MEDII Limited (“we”, “our” or “us”) is committed to protecting and respecting your privacy.
Purpose of this Privacy Notice
Who are we
For the purpose of the General Data Protection Regulation 2018 and the Data Protection Act 1998 ( “Data Protection Laws”), the data controller is MEDII Limited (company number 11125755) of 5F, The Grange, 100 High Street, London N14 6BN.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
- Information you give us. This is information about you that you give us by filling in forms on our website or by corresponding with us by post, phone, Wechat, e-mail or otherwise. It includes information you provide when you contact us via our website and/or our telephone service helpline and when you report a problem with our website. The information you give us may include your name, address, e-mail address, phone number, debit/credit card information, personal description and information relating to your health and medical history.
- Information we collect about you. When you call our telephone service helpline, we will automatically record the phone number you used to call us. With regard to each of your visits to our website, we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions and operating system and platform;
- information about your visit to our website, is collected via cookies. This includes the full Uniform Resource Locators (URL), and details of how you have browsed through the website.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us (this includes passing your information to medical practitioners, consultants and doctors that we work with, referred to as our “partners”);
- to provide you with the information and services that you request from us;
- to notify you about changes to our service;
- to ensure that content from our website is presented in the most effective manner for you and for your computer;
- to provide you with information about services we feel may interest you. We will only contact you if you opt-in to such communications on our consent form. If you do opt-in to such communications, and you later decide that you would like to opt-out, you can contact us in writing at any time to inform us of your decision (please see our contact details at the bottom of this policy or on our website).
- Information we collect about you. We will use this information:
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
- as part of our efforts to keep our website safe and secure.
DISCLOSURE OF YOUR INFORMATION
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties including:
- our partners, who will contact you directly in line with our terms and conditions;
- our payment services providers to enable the processing of your payment details;
- analytics and search engine providers that assist us in the improvement and optimisation of our website;
- We will also disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If MEDII Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and any other agreements or to protect the rights, property, or safety of MEDII Limited, our customers or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All of our data is stored within the European Economic Area (“EEA”). However, we will only transfer your personal data outside the EEA provided that one of the following conditions applies:
- The country in which your personal data is transferred ensures an adequate level of protection for your rights and freedoms.
- We have your consent.
- The transfer is necessary under regulation, in the performance of our contract with you, or to protect your vital interests.
- The transfer is legally required on important public interest grounds or the establishment, exercise or defence of legal claims.
- The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights.
DATA RETENTION SCHEDULE
Your Personal Data
As a general rule,
- For annual members, your personal data, including but not limited to name, sex, contact details, medical history, appointment history, will be retained all year round for easy access and central management.
- For other service users, your personal data, as stated above will be retained for 3 months after the service is completed, in some cases with serious treatment such as cancer, your data will be kept for 6-12 months after the service is completed.
- With your consent, we may keep your contact details for further follow ups and quality checks.
- We may retain your personal data for longer periods where there is a good reason to do in accordance with our General Criteria below.
Legal and Contractual Data
As a general rule we will keep data relating to our contractual and legal relationships and dealings with our customers, visitors, suppliers and contractors for a period of 5 years after that relationship has come to an end unless there is a good reason under our General Criteria to apply a different period.
As a general rule we will keep employee data for so long as it is necessary to manage, administer and perform the employment relationship. Where an employee leaves our employment we will keep data as a general rule for 5 years. We are required by law to keep certain statutory records (for example relating to health and safety issues) for longer periods. We may retain employee data for longer periods where there is a good reason to do in accordance with our General Criteria below.
We may apply different retention periods where it is appropriate and proportionate under
data protection laws to do so.
As examples this could include situations where:
- There is in ongoing legal requirement to retain data;
- There is an ongoing contractual requirement to retain data;
- There is an ongoing request under UK data protection laws in respect of the data;
- We have determined that is appropriate and proportionate to delete the data earlier than the above retention periods;
- We are deleting the data sooner in accordance with a request under data protection
You have the right to ask us not to process your personal data for marketing purposes. We will only contact you if you opt-in to such communications on our consent form. If you do opt-in to such communications, and you later decide that you would like to opt-out, you can easily unsubscribe from these messages.
The Data Protection Laws gives you Data Rights. These include:
- The right to access information held about you.
- You also have the right to correct any errors or omissions with your personal data
- Seek your personal data to be erased or forgotten
- Move your personal data to a similar organisation
- Opting out of automated decision making
- Objecting to how MEDII Limited processes your information.
It is free to use these rights, but MEDII Limited reserves the right to charge a reasonable fee if we feel there are excessive requests. We require proof of ID to be able to process your request and we will try to respond to all legitimate requests within one month. If it will take us longer to comply due to the complexity or volume of requests we will notify you.
Our contact information to use your rights or ask any questions is below.
MEDII, 5F, The Grange, 100 High Street, London N14 6BN or firstname.lastname@example.org.
THIRD PARTY LINKS
Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.