Privacy Policy

DATE

10.05.22

Introduction

Medix (“we” or “Medix”) are committed to protecting and respecting the confidentiality, integrity, and security of personal information we hold about individuals. This policy shall inform about personal data we process about business contacts and about users of our website (“you” and “your”). The policy sets out how such personal data is collected, for what purposes it will be processed and how Medix complies with its responsibilities under applicable data protection laws, including the General Data Protection Regulation (Regulation (EU) 2016/679) (“Data Protection Laws”).

DATA CONTROLLER AND DATA PROTECTION OFFICER

For the purpose of the Data Protection Laws, the data controller of your personal information is Medix Medical Services Limited. We have appointed a Data Protection Compliance Manager who is responsible for overseeing compliance with Data Protection Laws and this privacy policy. You may find our contact information at the end of this privacy policy.

Personal Data

We may collect, hold and use personal data about you including:
  • Name;
  • Company;
  • Address, email address, telephone number and other contact details;
  • Job title;
  • Notes from any meetings or other conversations with you;
  • Internet protocol (IP) address, operating system, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site;
  • Your interests, preferences, feedback, and survey responses;
  • Information about how you use our website;

How Is Your Personal Data Collected?

We may collect personal data about you through:

  • Direct interactions; you may give us your personal data directly when we meet, when you give us your business card or when you contact us electronically through our website, by post, phone, email or otherwise.
  • Third parties or publicly available sources. We may receive personal data about you from various social media sites, including LinkedIn and other publicly available sources.

Purposes For Which We Use Your Personal Data

We will only use your personal information as the law permits. We process your personal data in the following ways:
  • To administer our website and to ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To administer and manage our relationship with you, including to contact you periodically to ask you to correct/update the information we hold about you and/or to confirm your preferences;
  • To comply with any contract between us;
  • To provide you with any information you request from us.
  • To provide you with information about the services we offer where we think this may be of interest to you.
  • To allow you to participate in interactive features of our site, when you choose to do so.
  • To notify you about changes to our services.
  • To allow us to comply with a legal obligation on us.

1. Visiting our website

We process your personal data to administer our website and to ensure that content from our site is presented in the most effective manner for you and for your computer. For more information on cookies please refer to our Cookie Policy.

1.1 Access of our website

  • To make our website available and to ensure its functionality, the web server automatically records your visit in so-called server log files when you visit our website. The following data is processed in the process: Browser type and version, the operating system used by the terminal device, the IP address of the requesting computer, access date and time of the server request, the duration of the stay on the website, the amount of data transferred, the location from which the user retrieves data from the website, connection data and sources and from which page the access is made.
  • This data is processed for the purpose of providing our website and for statistical analysis as well as for the purpose of identifying and tracing unauthorised access to the web server and other criminal offences. The legal basis for data processing is based on our legitimate interests acc. to article 6 (1) (f) GDPR. The data processing is necessary for the security and operation of the website. You exercise your right to object by no longer accessing our website.
  • The recipients of the data are our hosting service providers.
  • Log file information is stored from the end of your respective website visit for a maximum of 30 days and then deleted.
 

1.2 Analysis and Marketing

1.2.1 Google Analytics

  • We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”) to analyse the traffic on our website. The use of the website is evaluated, and reports are created so that we can further optimise our online presence. This involves collecting, collating and analysing data about your behaviour as a visitor to our website. Among other things, the web analytics service collects data about the referrer URL (the website from which a visitor came), which subpages were visited or how often and for how long a subpage was visited. The web analysis service is used to optimise a website and to analyse the costs and benefits of internet advertising. Google will also use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. The data processed in this way will not be assigned to you personally, but will be given a separate user ID.

    The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool or by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

    Through Google Analytics, personal data, and information – including the IP address (anonymised) – are transmitted to Google, under certain circumstances also to the USA. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Information on data protection at Google can be found here https://policies.google.com/privacy.

 1.2.2 Google Ads

  • This website uses Google Ads from Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland (“Google”) with the cross-device functions of Google Ads and Google DoubleClick. These make it possible to determine whether several end devices (e.g., tablet and smartphone) can only be assigned to one user. The assignment is made via the Google account. Each end device on which the user logs into their Google account can be clearly assigned to this user. If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g., mobile phone) can also be displayed on another of your end devices (e.g., tablet or PC).

    The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool or by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/plugin.

    By using Google Ads, your data will be transmitted to Google, under certain circumstances also to the USA. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which allow a transfer to so-called third countries outside the EU in individual cases. Information on data protection at Google can be found here https://policies.google.com/privacy.

1.2.3 HubSpot

  • On this website, we use the service HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland at HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
  • HubSpot is an integrated software solution that we use to cover various aspects of our online marketing, namely [Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g., user segmentation & CRM), Landing Pages and Contact Forms].
  • Information collected from or about our visitors may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. As part of the optimisation of our marketing measures, the following data may be collected and processed via HubSpot: Geographical position, Browser type, Navigation information, Referral URL, Performance data, Information about how often the application is used, Mobile apps data, Login information for the HubSpot subscription service, Files viewed on site, Domain names, Pages viewed, Aggregated usage, Operating system version, Internet service provider, IP address, Device identifier, Duration of visit, Where the application was downloaded from, Operating system, Events that occur within the application, Access times, Clickstream data, Device model and version. In addition, we also use HubSpot to provide contact forms. For further information in this regard, please see point 2.1 of this privacy policy.
  • The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool.
  • Within the scope of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. More information about HubSpot’s privacy policy: https://legal.HubSpot.com/privacy-policy
  • More information on the cookies used by HubSpot can be found at https://knowledge.HubSpot.com/reports/what-cookies-does-HubSpot-set-in-a-visitor-s-browser.
 

1.2.4 Facebook Custom Audiences

  • We use Facebook Custom Audiences (so-called Facebook Pixel) of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Through the use of Facebook Custom Audiences, users of the website can be shown interest-based advertisements (“Facebook Ads”) when visiting the social network Facebook or other websites that also use the method. In this way, we ensure that advertisements for our offers are targeted based on the interests of our customers and are thus displayed in a more tailored manner. The Facebook pixel may process data about the actions you take on our website (Event Data). Facebook may process the information collected via the Facebook pixel and match it with any existing user ID on Facebook. Facebook may also process the Event Data to provide measurement and analytics that enable us to evaluate the success of our advertising campaigns and other online content and to optimise our website and advertising efforts. Facebook also processes Event Data to create specific audiences for our various advertising efforts and online services, to which we can then send advertising appropriate for that audience. In addition, Facebook processes the Event Data to personalise our actions for you. Where applicable, the Event Data is used in conjunction with your Facebook user ID in order to display our advertising to you on Facebook, Facebook Messenger, and other Facebook products. If you are registered with a Facebook service, Facebook can assign your Event Data, including your visit to our website, to your Facebook account. Even if you are not registered with Facebook or have not logged in, there is a possibility that Facebook can make an assignment to you personally, e.g., by linking the Event Data collected via our Facebook pixel with Event Data from other website operators.
  • The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool. Users logged in to Facebook can also exercise their revocation here https://www.facebook.com/settings/?tab=ads.
  • Personal data may be transferred to Facebook servers in the USA and stored there. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which allow a transfer to so-called third countries outside the EU in individual cases. Further information about Facebook’s data protection practices can be found here https://www.facebook.com/about/privacy/.
 

1.3 Content

1.3.1 Vimeo

  • We embed videos on our website via the service of Vimeo, Inc., 555 West 18th Street, New York, New York 10011 (“Vimeo”). If you call up our website on which such a video is embedded, a connection to Vimeo servers is established. This results in a data transmission to Vimeo in the United States of America. Vimeo collects your IP address, the type of browser you use, your operating system or your device information. When you click and watch the video, Vimeo also processes information about your web activity by setting cookies in your browser. This allows your behaviour to be analysed for the purpose of optimization and cost-benefit analysis of our videos and events. Vimeo will use this information to evaluate your engagement during video streaming and compile reports on activity for us. If you have a Vimeo account and are logged in to Vimeo at the same time, this information may also be personally assigned to you by Vimeo.
  • The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool.
  • Your data will be forwarded to Vimeo. Information on data protection at Vimeo can be found at: https://vimeo.com/privacy/ and https://vimeo.com/cookie_policy.
 

1.3.2 YouTube

We embed YouTube videos on our website via iFrame. YouTube is a service by of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”). We use the so-called Elementor-services. Per these service, personal data will be transferred to Google only if you start a YouTube video. If you start a video, a connection to Google servers is established. Google collects log files, your IP address, the type of browser you use, your operating system or your device information. If you have a Google account and are logged in to a Google service at the same time, this information may also be personally assigned to you by Google.

The legal basis for the processing of personal data is your consent acc. to article 6 (1) (a) GDPR. If you click to start the video this will be considered consent. You can prevent the collection of data by preventing the setting of cookies via the settings in your browser. You can also revoke your consent via the consent management tool.

Your data will be forwarded to Google. Information on data protection at https://policies.google.com/privacy.

1.3.3 Google Maps

For an improved geographical representation of our office locations and to make it easier for you to find them, we have integrated maps from the Google Maps service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”) into our website via an API. By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In particular, your IP address is sent to a Google server. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google account after using the relevant Google service. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is conducted in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website.

Insofar as personal data is transferred to Google servers in the USA and stored and further processed there, Google has concluded the standard data protection clauses adopted by the EU Commission with the Google companies based in the USA, which permit the transfer of personal data to the USA in individual cases. Further information on data processing by Google can be found at https://policies.google.com/privacy

We do not store any personal data through the integration of Google Maps.

1.3.4 Google reCAPTCHA

We use reCAPTCHA from the operating company Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”) to check and prevent interactions on our website through automated access, e.g. through so-called bots. The main purpose of this tool is to distinguish whether entries are made by natural persons or, where applicable, improperly by machine and automated processing. This service enables Google to determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. reCAPTCHA places a cookie in your browser when it is executed and creates a screenshot of your browser window. In addition to your IP address, information about other Google cookies that have been set in your browser within the last six months, information about language settings, the date, installed plug-ins and all JavaScript objects will be collected by Google in the United States of America that are necessary for offering and guaranteeing this service. Due to this information transfer, it cannot be ruled out that cross-device tracking takes place at the same time.

 

The data processing is based on our legitimate interest pursuant to article 6 (1) (f) GDPR. Our legitimate interest is to maintain the security and stability of our platform and to prevent abuse and SPAM. You can permanently prevent cookies from being set at any time by making the appropriate settings in your browser, so that Google reCAPTCHA cannot set a cookie either. Furthermore, cookies already used by Google reCAPTCHA can be deleted at any time via the browser.

The personal data collected in this respect may be transmitted to Google, possibly also to the USA, and stored and processed there. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases permit a transfer to so-called third countries outside the EU. Information on data protection at Google can be found here https://policies.google.com/privacy.

 

2. IN CONNECTION WITH A BUSINESS RELATIONSHIP

2.1 Contact by e-mail, telephone or contact form

You can contact us via our website using the e-mail addresses and telephone numbers we provide. If you make use of this option, your personal data transmitted with the e-mail or by telephone call will be processed. Alternatively, a contact form is available on our website. If you send us an enquiry in this way, the data you enter in the input mask will be processed by us. Fields marked with an asterisk are mandatory fields, the remaining information is voluntary.

If the purpose of contacting you is to conclude a contract or if your contact is about an existing contract, article 6 (1) (b) GDPR is the legal basis for the processing. The legal basis for processing your data in the other cases is article 6 (1) (f) GDPR. The legitimate interest in these cases results from the fact that we can only conduct the action requested by you (e.g., answering enquiries) by processing your data accordingly.

In the course of processing your enquiry, your data will be transferred to our IT and marketing service providers as well as to our employees who process your enquiry.

2.2 Maintaining and performing contractual relationships

Additionally, we might process your personal data

  • To administer and manage our relationship with you, including to contact you periodically to ask you to correct/update the information we hold about you and/or to confirm your preferences;
  • To comply with any contract between us;
  • To notify you about changes to our services.
  • To allow us to comply with a legal obligation on us.

The legal basis for processing is article 6 (1) (b) GDPR it is necessary for the performance of a contract between us for the provision of services or in order to take steps at your request prior to entering into such a contract, or article 6 (1) (c) GDPR if it is necessary for us to comply with a legal obligation on us. If it is necessary for the purposes of the legitimate interests of pursuing and developing our business, where such interests are not overridden by your rights or interests, the legal basis is article 6 (1) (f) GDPR.

In the course of processing, your data may be transferred to our IT and marketing service providers as well as to our employees who process your enquiry.

 

3. SENDING NEWSLETTERS AND MARKETING MATERIAL TO YOU

You may receive marketing communications from us, e.g., to provide you with information about the services we offer where we think this may be of interest to you about:

  • if you have specifically requested that information from us, e.g., by signing up for our newsletter; or
  • by email, text or post, if you are a customer of Medix services (or an employee or director of a customer) and you have not opted out of receiving that marketing; or
  • by post, if you have not opted out of receiving that marketing.

The legal basis for processing your data for sending the marketing communications, for which we do not require consent, is article 6 (1) (f) GDPR. Our legitimate interests are to send you advertising in the form of direct marketing in the context of the existing contractual relationship between you and us.

The legal basis for the communications you requested or the newsletter you signed up for is your consent pursuant to article 6 (1) (a) GDPR.

We pass on your data strictly for the intended purpose, if at all necessary, and only to the extent required within the framework of data processing agreements and to our IT service providers.

Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time using the contact details set out under Contact Us.

We store your data until you ask us to stop sending marketing messages.

While we will follow any marketing preferences you have advised to us, in addition we may use various profiling tools to help us determine people’s interests which we may then use to try to direct marketing materials to you only when we believe they will be appropriate for, and of interest to, you. You can opt out of this profiling by contacting us at any time using the contact details set out under Contact

Please note that we are not able to send marketing information to anyone under 16 without parental/guardian consent. Accordingly, we may ask for confirmation of age from anyone requesting/signing up to receiving any marketing materials from us.

4. OUR PRESENCE ON SOCIAL MEDIA

Medix operates several profiles on social media. We would like to point out that you use the social media platforms, our pages and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

4.1 Facebook

Medix operates a profile on the social network Facebook of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). Together with Facebook, we are jointly responsible for the processing of so-called “Insights data” in this context, insofar as this data is used for the creation of so-called “Page Insights”. Facebook and we have concluded an agreement within the scope of joint responsibility, which you can access here: https://www.facebook.com/legal/terms/page_controller_addendum. “Page Insights” include analytics services that help us to better understand interactions with our Facebook page. When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is present on your system. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page. We do not receive any personal data from Facebook in this context. If you are logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that you have visited our website and how you have used it.

In addition to the aforementioned processing of Insights Data, we are generally solely responsible for any further processing by us (for example, if you contact us via Facebook and we process your data to respond to your enquiry).

The legal basis of the processing for the purpose of answering inquiries that serve a future conclusion of a contract and are initiated by you is article 6 (1) (b) GDPR and in other cases article 6 (1) (f) GDPR. The legitimate interests regarding the processing of personal data when visiting the site and the creation of the “Page Insights” are communication and interaction with interested parties and customers; dissemination of information; anonymised evaluation and presentation of the use of our Facebook pages.

Facebook processes the data collected about you in this context and, where applicable, may transfer the data to countries outside the EU. The transfer is secured by an order processing agreement and the conclusion of the EU standard contractual clauses, which allow a transfer to so-called third countries outside the EU in individual cases. Further information about Facebook’s data protection practices can be found here https://www.facebook.com/about/privacy/. Facebook’s full data policies can be found here https://de-de.facebook.com/full_data_use_policy.

4.2 LinkedIn

Medix operates a profile on the social media platform LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Together with LinkedIn, we are jointly responsible for the data processing procedures in connection with a visit to or interaction with our LinkedIn profile, but only to the extent that such data is also processed for “Page Insights”. Medix and LinkedIn have concluded an agreement as part of their joint controllership, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum. “Page Insights” comprise analytics services that help the operator of a LinkedIn profile to better understand interactions with its LinkedIn profile. The purpose of the data processing is to generate aggregate statistics for LinkedIn profile operators. When you visit our LinkedIn profile, LinkedIn collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of our LinkedIn profile, with statistical information about the use of the LinkedIn profile. We do not receive any personal data from LinkedIn in this context.

In addition to the processing mentioned above, we are solely responsible for any further processing by us (for example, if you contact us via LinkedIn and we process your data to respond to your inquiry).

The legal basis of the processing for the purpose of answering inquiries that serve a future conclusion of a contract and are initiated by you is article 6 (1) (b) GDPR and in other cases article 6 (1) (f) GDPR. The legitimate interests regarding the processing of personal data when visiting the site and the creation of the “Insights data” are Communication and interaction with interested parties and customers; dissemination of information; anonymised evaluation and presentation of the use of our LinkedIn profile.

LinkedIn users can influence the extent to which their user behaviour may be recorded when visiting our LinkedIn profile under the settings. The processing of information by means of the cookies used by LinkedIn can also be prevented by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings. You have the option to delete comments and reactions on LinkedIn.

Your data is transmitted to LinkedIn, and under certain circumstances also to the USA. The transfer is secured by a data processing agreement and the conclusion of the EU standard contractual clauses, which in individual cases allow a transfer to so-called third countries outside the EU. Further information on data protection at LinkedIn can be found here https://www.linkedin.com/legal/privacy-policy#choices-oblig.

4.3 YouTube

Medix operates a channel on Google’s YouTube platform with its European headquarters at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

Beyond enabling data processing in connection with the YouTube page, Medix has no influence on the type and scope of the data processed by YouTube, the type of processing and use or the transfer of this data to third parties. Medix also has no further effective control options in this respect. Google processes your voluntarily entered data such as name and username, email address, telephone number or the contacts in your address book when you upload or synchronise this. Google also evaluates the content you share to determine what topics you are interested in, processes messages you send directly to other users, and may use GPS data, wireless network information or your IP address to determine your location in order to serve you advertising or other content.

We only receive non-personal activity information, such as the number of profile or like clicks from a particular activity, is viewable by us through the YouTube account.

Medix is solely responsible for certain data processing. We process the following data for communication with YouTube users in order to offer our information service:

  • User interactions (postings, likes, viewing a video, etc.),
  • Profile name and data provided by the user in the course of the conversation, e.g., for processing service requests, and
  • Statistical data on user interactions in aggregated form, i.e., without personal reference for Medix (e.g., number of impressions of a video, number of interactions, number of detailed extensions, number of likes and dis-likes).

The processing is done for the purpose of communicating with you and to publish information about events, products, and services of Medix companies. The legal basis for processing for this purpose is article 6 (1) (f) GDPR. The legitimate interest is the effective provision of information for users, customers and interested parties and communication with these persons as well as the external presentation of Medix.

If you interact with us publicly, for example by leaving a comment or “liking” a video, this data will remain publicly accessible on the site until deleted by us or you. Insofar as legal retention obligations require longer storage, your data will only be stored for this purpose and blocked for other purposes.

When you use YouTube, personal data relating to you will be processed by Google and, where applicable, transferred to the USA and stored and used there. In these cases, Google has concluded the standard data protection clauses of the EU Commission with the US Google companies, which legitimise a third-country transfer of personal data in individual cases. YouTube describes in general terms what information it receives and how it is used at https://policies.google.com/privacy?hl=de&gl=de.

YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:

  • to request access to your personal data . This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
  • to request erasure of your personal data (right to be forgotten). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. It also enables you to request that we delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
  • to object to processing of your personal data  where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
  • to request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
  • to request transfer of your personal data to you or to a third party (right to data portability). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note however that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; or
  • to withdraw consent at any time where we are relying on consent to process your personal data.  However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
  • to not be subject to decisions based solely on automated processing. Where certain decisions on our part are based solely on automated processing – including user profiling – you have the right not to be subject to such a decision which produces legal effects concerning you or similarly significantly affects you.
  • to lodge a complaint with a supervisory authority. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the provisions of data protection law, including the GDPR.
 

If you wish to exercise any of the rights set out above, please contact us by using the contact details set out under Contact Us below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you wish to exercise any of those rights, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

ACCURACY OF PERSONAL DATA

We try to ensure that the information we hold about you is accurate and kept up to date by contacting you at regular intervals. However, if in the meantime you believe that any information, we are holding about you is inaccurate, out-of-date, or incomplete, please contact us by using the contact details as set out below (see Contact Us). We will promptly correct or delete any information found to be incorrect.

SECURITY

We have put in place what we consider to be appropriate security measures against unlawful or unauthorised processing of your personal data we hold, and against the accidental loss of, or damage to, your personal data.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DISCLOSURE OF YOUR PERSONAL INFORMATION

We may disclose your personal data to third parties who are providing services to us. We may also disclose personal data we hold to third parties:

  • in the event that we sell any business or assets, in which case we may disclose personal data we hold to the prospective buyer of such business or assets; and/or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This could include for example exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

To the extent we transfer any of your personal data to any third party, we will only do so if that third party puts in place appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, the personal data.

TRANSFERRING PERSONAL DATA OUTSIDE THE EEA

If we transfer any of your personal data outside the Jurisdiction in order to provide Services, we will ensure that all applicable safeguards and measures are implemented in compliance with local requirements. The security of the transfer is principally ensured by so-called standard contractual clauses and other measures, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the guarantees in place are not sufficient to ensure an adequate level of security, your consent pursuant to article 49 (1) GDPR may serve as the legal basis for the transfer to third countries.

RETENTION OF DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

To the extent we transfer any of your personal data to any third party, we will only do so if that third party puts in place appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, the personal data.

OBLIGATION TO PROVDE YOUR PERSONAL DATA

Unless indicated otherwise there is no contractual or legal obligation for you to provide your data. Without the provision, however, the functionality of our website is not guaranteed. In addition, individual services may not be available or may be limited.

COOKIES

Our website uses cookies. For detailed information on the cookies we use and the purposes for which we use them please refer to our Cookie Policy.

Links To Other Websites

Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes To This Policy

We may make changes to this privacy policy at any time. Any changes we make will be posted on this page and, where appropriate, notified to you in writing. Please refer back to this page regularly to see any changes or updates to this policy.

Contact Us

You may contact us at Medix Medical Services Europe Limited, 118 Piccadilly, London, W1J 7NW or by email to info@medix-global.com.

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal information has been handled, please do so in writing and address this by post to Data Protection Compliance Manager at Medix Medical Services Europe Limited, 118 Piccadilly, London, W1J 7NW or by email to info@medix-global.com.