Privacy & Cookie Policy
1. Introduction to this Policy
- Introduction to this Policy
- This privacy policy (“Policy”) relates to:
- the website at www.medi2data.com, any subdomain or any such related website and/or mobile application for such website (together the “Website”);
- the Electronic Reporting Monitoring mobile application (“App”);
- This privacy policy (“Policy”) relates to:
1.1. This privacy policy (“Policy”) relates to:
1.1.1. the website at www.medi2data.com, any subdomain or any such related website and/or mobile application for such website (together the “Website”);
1.1.2. the Electronic Reporting Monitoring mobile application (“App”);
1.1.3. once you have downloaded or streamed a copy of the App, your use of the App through your mobile telephone or handheld device; and
1.1.4. the service you connect to via the App (“Services”).
1.2. You should read this Policy carefully as it contains important information about how we will use your Information (as defined below in clause 3.1). In certain circumstances (see below) you will be required to indicate your Consent to the processing of your Information as set out in this Policy when you first submit such Information to or through the Website or the App. For further information about
Consent see clause 6 below.
1.3. We may update this Policy from time to time in accordance with clause 16 below.
This Policy was last updated on 15 March 2022.
2. About us
2.1. The terms “Medi2Data” or “us” or “we” refer to MediData Exchange Limited. We are a
company limited by shares registered in England and Wales under company number
09481183 whose registered office is at Ty Derw, Lime Tree Court, Cardiff Business
Gate, Cardiff, CF23 8AB, Wales, United Kingdom. The term “you” refers to the
individual accessing and/or submitting Information to the Website or the App.
2.2. We, as the Data Controller, can be contacted via our Data Officer via email on
DPO@medi2data.com or post at Medi2Data, The Maltings, East Tyndall Street,
Cardiff, CF24 5EA. We, as the Data Controller as responsible for, and control the
processing of your Personal Data in accordance with the General Data Protection
Regulation 2016/679 (“GDPR”) and the Data Protection Act 2018 (“DPA”) and all
applicable laws and regulations which may be in force from time to time relating to
the processing of Personal Data and privacy.
2.3. The following definitions apply in this Policy:
2.3.1. “Personal Data” means any information that identifies or makes identifiable a
natural (living) individual;
2.3.2. “Consent” means freely given, specific, informed and unambiguous indication
of your wishes given by a statement or clear affirmative action;
2.3.3. “Data Subject Access Request” a request to obtain confirmation as to whether
or not Personal Data concerning a natural person is being processed pursuant
to Article 15 of the GDPR
3. Information we may collect about you
3.1. When you use the Website, the App and/or when you otherwise deal with us we may
collect, use and store the following information about you (“Information”):
3.1.1. personal information including first and last name, date of birth, title,
photograph and/or likeness;
3.1.2. contact information including current residential address, primary email
address and/or primary phone number;
3.1.3. technical information including IP address, operating system, browser type and
related information regarding the device you used to visit the Website or the
App, the length of your visit and your interactions with the Website or App;
3.1.4. information obtained through forms completed by you on the Website, or the
App, including information you provide when you register to use the App,
download the App, subscribe to any of the Services or when you report any
problem with the App or our Services;
3.1.5. details of your use of our App including, but not limited to, traffic data and other
communication data;
3.1.6. marketing data, including your preferences in receiving marketing from us;
3.1.7. information obtained through our correspondence and monitoring in
accordance with clause 3.2 below; and
3.1.8. details of any enquiries made by you through the Website or the App, together
with details relating to subsequent correspondence (if applicable).
3.2. If you are an individual, and any Personal Data relating to your health or medical
records (“Special Category Data”) will be processed in the App for the purposes of
responding to a Data Subject Access Request made by you or on your behalf, please
note that we will be processing this data as a Data Processor on behalf of a Data
Controller, where “Data Processor” and “Data Controller” are as defined in the GDPR.
The processing of this Special Category Data will not be subject to this Policy and
you will need to review the contents of the Data Controller’s privacy policy in respect
of the processing of this Special Category Data. We have data processing
agreements in place with relevant Data Controllers.
3.3. We may monitor your use of the Website or the App through ‘cookies’ and similar
tracking technologies. We may also monitor traffic, location and other data and
information about users of the Website or the App. Such data and information, to the
extent that you are individually identifiable from it, shall constitute Information as
defined above. However, some of this data will be aggregated or statistical, which
means that we will not be able to identify you individually. See clause 15 below for
further information on our use of cookies.
4. How long we keep your Information
4.1. Subject to clause 4.5, we will keep your Information only for the purposes set out in
the table below (see clause 5).
4.2. We will only retain your Personal Data for as long as reasonably necessary to fulfill
the purposes we collected it for, including for the purpose of satisfying any legal,
regulatory, tax, accounting or reporting requirements. We may retain your Personal
Data for a longer period in the event of a complaint or if we reasonably believe there
is a prospect of litigation in respect of our relationship with you. We are required to
keep the information we collect as set out in clause 3.1 of this Policy for a period of
2 years from the date you cease to use the App.
4.3. If required, we will be entitled to hold Personal Data for longer periods in order to
comply with our legal or regulatory obligations.
4.4. Where we hold the Information based on your express Consent and have no other
legal basis for holding your Information, we will hold it until Consent is withdrawn.
4.5. In some circumstances you can ask us to delete your Personal Data, see clause 12
below for further Information.
5. Legal basis for processing your information
5.1. In accordance with the GDPR/DPA we may only process your Information if we have
a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this
Policy, our legal basis for processing your Information is set out in the table below.
Why we will process your Information | The legal basis for which is… |
To register the App and register you as a new App user. | This is necessary for the performance of the contract between us and Information is processed to enable us to provide the Services to you. |
To operate, administer, correspond and provide the Services to you. | This is necessary for the performance of the contract between us and Information is processed to enable us to provide the Services to you. |
To administer and protect our business and the App including troubleshooting, data analysis and system testing. | This is necessary for the legitimate interests we pursue for running our business, provision of administration and network security |
To manage our relationship with you including notifying you of any changes to the App or any Services. | This is necessary for the performance of the contract between us and Information is processed to enable us to provide the Services to our users. Outside of such, this processing is necessary for the legitimate interests we pursue to keep records up to date and to analyse how users use our Services, subject to you raising an objection under clause 12.6, requiring us to check that our interest in the processing is not overridden by the resulting risk to your rights and freedoms. This is also necessary for us to comply with our legal obligations, including obligations to inform you of any changes to our terms and conditions for the App or Services. |
To investigate and address any comments, queries or complaints made by you regarding your use of the App or the Services provided by us. | This is necessary for the performance of the contract between us and Information is processed to enable us to provide Services to our users. Outside of this, such processing is necessary for the legitimate interests we pursue of running our business and is subject to your rights in clause 12. |
Where required by (but not limited to) any request or order from law enforcement agencies and/or HMRC in connection with any investigations to help prevent unlawful activity. | This is necessary to comply with our legal obligations, including obligations relating to the protection of Personal Data. |
To operate, administer, maintain and provide, analyse and improve the Website, App and the Services. To ensure that content from the Website and App is presented in the most effective manner for you and your device. To conduct research, statistical analysis and behavioural analysis (including anonymizing data for these purposes). To provide insights based on aggregated, anonymous data collected through the research and analysis. To notify you about changes to the Website or the App. To allow you to participate in interactive features of the Website or the App | This processing is necessary for the legitimate interests we pursue of running our business and is subject to your rights in clause 12. |
To contact you for marketing purposes, including to deliver content and advertisements to you and to make recommendations to you about services which may interest you (see ‘Marketing and Opting Out‘ in clause 7 below) | We send out marketing communications based on our legitimate interests of providing our business and keeping people informed about the services we offer. The method of communication may vary as set out below: ● we may send you information via post or, if you are dealing with us on behalf of a limited company or LLP, to your corporate email address; ● we will only contact you via your personal email address if: (i) you have given your Consent (see ‘Marketing and opting out’ in clause 7 below); or (ii) you have previously bought services from us and we are contacting you to let you know about similar goods and services that we offer (see ‘Marketing and opting out’ in clause 7 below). You have the right at any time to let us know that you no longer wish to re |
6. Your Consent to processing
6.1. As noted above, you will be required to give Consent to certain processing activities
before we can process your Information as set out in this Policy. Where applicable,
we will seek this consent from you when you first submit Information to or through
the Website or the App.
6.2. If you have previously given Consent, you may freely withdraw such Consent at any
time. You can do this by notifying us in writing (see clause 19 below).
6.3. If you withdraw your Consent, and if we do not have another legal basis for
processing your information (see clause 5 above), then we will stop processing your
Information. If we do have another legal basis for processing your information then
we may continue to do so subject to your legal rights (for which see clause 12
below).
6.4. Please note that if we need to process your Information in order to operate the
Website, the App and/or provide our services, and you object or do not consent to us
processing your Information, the Website, the App and/or those services may not be
available to you.
.
7. Marketing and opting out
7.1. Where you are dealing with us on behalf of a limited company or LLP, for business
purposes, then we may contact you by email to your corporate email address about
similar or related products that we offer. If you prefer not to receive any direct
marketing communications from us, or you no longer wish to receive them, you can
opt out at any time (see below).
7.2. Where you have previously ordered services from us we may contact you by
telephone, email and post about similar or related services and promotions that may
be of interest to you. We will inform you if we intend to use your data for such
purposes and give you the opportunity to opt-out of receiving such information from
us. In addition, and if you have given permission, we may also contact you by
telephone, email about our other products, services, promotions and special offers
that may be of interest to you. We will inform you (before collecting your data) and
seek your permission if we intend to use your data for such additional marketing
purposes. If you prefer not to receive any direct marketing communications from us,
or you no longer wish to receive them, you can opt out at any time (see below).
7.3. If you have given permission, we may contact you by post, telephone and email to
provide information about products, services, promotions and other information we
think may be of interest to you. We will inform you (before collecting your data) if we
intend to use your data for such purposes. If you would rather not receive such
marketing information from us, or you no longer wish to receive it, you can opt out at
any time (see below).
7.4. We will get your express opt-in Consent before we share your personal data with any
third party for marketing purposes.
7.5. You have the right at any time to ask us, or any third party, to stop processing your
information for direct marketing purposes. If you wish to exercise this right, you
should contact us by sending an email to connect@medi2data.com or contact the
relevant third party using their given contact details, giving us or them enough
information to identify you and deal with your request.
8. Disclosure of your information
8.1. We may disclose your Information (including Personal Data):
8.1.1. to other companies within our group of companies (which means our
subsidiaries, our ultimate holding company and its subsidiaries, as defined in
section 1159 of the UK Companies Act 2006);
8.1.2. to our business partners, service providers, professional advisers or third-party
contractors to enable them to undertake services for us and/or on our behalf
(and we will ensure they have appropriate measures in place to protect your
Information);
8.1.3. to any prospective buyer or seller (and their representatives) in the event that
we sell or buy any business or assets;
8.1.4. f we are under a duty to disclose or share Personal Data in order to comply with
any legal obligation, including (but not limited to) any request or order from law
enforcement agencies and/or HMRC in connection with any investigation to
help prevent unlawful activity; and
8.1.5. to other third parties if you have specifically consented to us doing so.
8.2. We may disclose aggregated, anonymous information (i.e. information from which
you cannot be personally identified), or insights based on such anonymous
information, to selected third parties, including (without limitation) analytics and
search engine providers to assist us in the improvement and optimisation of the
Website and App. In such circumstances we do not disclose any information which
can identify you personally.
8.3. If our whole business is sold or integrated with another business your Information
may be disclosed to our advisers and any prospective purchasers and their advisers
and will be passed on to the new owners of the business.
9. Keeping your Information secure
9.1. We will use technical and organisational measures in accordance with good industry
practice to safeguard your Information, including the use of data encryption.
9.2. All Information you provide to us is stored on our secure servers in the United
Kingdom. Where we have given you (or where you have chosen) a password that
enables you to access the App, you are responsible for keeping this password
confidential. Please do not share this password with anyone.
9.3. While we will use all reasonable efforts to safeguard your Information, you
acknowledge that the use of the Internet is not entirely secure and for this reason we
cannot guarantee the security or integrity of any Information that is transferred from
you or to you via the Internet.
10. Overseas transfers
We do not transfer your personal data outside the European Economic Area (“EEA”).
11. Information about other individuals
If you give us information on behalf of a third party, you confirm that the third party
has appointed you to act on his/her/their behalf and has agreed that you can: give
Consent on his/her/their behalf to the processing of his/her/their Information;
receive on his/her/their behalf any data protection notices.
12. Your rights and duty to inform us of changes
If you are an individual, this section sets out your legal rights in respect of any of your
Personal Data that we are holding and/or processing. If you wish to exercise any of
your legal rights you should put your request in writing to us (using our contact
details in clause 19 below) giving us enough information to identify you and respond
to your request.
12.1. You have the right to request access to information about Personal Data that we
may hold and/or process about you (commonly known as a “data subject access
request”), including: whether or not we are holding and/or processing your Personal
Data; the extent of the Personal Data we are holding; and the purposes and extent of
the processing.
12.2. You have the right to have any inaccurate or incomplete information we hold about
you be corrected and/or updated. If any of the Information that you have provided
changes, or if you become aware of any inaccuracies in such Information, please let
us know in writing giving us enough information to deal with the change or
correction. It is important that the Information we hold about you is accurate and
current. Please keep us informed if your Information changes during our relationship
with you.
12.3. You have the right in certain circumstances to request that we delete all Personal
Data we hold about you (the ‘right of erasure’). Please note that this right of erasure
is not available in all circumstances, for example where we need to retain the
Personal Data for legal compliance purposes. If this is the case, we will let you know.
12.4. You have the right in certain circumstances to request that we restrict the processing
of your Personal Data, for example where the Personal Data is inaccurate or where
you have objected to the processing (see clause 12.6 below).
12.5. You have the right to request a copy of the Personal Data we hold about you and to
have it provided in a structured format suitable for you to be able to transfer it to a
different data controller (the ‘right to data portability’). Please note that the right to
data portability is only available in some circumstances, for example where the
processing is carried out by automated means. If you request the right to data
portability and it is not available to you, we will let you know.
12.6. You have the right in certain circumstances to object to the processing of your
Personal Data. If so, we shall stop processing your Personal Data unless we can
demonstrate sufficient and compelling legitimate grounds for continuing the
processing which override your own interests. If, as a result of your circumstances,
you do not have the right to object to such processing then we will let you know.
12.7. You have the right in certain circumstances not to be subject to a decision based
solely on automated processing, for example where a computer algorithm (rather
than a person) makes decisions which affect your contractual rights. Please note
that this right is not available in all circumstances. If you request this right and it is
not available to you, we will let you know.
12.8. You have the right to object to direct marketing, for which see clause 7.5 above.
13. Accessing personal data
13.1. You will not have to pay a fee to access your Personal Data (or to exercise any of the
other rights in clause 12). However, we may charge a reasonable fee if your request
is clearly unfounded, repetitive or excessive.
13.2. We may need to request specific information from you to help us to confirm your
identity to ensure your right to access your Personal Data. This is a security measure
that Personal Data is not disclosed to any person who has no right to receive it. We
may also contact you to ask you for further information in relation to your request to
speed up our response.
13.3. We try to respond to all legitimate requests within one month. Occasionally, it could
take us longer than a month if your request is particularly complex or you have made
a number of requests. In this case, we will notify you and keep you updated.
14. Complaints
If you have any concerns about how we collect or process your Information then you
have the right to lodge a complaint with a supervisory authority, which for the UK is
the UK Information Commissioner’s Office (“ICO”). Complaints can be submitted to
the ICO through the ICO helpline by calling 0303 123 1113. Further information about
reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
15. Cookies’ and related software
15.1. Our software may issue ‘cookies’ (small text files) to your device when you access
and use the Website or the App. Cookies do not affect your privacy and security
since a cookie cannot read data off your system or read cookie files created by other
sites.
15.2. Our Website and App use cookies and other tracking and monitoring software to:
distinguish our users from one another; collect standard Internet log information; and
to collect visitor behaviour information. The information is used to track user
interactions with the Website and the App and allows us to provide you with a good
experience when you access the Website or the App, helps us to improve our
Website, App and Services, and allows us to compile statistical reports on visitors
and activity of the Website and App.
15.3. You can set your system not to accept cookies if you wish (for example by changing
your browser settings so cookies are not accepted), however please note that some
of our Website or App features may not function if you remove cookies from your
system. For further general information about cookies please visit
www.aboutcookies.org or www.allaboutcookies.org.
16. Changes to this Policy
16.1. We keep this Policy under regular review and may change it from time to time. If we
change this Policy we will post the changes on this page, and where appropriate
when you next start the App, so that you may be aware of the Information we collect
and how we use it at all times. You are responsible for ensuring that you are aware of
the most recent version of this Policy as it will apply each time you access the
Website or the App.
17. Links to other websites
17.1. Our Website or App may contain links to other websites. This Policy only applies to
our Website and our App. If you access links to other websites any Information you
provide to them will be subject to the privacy policies of those other websites.
17.2. We have no control over third party websites or systems and accept no legal
responsibility for any content, material or information contained in them. Your use of
third-party sites or systems will be governed by the terms and conditions of that third
party. It is your responsibility to ensure you are happy with such third-party terms and
conditions.
17.3. The display of any hyperlink and/or reference to any third-party website, system,
product or service does not mean that we endorse that third party’s website,
products or services and any reliance you place on such hyperlink, reference or
advert is done at your own risk.
18. Accessibility
This Policy aims to provide you with all relevant details about how we process your
Information in a concise, transparent, intelligible and easily accessible form, using
clear and plain language. If you have any difficulty in reading or understanding this
Policy, or if you would like this Policy in another format (for example audio, large print
or braille), please get in touch with us.
19. Contact us
We welcome your feedback and questions on this Policy. If you wish to contact us,
please email us at connect@medi2data.com or call 03333055774.