Privacy and Cookie Policies

PRIVACY POLICY

  1. WHO ARE WE AND WHAT IS MEDALL?

1.1. We are Medicinall Limited, a company registered in Northern Ireland, with registered address at 99 Ballyclogh Road, Bushmills, BT57 8XA, and company no. NI648511 (“we”, “us”, “our”).

1.2. We are a technology company which provides a platform called “MedAll”. MedAll is a web application to enable healthcare professionals and students to connect in a professional network, to store, organise and display their professional achievements and to facilitate collaboration between, and professional matching of, users of the application based on their development needs and existing skills.

  1. WHAT IS THIS POLICY?

2.1. This policy sets out how we may use Personal Data which you upload onto or publish via MedAll.

2.2. The purpose of MedAll is to allow information to be shared with other Users. This policy only deals with our use of your Personal Data. Other Users are not bound by this privacy policy. It is up to you to decide what you want to upload onto or publish via MedAll.

2.3. We might need to change this privacy policy from time to time. If we do, we will let you know. Any changes will only to apply to the Personal Data we collect after posting the changes. So please do keep an eye on our policy before sending us any Personal Data.

  1. WHY ARE WE PROCESSING PERSONAL DATA ABOUT YOU?

3.1. In order to use MedAll, you will be required to set up a User Account. To set up the account, you will need to give us Personal Data relating to you (such as details about who you are and where you work). This information is required in order to enable us to make MedAll work.

3.2. We will process the data you upload or publish as a ‘Controller’. This means that we have certain responsibilities to you under EU and UK data protection law, including to make sure that we respect your right as a Data Subject, in respect of that data. If you’d like to know more about those rights, please have a look at paragraph 13 below.

3.3. We are processing Personal Data about you on the basis that you have asked to receive our services. In some cases (such as dispute resolution, fraud prevention or to meet our regulatory requirements) we are processing your data on the basis of legitimate interest).

3.4. If you have any questions about how we process Personal Data relating to you, you can contact our Data Protection Officer by email: hello@MedAll.org or by writing to us at the address in paragraph 1.1 above.

  1. WHAT DO THE DEFINED TERMS IN THIS POLICY MEAN?

4.1. We’ve used some defined terms in this policy (which we capitalise each time we use). For ease, we’ve set these out below, along with their definition:

“Connecting” “Connected” “Connect”, means you agree to add a User to your network, so that they can see any posts you publish via MedAll;

“Controller” means the entity (person or company) which (or who) decides what Personal Data to collect, how the data should be collected and what uses to make of it;

“Data Protection Officer” is the individual who has been designated in our company to respond to any queries or requests relating to Personal Data and to make sure our company is doing everything it can to meet its data protection obligations;

“Personal Data” means data which can be used to identify an individual;

“Public Profile” means any information which you have uploaded on your User Account or published via MedAll, unless you specifically made it ‘private’;

“User” means anyone using MedAll;

“User Account” means an account set up by a User on MedAll.

  1. WHAT PERSONAL DATA RELATING TO ME IS COLLECTED AND STORED ON MEDALL?

5.1 Personal Data relating to you may be uploaded to MedAll and stored on our servers, in the following situations:

(i) Information which you upload when you set up a User Account or use MedAll. This might include: • your name, contact information (including an email) and a photograph; • your financial details (if you want to avail of any premium features); • your account preferences and settings; • information about your previous and current jobs and experience; • information about your qualifications and achievements; • where you currently work; • any information in your posts and blogs; • messages you send using MedAll; and • requests and feedback for collaboration projects you would like to be or have been involved in.

(ii) Information which other Users upload on to MedAll about you. This might include: • details on achievements you have worked on with that user including but not limited to publications, audits, research and presentations • feedback on a collaboration project; and • messages you receive using MedAll.

(iii) We may also collect information about: • how you use MedAll (including your user preferences and interests); • any in-app purchases you make; • details about the device you use to access MedAll; • which Users you have CONNECTED with in your network; and • any information you give us when you contact us.

  1. WHO HAS ACCESS TO MY USER ACCOUNT?

6.1. We have access to your User Account (including your Public Profile along with any other information you upload on to MedAll). We will only access your User Account to the extent required to provide our services (which might include support and maintenance), though we also reserve the right to access your User Account to check if you are using MedAll in compliance with our Terms of Use, to resolve disputes or if required to do so by law, and to collect aggregate (anonymised data).

6.2 Other Users are permitted to see your Public Profile, and, if you have agreed to Connect with them in your network, any posts you publish. They are not given any access to your User Account.

  1. HOW WILL WE USE ANY PERSONAL DATA WHICH WE COLLECT ABOUT YOU?

7.1 We may use any Personal Data which we collect about you for the following purposes:

(i) OUR SERVICES: to provide you with MedAll (which may include support and maintenance of your account on MedAll as well as administration and dispute resolution). As part of our services, we may suggest Users to each other who have similar interests or experience to, we may also suggest ways to improve your Public Profile or use of MedAll, as well as potential collaboration partners.

(ii) ANALYSIS: MedAll allows us to record certain demographics, which we might use to decide which adverts to publish on your newsfeed or (if you’ve consented to it) to send to you. This would be done by using key words which you put into your Full Profile or publish on MedAll, and would not involve us transferring Personal Data relating to you to third parties.

(iii) DIRECT MARKETING: if you’ve agreed to receive the same, we may send out promotional emails about news, research, new products, special offers or other information which we think you may find interesting using the email address which you have provided.

(iv) MARKET RESEARCH: We may also use aggregate (non-personal) data for market research purposes.

  1. WILL WE DISCLOSE ANY PERSONAL DATA WHICH WE HOLD ABOUT YOU TO ANYONE ELSE?

Other Users

8.1 The purpose of MedAll is to enable you to share information with and Connect with other Users in your network. Have a look at paragraph 9 below which sets out what of your information is accessible to other Users.

8.2 We may notify other Users if your Public Profile includes details which meet their collaboration criteria, in which case we may send them your Public Profile and email address. You may opt out of this function at any point. If you’re not sure how – send us an email to hello@MedAll.org and we’ll let you know.

Third Parties

8.3 We may disclose Personal Data relating to you to third parties, for the following purposes:

• To our licensors, employees and third parties who are contracted to help us to provide MedAll. Any such licensors, employees and/or data processors contracted by us will be subject to strict contractual requirements only to use Personal Data relating to you in accordance with our privacy policy.

• If we are under a duty to disclose or share Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements or to protect the operation of our website, or the rights, property, or safety of us, our customers, or others.

  1. WHO ARE THE OTHER USERS ON MEDALL AND WHAT CAN THEY SEE?

9.1. MedAll is only intended for use by healthcare professionals and healthcare students. All Users must set up a User Account on the platform and provide certain details (such as their name and where they work) which are displayed in their Public Profile. We also require Users to provide their General Medical Council number, photographic ID or a copy of their degree/GMC certificate as a step to help verify who they are. However, we don’t vet our Users and so can’t guarantee that Users are who they claim to be.

9.2. If you set up a User Account with MedAll, all other Users of MedAll, may be able to see your Public Profile and (unless you opt out) may receive notifications from us about you if you meet their collaboration criteria.

9.3. Only Users who you have Connected with will have access to any posts you publish via MedAll.

  1. WHAT SECURITY PROCEDURES DO WE HAVE IN PLACE?

We are committed to ensuring that any Personal Data which we hold is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

For example:

We make sure that any ‘processors’ (such as Mailgun, Mailchimp and Amazon Web Services) we use have a strong reputation for data security and are contractually obliged to implement adequate security measures to safeguard the data held.

  1. WHERE DO WE STORE THE PERSONAL DATA WE COLLECT?

11.1 Our servers are currently based in the UK and Europe, which means that any data uploaded on to MedAll will be held on a cloud server in the UK and Europe. Unless you request us to, or it is strictly required in order to provide our services to you, we will not transfer any such data outside of Europe.

11.2 If you are based outside the UK and would like further information about where we hold your data, please contact us at by email: hello@MedAll.org.

  1. FOR HOW LONG DO WE STORE YOUR DATA?

CONTENT IN YOUR USER ACCOUNT

12.1 We may retain any content which you store or upload on to your User Account (“Your Content”) for as long as you keep your User Account open. Your Content is likely to include Personal Data relating to you.

12.2 Save as set out in paragraphs 12.4 and 12.5 below, we will securely delete Your Content within 6 months of you closing your User Account.

12.3 If your User Account has been inactive for a period of 36 months, we will send you a notice asking if you would like us to close your User Account. If we receive no response or confirmation from you to close your User Account, we will do so and ensure that the Personal Data we hold about you is deleted within 6 months thereafter.

12.4 Notwithstanding the above, we may retain Personal Data which is relevant to:

• your financial transactions carried out on or in connection with MedAll for up to 7 years. Any such information will be archived and only accessed or used if required for our internal tax or accounting purposes.

• any research evidence which may be or could be used in respect of any collaborative or clinical decisions taken;

• any dispute or potential dispute involving your use of MedAll for up to 6 years. Any such information will be archived and only accessed or used if required in connection with any claim arising from such dispute or potential dispute.

      TRANSFERRED AND OTHER USER CONTENT

12.5 If you send information (which may contain Personal Data relating to you) to other Users via MedAll (“Transferred Content”) or if other Users upload information about you (by way of example they may accredit you as a co-author in a collaboration project or achievement), the retention period for such Transferred Content will be based on the recipient’s User Account (which will be subject to the same provisions set out above).

12.6 Nothing in this paragraph 12 is intended to limit, restrict or exclude any rights you have as a Data Subject. A list of those rights can be seen at paragraph 13 below.

  1. WHAT RIGHTS DO YOU HAVE IN RESPECT OF ANY PERSONAL DATA WE HOLD WHICH RELATES TO YOU?

13.1 As a Data Subject, you have certain rights in respect of the Personal Data which we hold about you, including:

• Right of access: you have the right to request a copy of the Personal Data which we hold about you; as well as confirmation of: • The purposes of the processing • The categories of personal data concerned • The recipients to whom the personal data has/will be disclosed • For how long we intend to store your personal data • If we did not collect the data directly from you, information about the source

• Right of rectification: you have the right to require us to correct any Personal Data which we hold about you which is inaccurate or incomplete.

• Right to be forgotten: in certain circumstances you can ask for the Personal Data we hold about you to be erased from our records. For example, you can ask us to erase any Personal Data which we are processing on the basis that you have consented to that processing, provided that we don’t have a separately legitimate right to retain the data. An example of this might be if we are in a dispute with you and need to retain the data to defend our case.

• Right to restriction of processing: you have the right to ask us to restrict the processing we carry out in respect of Personal Data relating to you. You might want to do this, for instance, if you think the data we hold is inaccurate and you would like us to restrict our processing until we have investigated this concern and updated if necessary.

• Right of portability: you have the right to have the Personal Data we hold about you transferred to another organisation, to the extent that you provided us with that Personal Data in a structured, commonly used and machine-readable format. Owing to our process of gathering and processing Personal Data, we don’t anticipate that this will apply to much (if any) of the Personal Data we hold.

• Right to object to direct marketing: you have the right to object to certain types of processing by us, including direct marketing.

• Right to object to automated processing, including profiling. 13.2 If you want to avail of any of these rights, you should contact us immediately at hello@MedAll.org. If you do contact us with a request, we will need evidence that you are who you say you are to ensure compliance with data protection legislation.

  1. WHAT HAPPENS IF YOU NO LONGER WANT US TO PROCESS PERSONAL DATA ABOUT YOU?

14.1 You may notify us at any time that you no longer want us to process Personal Data about you for particular purposes or for any purposes whatsoever. This may have an impact on the services you receive from us. For example, if you ask us to stop processing Personal Data about you, you will no longer be able to access your User Account since we will not be able to identify you.

14.2 A request to stop receiving direct marketing will not impact on your access to your User Account.

  1. WHO DO YOU COMPLAIN TO IF YOU’RE NOT HAPPY WITH HOW WE PROCESS YOUR PERSONAL DATA?

15.1 If you have any questions or concerns about how we are using Personal Data about you, please contact our Data Protection Officer immediately at our registered address (see paragraph 1.1 above) or by email to hello@MedAll.org

15.2 If you wish to make a complaint about how we have handled Personal Data about you, you may lodge a complaint with the Information Commissioner’s Office by following this link: https://ico.org.uk/concerns/.

COOKIES POLICY OF MEDICINALL LIMITED

We use cookies as part of our web app (“MedAll”). This policy sets out what cookies are, what cookies we use and why.

  1. WHAT IS A COOKIE?

1.1. A cookie is a small text file containing anonymous information (letters and numbers) which acts as an identifier that will be sent by our server to your computer or mobile device when you use MedAll.

1.2. By allowing us to identify you, your user experience will be improved. For instance, MedAll will be able to remember your preferred settings, user name and preferences, saving you time each time you log in.

  1. TYPES OF COOKIE

2.1 In our provision of services to you, we use both ‘essential’ and ‘non-essential’ cookies.

ESSENTIAL COOKIES Some cookies are required to perform essential functions on MedAll. We use essential cookies for the purposes such as:

· to enable you to access private information for the duration of your visit; · for the administration of our services; and · to improve those services provided by us to you. NON-ESSENTIAL COOKIES The information below explains the non-essential cookies we use and why:

COOKIE 1 OWNER COOKIE: Google Analytics COOKIE NAME: _utma COOKIE DESCRIPTION: This keeps track of the number of times a visitor has been to the site, when their first visit was, and when their last visit occurred.

COOKIE 2 OWNER COOKIE: Google Analytics COOKIE NAME: _utmb COOKIE DESCRIPTION: This creates a timestamp of the exact moment when a visitor enters site

COOKIE 3 OWNER COOKIE: Google Analytics COOKIE NAME: _utmc COOKIE DESCRIPTION: This creates a timestamp of the exact moment when a visitor leaves the site.

COOKIE 4 OWNER COOKIE: Google Analytics COOKIE NAME: _utmv COOKIE DESCRIPTION: This is used for reporting in Google Analytics classifying the visitor.

COOKIE 5 OWNER COOKIE: Google Analytics COOKIE NAME: _utmv COOKIE DESCRIPTION: This is set by Google Maps when you load a map of our location.

Please note that third parties (including for example, advertising networks and providers of external services) may also use cookies over which we have no control. Any such cookies are likely to be analytical or targeting cookies.

  1. BLOCKING COOKIES

3.1. By using MedAll, you are consenting to our use of these non-essential cookies. If you do not consent to our using non-essential cookies you may opt to block the cookies by using the appropriate setting on your browser. For more information on how to disable cookies please see: www.allaboutcookies.org.

3.2. Please note that blocking cookies could affect some of the services provided on MedAll.

  1. CHANGES TO OUR COOKIES POLICY

Any changes we may make to our cookies policy in the future will be posted on this page.

  1. CONTACT

5.1. Questions, comments and requests regarding this policy are welcomed and should be addressed to hello@MedAll.org.

Last updated: 11-Sep-2018.