01
Pre-cancellation notice
Automated
-
✓
Automated email with both closure options, sent to the client before the cancellation takes effect. Full transparency on the next steps.
Art. 28.3.g · 5.1.a
02
Option A — Export and forget
Legal right
-
✓
Full data export in structured, readable and interoperable format (JSON + CSV + DICOM for imaging). Directly importable in any other compliant practice management system.
Art. 28.3.g · 20
-
✓
Free and guaranteed timing: export delivered within 1 month of the request, at no additional cost.
Art. 28.3
-
✓
AES-256 encrypted archive both at rest and in transit (TLS 1.3). Technical measures adequate to the sensitivity of a clinical dataset.
Art. 32
-
✓
Acknowledgment of receipt + erasure countdown: the client confirms having downloaded the data, a documented counter starts, at the end of which deletion is final.
Art. 17.1.a · 28.3.g
03
Option B — Contractual retention
Optional
-
✓
Retention at reduced rate: new contractual agreement as data processor, with documented and limited retention period.
Art. 28 · 5.1.e
-
✓
Server-side encrypted cold storage (Glacier-like architecture): marginal cost, unchanged security, privacy-by-design preserved even in deep archive.
Art. 32 · 25
-
✓
Legal retention enforced: clinical data kept for the period required by healthcare regulations, with explicit "legal obligation" legal basis.
Art. 17.3.b · 6.1.c
04
Final purge and permanent traceability
Final
-
✓
Tombstone deletion: at the end of the retention period, every identifying piece of data is erased irreversibly. No residual copies.
Art. 17 · 5.1.e
-
✓
Immutable post-purge audit log: only the technical trace of operations remains, with no personal data. Perfect accountability, erasure honored.
Art. 5.2 · 30