Privacy and Cookie Policies

MedAll - Privacy Policy

MedAll - Privacy Policy

  1. WHO ARE WE AND WHAT IS MEDALL?

1.1. We are Medicinall Limited, a company registered in Northern Ireland, with registered address at 99 Ballyclogh Road, Bushmills, BT57 8XA, and company no. NI648511 (“we”, “us”, “our”).

1.2. We are a technology company which provides a platform called “Medall”. Medall is a web application to enable healthcare professionals and students to connect in a professional network, to store, organise and display their professional achievements and to facilitate collaboration between, and professional matching of, users of the application based on their development needs and existing skills. Medall also enables healthcare organisations (“Organisational Users”) to promote their organisational aims, to communicate with members, to offer training, content, poster halls, certificates and events to members and to participate in discussions and development involving matters of healthcare.

  1. WHAT IS THIS POLICY?

2.1. This policy sets out how we may use Personal Data which you upload onto or publish via Medall.

2.2. The purpose of Medall is to allow information to be shared with other Users which might include Organisational Users if you choose to be Added to an Organisational Account. This policy only deals with our use of your Personal Data. Other Users are not bound by this privacy policy. It is up to you to decide what you want to upload onto or publish via Medall.

2.3. We might need to change or update this privacy policy from time to time. If we do, we will let you know. Any changes will only apply to the Personal Data we collect after posting the changes. So please review our privacy policy from time to time before sending us any Personal Data.

WHY ARE WE PROCESSING PERSONAL DATA ABOUT YOU?
3.1. In order to use Medall, you will be required to set up a User Account and where applicable, an Organisational Account. To set up the account, you will need to give us Personal Data relating to you (or in the case of an Organisational Account, your Organisational Users) (such as details about who you are and where you work). This information is required in order to enable us to make Medall work.

3.2. We will process the data you upload or publish as a ‘Controller’. This means that we have certain responsibilities to you under EU and UK data protection law, including to make sure that we respect your right as a Data Subject, in respect of that data. If you’d like to know more about those rights, please have a look at paragraph 13 below.

3.3. If you have any questions about how we process Personal Data relating to you, you can contact our Data Protection Officer by email: dpo@Medall.org or by writing to us at the address in paragraph 1.1 above.

WHAT DO THE DEFINED TERMS IN THIS POLICY MEAN?
4.1. We’ve used some defined terms in this policy (which we capitalise each time we use). For ease, we’ve set these out below, along with their definition:

“Adding” “Added” “Add”, means you agree to add a User and/or Organisational User to your network, so that they can see any posts you publish via Medall;

“Controller” means the entity (person or company) which (or who) decides what Personal Data to collect, how the data should be collected and what uses to make of it;

“Data Protection Officer” is the individual who has been designated in our company to respond to any queries or requests relating to Personal Data and to make sure our company is doing everything it can to meet its data protection obligations;

“Organisational Account” means any account on Medall set up by or on behalf of a healthcare organisation;

**““Organisational Users” **means any user of an Organisational Account on Medall;

“Personal Data” means data which can be used to identify an individual;

“Public Profile” means any information which you have uploaded on your User Account or published via Medall, unless you specifically made it ‘private’;

“User” means anyone using Medall which may include individual Users and Organisational Users;

“User Account” means an account set up by a User on Medall which may include an Organisational Account.

  1. WHAT PERSONAL DATA RELATING TO ME IS COLLECTED AND STORED ON MEDALL?

5.1 Personal Data relating to you may be uploaded to Medall and stored on our servers, in the following situations:

(i) Information which you upload when you set up a User Account, an Organisational Account or use Medall. This might include:

  • your name, contact information (including an email) and a photograph;
  • your financial transaction and payment details (if you want to avail of any premium features);
  • your account preferences and settings;
  • information about your previous and current jobs and experience;
  • information about your qualifications and achievements;
  • where you currently work;
  • any information in your posts, posters, comments and blogs;
  • messages you send using Medall;
  • training information in any assessments, feedback or logbook entry you enter on Medall
  • feedback on Organisational User events you have attended; and
  • requests and feedback for collaboration projects you would like to be or have been involved in.

(ii) Information which other Users upload on to Medall about you. This might include:

  • feedback on a collaboration project;
  • feedback or ratings on your training assessments, logbook entries or feedback forms that you have sent for approval to other people using Medall
  • your responses to feedback forms for Organisational User’s events;
  • certificates of your attendance/completion of an Organisational User’s events;
  • poster and abstract information that Organisational Users or other users may upload; and
  • messages or communications you receive using Medall.

(iii) We may also collect information about:

  • how you use and interact with Medall (including your user preferences and interests – some of this information (e.g. your IP address and login data is automatically collected by us when you interact with Medall );

  • any in-app purchases you make via Medall;

  • details about the device you use to access Medall;

  • which Users you have Added to your network; and

  • any information you give us when you contact us.

Some of this data may be collected through the cookies we use or other technology. If you would like to know more about our cookies policy, please click here.

WHO HAS ACCESS TO MY USER ACCOUNT?
6.1. We have access to your User Account (including both your Public Profile and any other information you upload on to Medall). We will only access your User Account to the extent required to provide our services (which might include support and maintenance), though we also reserve the right to access your User Account to check if you are using Medall in compliance with our Terms of Use, to resolve disputes or if required to do so by law, and to collect aggregate (anonymised data).

6.2 Other Users (which may include Organisational Users) are permitted to see your Public Profile, posters you upload and any posts you publish, your communications with them and any content or information that you send or share with them. They are not given any access to your User Account. Organisational users can access the content and results of any assessment, certificate or anonymised feedback form you complete as part of that organisation, and any certificates awarded by that organisation

6.3 If you choose not to keep your poster private the general public can view your posters and abstracts.

  1. HOW DO WE USE THE PERSONAL DATA WE HOLD AND WHAT IS OUR LAWFUL BASIS FOR DOING SO?

7.1 We may use any Personal Data which we collect about you for the following purposes:

(i) OUR SERVICES: to provide you with Medall which enables you to conduct assessments, view content, store achievements, receive certificates, display posters, connect and communicate with other Users (this may include support and maintenance of your account on Medall or facilitating payment if you have opted to use a paid-for function on Medall, as well as administration and dispute resolution). As part of our services, we may suggest Users to each other who have similar interests or experience to you, we may also suggest ways to improve your Public Profile or use of Medall, as well as potential collaboration partners. Any such use would be to the extent necessary for the performance of our contract with you.

(ii) MANAGE OUR RELATIONSHIP WITH OUR USERS. This may include notifying Users of updates to our services or software or updates to our privacy policy. This is necessary to protect our legitimate interests of running our business.

(iii) ANALYSIS: Medall allows us to record certain demographics, which we might use to decide which adverts to publish on your newsfeed or (if you’ve consented to it) to send to you. This would be done by using key words which you put into your Public Profile or publish on Medall, and would not involve us transferring Personal Data relating to you to third parties. Generally we will rely on the fact that this is necessary to protect our legitimate interests of running our business, however where required by law we will obtain your consent.

(iv) DIRECT MARKETING: if you’ve agreed to receive the same, we may send out promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided. We will always include the right to opt out in any such correspondence. Generally we will rely on the fact that this is necessary to protect our legitimate interests of running our business, however where required by law we will obtain your consent.

(v) FOR ADMINISTRATION AND DISPUTE RESOLUTION PURPOSES. This may include processing Personal Data to meet our internal administration requirements and for matters such as dispute resolution. This is necessary to protect our legitimate interests of running our business.

(vi) We may use usage data TO MONITOR ACCOUNT USAGE AND MANAGE DISPUTES. Such use is necessary for us to achieve our legitimate interest of protecting the integrity of Medall. If a User does not use Medall in accordance with our terms of use, we may cease allowing them to access Medall and we may pass on the User’s details if such activities are or are likely to be in breach of someone else’s rights of privacy, intellectual property rights or any other lawful rights.

(vii) MARKET RESEARCH: We may also use aggregate (non-personal) data for market research purposes.

  1. WILL WE DISCLOSE ANY PERSONAL DATA WHICH WE HOLD ABOUT YOU TO ANYONE ELSE?

Other Users

8.1 The purpose of Medall is to enable Users to learn, train and connect with other Users and to share information with and Add other Users to their network. Have a look at paragraph 9 below which sets out what aspects of your information is accessible to other Users.

8.2 We may notify other Users if your Public Profile includes details which meet their collaboration or membership criteria, in which case we may send them your Public Profile and email address. You may opt out of this function at any point. If you’re not sure how – send us an email to dpo@Medall.org and we’ll let you know.

Third Parties

8.3 We may disclose Personal Data relating to you to third parties, for the following purposes:

  • To our licensors, employees and third parties who are contracted to help us to provide Medall. Any such licensors, employees and/or data processors contracted by us will be subject to strict contractual requirements only to use Personal Data relating to you in accordance with our privacy policy.

  • If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, our customers, or others.

  • If you purchase or use third party services or products that feature or are advertised on Medall. Please note that when you purchase or use such third party services or products, the third party’s terms and conditions and privacy policy will govern your use of such services or products.

This privacy policy only deals with how we handle Personal Data. Other Users are not bound by this privacy policy. You should only upload information onto Medall that you are comfortable to share (or have shared) with other people.

WHO ARE THE OTHER USERS ON MEDALL AND WHAT CAN THEY SEE?
9.1. Medall is only intended for use by healthcare organisations, professionals and healthcare students. All Users must set up a User Account (and where applicable an Organisational Account) on the platform and provide certain details (such as their name and where they work) which are displayed in their Public Profile. We also require Users to provide their General Medical Council number as a step to help verify who they are. However, we don’t vet our Users and so can’t guarantee that Users are who they claim to be.

9.2. If you set up a User Account with Medall, all other Users of Medall, may be able to see your Public Profile and (unless you opt out) may receive notifications from us about you if you meet their collaboration criteria. You may also receive an invite from an Organisational User to join that organisation from your User Account, as a member or administrator, or to upload a shareable poster to an event if you are participating as a poster presenter/author or other participant at their events or you may request that an Organisational User Add you to their account (for example if their events are of interest to you).

9.3. Other users and in some circumstances, for example in virtual poster halls, non-users will have access to any posts or comments you publish via Medall.

  1. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?

We are committed to ensuring that any Personal Data which we hold is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

For example:

We make sure that any ‘processors’ (such as Mailgun, Intercom, Mailchimp and Amazon Web Services) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.

There are some steps you can take to help make sure that your data is protected. You should keep any passwords associated with your User Account secure and you should ensure that you understand who can access the data you upload on to your User Account or contribute to another User’s Account before you upload any information which might be shared with others. For more information on this, please have a look at section 9 above.

  1. WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?

11.1 Our servers are currently based in the UK, which means that any data uploaded on to Medall will be held on a cloud server in the UK. Unless you request us to, or it is strictly required in order to provide our services to you, we will not transfer any such data outside the UK.

11.2 If you are based outside the UK and would like further information about where we hold your data, please contact us at by email: dpo@Medall.org.

  1. FOR HOW LONG DO WE STORE YOUR DATA?

CONTENT IN YOUR USER ACCOUNT

12.1 We may retain any content which you store or upload on to your User Account (“Your Content”) for as long as you keep your User Account open. Your Content is likely to include Personal Data relating to you.

12.2 Save as set out in paragraphs 12.4 and 12.5 below, we will securely delete Your Content within 6 months of you closing your User Account. Note that other Users will continue to have access to communications between you and any content or information which you share with them whilst you were a Medall User. Organisational Users will also retain certain information about you such as any certificates, assessments and feedback forms they issued to you as record of your attendance or completion of their events or training programmes. See section 12.5 below for more information on content you share with other Users.

12.3 If your User Account has been inactive for a period of 36 months, we may send you a notice asking if you would like us to close your User Account. If we receive no response or confirmation from you to close your User Account, we may do so and ensure that the Personal Data we hold about you is deleted within 6 months thereafter.

12.4 Notwithstanding the above, we may retain Personal Data which is relevant to:

  • your financial transactions carried out on or in connection with Medall for up to 7 years. Any such information will be archived and only accessed or used if required for our internal tax or accounting purposes.
  • any research evidence which may be or could be used in respect of any collaborative or clinical decisions taken;
  • any dispute or potential dispute involving your use of Medall for up to 6 years. Any such information will be archived and only accessed or used if required in connection with any claim arising from such dispute or potential dispute.

TRANSFERRED AND OTHER USER CONTENT

12.5 If you send information (which may contain Personal Data relating to you) to other Users via Medall (“Transferred Content”) or if other Users upload information about you (by way of example they may accredit you as a co-author in a collaboration project or issue you with a certificate of your attendance/completion of one of their events), the retention period for such Transferred Content will be based on the recipient’s User Account (which will be subject to the same provisions set out above).

12.6 Nothing in this paragraph 12 is intended to limit, restrict or exclude any rights you have as a Data Subject. A list of those rights can be seen at paragraph 13 below.

  1. WHAT RIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD WHICH RELATES TO YOU?

13.1 As a Data Subject, you have certain rights in respect of the Personal Data which we hold about you, including:

  • Right of access: you have the right to request a copy of the Personal Data which we hold about you; as well as confirmation of:

  • The purposes of the processing

  • The categories of personal data concerned

  • The recipients to whom the personal data has/will be disclosed

  • For how long we intend to store your personal data

  • If we did not collect the data directly from you, information about the source

  • Right of rectification:** you have the right to require us to correct any Personal Data which we hold about you which is inaccurate or incomplete.

  • Right to be forgotten: **in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records. For example, you can ask us to erase any Personal Data which we are processing on the basis that you have consented to that processing, provided that we don’t have a separately legitimate right to retain the data. An example of this might be if we are in a dispute with you and need to retain the data to defend our case.

  • Right to restriction of processing: you have the right to ask us to restrict the processing we carry out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data we hold is inaccurate and you would like us to restrict our processing until we have investigated this concern and updated if necessary.

  • Right of portability: you have the right to have the Personal Data we hold about you transferred to another organisation, to the extent that you provided us with that Personal Data in a structured, commonly used and machine-readable format. Owing to our process of gathering and processing Personal Data, we don’t anticipate that this will apply to much (if any) of the Personal Data we hold.

  • Right to object to direct marketing: you have the right to object to certain types of processing by us, including direct marketing.

  • Right to object to automated processing, including profiling.

13.2 If you want to avail of any of these rights, you should contact us immediately at dpo@Medall.org. If you do contact us with a request, we will need evidence that you are who you say you are to ensure compliance with data protection legislation.

  1. WHAT HAPPENS IF YOU NO LONGER WANT US TO PROCESS PERSONAL DATA ABOUT YOU?

14.1 You may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example, if you ask us to stop processing Personal Data about you, you will no longer be able to access your User Account since we will not be able to identify you.

14.2 A request to stop receiving direct marketing will not impact on your access to your User Account.

  1. WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?

15.1 If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to dpo@Medall.org

15.2 If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns.

Last updated: 12-02-2021.

MedAll - Cookie Policy

COOKIE POLICY

Last updated April 20, 2022



This Cookie Policy explains how Medicinall Ltd T/A MedAll ("Company", "we", "us", and "our") uses cookies and similar technologies to recognize you when you visit our websites at https://medall.org, ("Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, Medicinall Ltd T/A MedAll) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Websites for advertising, analytics and other purposes. This is described in more detail below.

The specific types of first and third party cookies served through our Websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com.

The specific types of first and third party cookies served through our Websites and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

Essential website cookies:

These cookies are strictly necessary to provide you with services available through our Websites and to use some of its features, such as access to secure areas.

Name:JSESSIONID
Purpose:Used to maintain an anonymous user session by the server in Java™ 2 Platform Enterprise Edition web applications. It is a necessary cookie that expires at the end of a session.
Provider:.nr-data.net
Service:JavaServer Pages Technologies View Service Privacy Policy  
Country:__________
Type:http_cookie
Expires in:session

Name:__tlbcpv
Purpose:Used to record unique visitor views of the consent banner.
Provider:.termly.io
Service:Termly View Service Privacy Policy  
Country:United States
Type:http_cookie
Expires in:1 year

Advertising cookies:

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Name:VISITOR_INFO1_LIVE
Purpose:YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. Used by Google in combination with SID to verify Google user account and most recent login time.
Provider:.youtube.com
Service:YouTube View Service Privacy Policy  
Country:United States
Type:server_cookie
Expires in:5 months 27 days
Name:YSC
Purpose:YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. Used by Google in combination with SID to verify Google user account and most recent login time.
Provider:.youtube.com
Service:YouTube View Service Privacy Policy  
Country:United States
Type:http_cookie
Expires in:session

Unclassified cookies:

These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.

Name:usr
Purpose:Communication with users
Provider:.medall.org
Service:Umso View Service Privacy Policy  
Country:United States
Type:server_cookie
Expires in:11 months 30 days
Name:_med_all_session
Purpose:__________
Provider:organisation.medall.org
Service:__________  
Country:United States
Type:http_cookie
Expires in:session

What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Websites or opened an e-mail including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

Do you use Flash cookies or Local Shared Objects?

Websites may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.

If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel. You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).

Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.

Do you serve targeted advertising?

Third parties may serve cookies on your computer or mobile device to serve advertising through our Websites. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other details that directly identify you unless you choose to provide these.

How often will you update this Cookie Policy?

We may update this Cookie Policy from time to time in order to reflect, for example, changes to the cookies we use or for other operational, legal or regulatory reasons. Please therefore re-visit this Cookie Policy regularly to stay informed about our use of cookies and related technologies.

The date at the top of this Cookie Policy indicates when it was last updated.

Where can I get further information?

If you have any questions about our use of cookies or other technologies, please email us at hello@medall.org or by post to:

Medicinall Ltd T/A MedAll
Ormeau Baths
Belfast, Northern Ireland BT2 8HS
United Kingdom
.