- WHO ARE WE AND WHAT IS MEDALL?
- We are Medicinall Limited, a company registered in Northern Ireland, with registered address at 99 Ballyclogh Road, Bushmills, BT57 8XA, and company no. NI648511 (“we”, “us”, “our”).
- We are a technology company which provides a platform called “MedAll”. MedAll is a web application which is currently still in development.
- WHAT IS THIS POLICY?
- This policy sets out how we may use Personal Data which you upload onto or publish via MedAll.
- WHY ARE WE PROCESSING PERSONAL DATA ABOUT YOU?
- In order to stay in contact with us at MedAll we are asking for your name and email address to enable us to inform you about updates to our software and our organisation.
- We will process the data you upload or publish as a ‘Controller’. This means that we have certain responsibilities to you under EU and UK data protection law, including to make sure that we respect your right as a Data Subject, in respect of that data. If you’d like to know more about those rights, please have a look at paragraph 13 below.
- We are processing Personal Data about you on the basis that you have asked to receive our email updates. In some cases (such as dispute resolution, fraud prevention or to meet our regulatory requirements) we are processing your data on the basis of legitimate interest).
- If you have any questions about how we process Personal Data relating to you, you can contact our Data Protection Officer by email: email@example.com or by writing to us at the address in paragraph 1.1 above.
- WHAT DO THE DEFINED TERMS IN THIS POLICY MEAN?
- We’ve used some defined terms in this policy (which we capitalise each time we use). For ease, we’ve set these out below, along with their definition:
“Controller” means the entity (person or company) which (or who) decides what Personal Data to collect, how the data should be collected and what uses to make of it;
“Data Protection Officer” is the individual who has been designated in our company to respond to any queries or requests relating to Personal Data and to make sure our company is doing everything it can to meet its data protection obligations;
“Personal Data” means data which can be used to identify an individual;
“User” means anyone using MedAll or who has provided us with their details
- WHAT PERSONAL DATA RELATING TO ME IS COLLECTED AND STORED ON MEDALL?
5.1 Personal Data relating to you may be uploaded to MedAll and stored on our servers, in the following situations:
Information which you upload when you request to join our mailing list. This includes:
- your name and contact information (including an email)
We may also collect information about:
- any information you give us when you contact us.
- HOW WILL WE USE ANY PERSONAL DATA WHICH WE COLLECT ABOUT YOU?
6.1 We may use any Personal Data which we collect about you for the following purposes:
- DIRECT MARKETING: if you’ve agreed to receive the same, we may send out promotional emails about our product, or other information which we think you may find interesting using the email address which you have provided.
- WILL WE DISCLOSE ANY PERSONAL DATA WHICH WE HOLD ABOUT YOU TO ANYONE ELSE?
7.1 We may disclose Personal Data relating to you to third parties, for the following purposes:
- WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?
We are committed to ensuring that any Personal Data which we hold is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We make sure that any ‘processors’ (such as Mailchimp and Amazon Web Services) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.
- WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?
9.1 Our servers, and those of any third parties we use, are currently based in the EU, which means that any data uploaded on to MedAll will be held on a cloud server in the EU. Unless you request us to, or it is strictly required in order to provide our services to you, we will not transfer any such data outside the EU.
9.2 If you are based outside the EU and would like further information about where we hold your data, please contact us at by email: firstname.lastname@example.org
- FOR HOW LONG DO WE STORE YOUR DATA?
CONTENT IN YOUR USER ACCOUNT
- We may retain any content, which you upload on to our system (“Your Content”) until MedAll is launched. This is likely to be for a period no longer than 24 months. Your Content is likely to include Personal Data relating to you.
- Save as set out in paragraph 10.3 below, we will securely delete Your Content within 12 months of us launching MedAll.
- Notwithstanding the above, we may retain Personal Data which is relevant to:
- your financial transactions carried out on or in connection with MedAll for up to 7 years. Any such information will be archived and only accessed or used if required for our internal tax or accounting purposes.
- any dispute or potential dispute involving your use of MedAll for up to 6 years. Any such information will be archived and only accessed or used if required in connection with any claim arising from such dispute or potential dispute.
TRANSFERRED AND OTHER USER CONTENT
- Nothing in this paragraph is intended to limit, restrict or exclude any rights you have as a Data Subject. A list of those rights can be seen at paragraph 11 below.
- WHAT RIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD WHICH RELATES TO YOU?
11.1 As a Data Subject, you have certain rights in respect of the Personal Data which we hold about you, including:
Right of access: you have the right to request a copy of the Personal Data which we hold about you; as well as confirmation of:
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- For how long we intend to store your personal data
- If we did not collect the data directly from you, information about the source
Right of rectification: you have the right to require us to correct any Personal Data which we hold about you which is inaccurate or incomplete.
Right to be forgotten: in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records. For example, you can ask us to erase any Personal Data which we are processing on the basis that you have consented to that processing, provided that we don’t have a separately legitimate right to retain the data. An example of this might be if we are in a dispute with you and need to retain the data to defend our case.
Right to restriction of processing: you have the right to ask us to restrict the processing we carry out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data we hold is inaccurate and you would like us to restrict our processing until we have investigated this concern and updated if necessary.
Right of portability: you have the right to have the Personal Data we hold about you transferred to another organisation, to the extent that you provided us with that Personal Data in a structured, commonly used and machine-readable format. Owing to our process of gathering and processing Personal Data, we don’t anticipate that this will apply to much (if any) of the Personal Data we hold.
Right to object to direct marketing: you have the right to object to certain types of processing by us, including direct marketing.
Right to object to automated processing, including profiling.
11.2 If you want to avail of any of these rights, you should contact us immediately at email@example.com. If you do contact us with a request, we will need evidence that you are who you say you are to ensure compliance with data protection legislation.
- WHAT HAPPENS IF YOU NO LONGER WANT US TO PROCESS PERSONAL DATA ABOUT YOU?
12.1 You may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example, if you ask us to stop processing Personal Data about you, you will no longer be able to receive updates from us.
- WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?
13.1 If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to firstname.lastname@example.org
13.2 If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.
Last updated: 03-May-2018.