreed to specific processing
Legal Obligations: To comply with applicable laws and regulations

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Email: dpo@sonic-medical.com

International Data Transfers

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Transfers to countries with adequacy decisions
Binding Corporate Rules where applicable

Data Breach Notification

In the event of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours where required
Notify affected individuals without undue delay when the breach is likely to result in high risk to their rights
Document all breaches and remediation actions taken

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: gdpr@sonic-medical.com

We will respond to your request within 30 days.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the UK, this is the Information Commissioner's Office (ICO).

← Back to Home