We hope you’ll take some time to read this document; we’ve tried to keep it all as simple as possible and we will keep you informed if there are any changes to the way we process your personal data in the future, before making them.
As far as you use Products as an individual person, we are the controller of your personal data. We are responsible for and control the processing of your personal data.
1.What kind of personal data might we ask you to provide?
Company will only ever ask for personal data when you register on the Products, express an interest in obtaining information about us or Products and our services, when you participate in activities on Products, or otherwise when you contact us.
The personal data that we collect depends on the context of your interactions with Products, the choices you make and the services you use.
Company will only ever ask for personal data if it is required for a specific purpose; with that in mind we have created a full list of all the kinds of personal data that we may ask you to provide in order to achieve those purposes. The kinds of personal data we may collect are outlined below:
- User Data (name, date of birth, sex, gender, address, contact phone number, education, profession and specialization, medical registration number (License number), height, weight, blood group, and other information you provide in your profile (the other information is optional), email, usernames, passwords, contact or authentication data). This refers to personal data collected about Products users. Company is a data controller of user data. In this case, Products users are the data subjects.
- User Generated Data (message data, Patient ID, Health Information, images and audio, video or call recordings created in connection with our business activities).This refers to all data collected by our Products users while using Products. This data is largely sensitive patient information and personal information of the patients being discussed (data subjects). In this case, Company a data processor of User Generated Data. Products users are the controllers of User Generated Data.
Under HIPAA, Company is a Business Associate who processes, stores or transmits Protected Health Information (PHI) on behalf of the Covered Entities (healthcare providers) who use Products.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.If you use our application, we also may collect the following information (Application Data) if you choose to provide us with access or permission:
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.3.For what purpose do we collect personal data?We will use personal data firstly to fulfill any contractual obligations that exist between us and yourself; where we request personal data be provided to meet the terms of any such contract you will be required to provide the relevant personal data or we will not be able to provide the services you want. In such cases, the lawful basis of us processing the personal data is that it is necessary for the performance of a contract. We may also process your personal data in accordance with our legitimate business interests; this is on the considered measure that we need the personal data to achieve the various purposes and that it could be reasonable for an individual to expect their data to be used for those purposes. You may choose to opt-out of Products using any of your user data. However, if you choose to do so, your experience of Products may be sub-optimal. We collect your personal data to:
- Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
- Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's microphone, contacts, camera, calendar, reminders, sensors, sms messages, social media accounts, storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access Products. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
4.What legal basis for the processing of your personal data?The legal basis for the processing of your personal data is your consent. You are not required to provide us with your personal data. However, if you do not provide us with your personal information, we will not be able to provide you with our Products, which require online registration. Your personal data will be processed in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). We may also process your personal data in order for Company to comply with our various legal obligations; this might include:
- provide you with access to Products and our services;
- contact you, if necessary;
- notify you of any changes to the services we provide or have provided, that may affect you;
- allow us to understand the scale and range of our customer base; for statistical analysis and market research;
- recognise when customers re-engage with Products;
- allow us to support and maintain our Products in active service;
- Improve Products so you can get better services;
- enhance the security measures in place that protect data we are responsible for;
- protect the company’s assets;
- inform you about special offers in Products that, in our opinion, may be of interest to you.
Under HIPAA, Company is permitted to use or disclose Protected Health Information (PHI) for treatment, payment or healthcare operations, which includes quality assessment and improvement, business planning and general administrative activities, activities related to compliance with HIPAA and HITECH and other similar purposes described in 45 CFR § 164.502(a).described in 45 CFR § 164.502(a). 5.Where did we obtain your personal data?
- Providing for financial commitments between us and yourself, or to relevant financial authorities,
- Complying with industry regulatory requirements and any self-regulatory schemes,Complying with industry regulatory requirements and any self-regulatory schemes,
- Cooperating with relevant authorities for reporting criminal activity, or to detect and prevent fraud.
6.Who might we share your personal data with?We may share your personal data with the other members of our group of companies, which includes any subsidiary or the holding company of Medentee. In order to achieve the above-stated purposes for which we process your personal data, we may need to share your personal data with various third-party service providers who act as data processors. We may share your personal data with third party organizations acting as data controllers or with specific individuals, groups or other organizations who act as neither data controllers nor data processors, but only where we are either legally required to do so by law or where doing so is necessary to achieve the intended stated purpose of processing the data.The categories of third parties we may share personal information with are as follows:
- We collect personal data directly from you;
- We source personal data from some publicly accessible sources such as: Medical Registration data, Workplace websites (e.g NHS Trust Websites) and other professional healthcare registration bodies in the regions we operate;
- We may gather personal data from sources including:
- technical sources that gather data over time when you use our Products;
- from third party organizations, which can mean your personal data has been provided directly by another company for a specific purpose, or where you may have accessed our Products through a third-party online service;
- local or national authorities provided for specific purposes.
In the event that we sell or reorganize our business, or if otherwise required by law or by an authorized regulator, we may transfer your personal data as a part of the general business data to the relevant parties. 7.Is your personal data transferring outside of Europe?We comply with Regulation (EU) 2016/679 (GDPR). Under this rule, residents of the European Economic Area (EEA) can expect their data to be properly protected when transferred outside the EEA. When we provide our services to you, the personal data which you give to us may be transferred to countries outside the European Union. We will only transfer your personal data in this way if we have mechanisms in place to protect it. These mechanisms may include transfers to countries where an adequate level of protection has been established, or to organizations with appropriate safeguards, such as a data processing agreement or compliance with the European Commission's Standard Contractual Clauses (Decisions 2001/497 / EU, 2004/915 / EU, 2010/87 / EU). By submitting your personal data, you agree to such transfer, storage, or processing. If we transfer your data to our partners/providers located in states that do not provide an adequate level of data protection, we commit ourselves to take all necessary measures to ensure that those partners/providers comply with the terms and conditions established in this Policy. These measures may also include the implementation of data protection standards (e.g., ISO 27001), standard contractual clauses adopted by the EU Commission, as well as direct control systems for these mechanisms.8.Specific privacy rights for California residents?California Civil Code Section 1798.83, also known as the 'Shine The Light' law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. The California Code of Regulations defines a 'resident' as:
- Data Analytics Services
- Communication & Collaboration Tools
- Data Storage Service Providers
- Finance & Accounting Tools
- Social Networks
- Ad Networks
- Cloud Computing Services and ect.
- every individual who is in the State of California for other than a temporary or transitory purpose and
- every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
- Access to your personal data. You may request a copy of the information that we hold about you.
- Right to rectification. You have the right to request that the Company correct any information that you believe is inaccurate. You also have the right to require the Company to complete information that you consider incomplete.
- Right to be forgotten. You have the right to request that the Company delete your personal data.
- Right to restrict processing. You have the right to request that the Company restrict the use of your personal data.
- Right to object to processing. You have the right to object to the use of your personal data by our Company.
- Right to data portability. You have the right to request that the Company transfer your personal data collected by us to another organization or directly to you.
- Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal data, at any time, without affecting the legality of the processing that was done before, based on the consent.
- Right to Complain. We will always try to maintain the highest standards and encourage the confidence our customers have in us as an organization. In order that we can achieve this we do request that any complaints be first brought to our attention so we can properly investigate matters.
If you wish to make a complaint or believe that the Company did not satisfy your request properly, you can contact: