MEDIZZY PRIVACY & DATA PROTECTION RULES
I. Collection of personal data
- We, that is MEDizzy Ltd., Company number 10143587, are the data controller responsible for your personal data collected via the Application or Site (the “Controller”). You can contact us by e-mail firstname.lastname@example.org or by post to the following address: Craven House, Ground Floor, 40-44, Uxbridge Road, London, United Kingdom, W5 2BS.
- As the Controller, we have appointed the Data Protection Officer (“DPO”). You can contact the DPO by e-mail sent to the following address: email@example.com or by post to the following address: Craven House, Ground Floor, 40-44, Uxbridge Road, London, United Kingdom, W5 2BS with a note “DPO”.
- We obtain your personal data mostly directly form you. Your personal data may also be provided to us by third parties at your request. This applies to the situation in which you want to register in our site (medizzy.com, the “Site”) or use our MEDizzy mobile application (the “Application”) using the social media functionality or services of our associated partners (hereinafter referred to as “Associates”) such as:
- For the purpose of this document, we will refer to you as the “User”, even if you are not the member of our society yet.
II. Scope of processed personal data
- For the purpose of providing you with the opportunity to register on the Site or in the Application and the opportunity to subscribe to our newsletter, if we decide to provide that functionality, first of all we process the following personal data:
- your e-mail address;
- your name;
- information on your educational/professional status.
- Apart from data as specified directly above, depending on which functionalities of the Site/Application you use (as soon as we decide to provide them) we may collect different kinds of information from or about you. Some of them, in some circumstances, may be your personal data, as “personal data” means any information relating to an identified or identifiable natural person. For example:
- things you do and information you provide. You provide us those information when you use our Site/Application. This can include information such as your location, habits (types of content you view or engage with or the frequency and duration of your activities), occupation, place of work, university you attend to;
- information other people provide about you;
- your connections, groups you participate in, networks;
- financial information related to transaction you make via our Site/Application. This may include your credit or debit card number and other card information, account number, authentication information;
- billing, shipping and contact details, if you use functionality related to sales;
- information from or about the computers, phones, or other devices where you install Application or access our Site, which may include your location, telecommunication operator you are using, phone number or IP address;
- information from third-party partners. We receive information about you and your activities on and off our Site/Application from third-party partners, such as information from Associates, an advertiser or a sponsor about your experiences or interactions with them;
- history of your communication with us;
- consents you have given in relation with the Site/Application.
- Submitting of personal data by the User for the purpose of registration is voluntary. It is, however, necessary in order for the User to make use of the full range of services and functionalities of the Site/Application.
III. Use of personal data
- We process your personal data to ensure the functionality of our Application/Site in accordance with MEDizzy Terms and Conditions and in accordance with the MEDizzy Newsletter Rules (once we decide to provide that). This includes, in particular, providing you with the opportunity to register on the Site or in the Application and the opportunity to subscribe to our newsletter.
- We use your personal data (whenever is possible, subject to choices you make using functionalities in Setting section) to provide and support the products, services and functionalities as described in the MEDizzy Terms and Conditions, in particular:
- we personalize features and content of the Site/Application to:
- make suggestions for you on topics, content, groups or events we think you may be interested in,
- develop, test and improve our Site/Application,
- select and personalize offers, ads or other sponsored content to show you, according to your preferences,
- send you marketing communication, in particular to promote our services, including additional and sometimes paid functionalities;
- if you express your separate consent to receiving the Newsletter or commercial communication by e-mail, we will use your e-mail address to send you such communicates;
- we send you other kind of communications related to MEDizzy Terms and Conditions. Consequently, we also use the information on you to be responsive toward you when you decide to contact us;
- we use the information we have to help our advertisers, sponsors, partners, Associates to measure the effectiveness and distribution of their content, ads and services in order to understand their most accurate recipients and their needs. We also use those information in analytical purposes of that kind in our own interest;
- we use the information we have to verify accounts and activity on the Site/Application in order to detect, prevent, combat any harmful conduct, such as spamming, intellectual property infringements or discriminatory, intimidating or other harmful behaviours, which mostly includes violations of MEDizzy Terms and Conditions.
- As we want to be able to present you offers and content tailored to your interests, we carry out profiling activities. Please be noted, that in no case this will affect your rights or freedoms, nor will it affect you in any other way. There is no automated decision-making involved.
IV. Legal basis for personal data processing
- Depending on the purpose, we process your personal data on a different legal basis.
- In order to perform our contract with you (that is to enable you to use the Site/Application according to MEDizzy Terms and Conditions), we process your data as necessary. You do not need to consent to that specifically, but without that you wouldn’t be able to use the Site/Application.
- The other legal bases we sometimes rely on while processing your data are:
- your consent:
- for processing data of special categories (such as your religious and philosophical beliefs, political opinions, your health, ethnic origin, sex life or sexual orientation), if you decide to present those data, so that we could share those information with the members of MEDizzy society and personalise your content,
- for using data that our advertisers, sponsors, partners, Associates provide us about your activity of our Site/Application, so we can personalise the content we show you on the Site or within the Application,
- for collecting information you allow us to receive through the device-based settings you enable (such as access to your GPS location, camera or photos), so we can provide the functionalities or services described when you enable the settings,
- for the purpose of sharing your personal data allowing to identify and contact you (such as your name or email address) with sponsors and advertisers, if you decide that we should share those, so that they can contact you directly and present you with information you are interested in,
- data about your use of the Site, which we get through the so-called cookie files;
- our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms, which is:
- providing measurement, analytics, and other business services where we are processing data as a Controller. The legitimate interests we or the third parties have here is providing accurate and reliable reporting to our partners, advertisers, developers, sponsors, Associates that allows us and them to get to recognize your needs in order to improve our and their businesses, especially evaluate the effectiveness of the online content and advertising,
- providing marketing communications to you, including newsletter. The legitimate interests we have here is to promote our Application, Site or other services,
- appropriate responding to law enforcement practices and legal requests. The legitimate interests we have here is to detect, prevent, combat any harmful conduct or fraud and to protect ourselves, our Users and others,
- for people under the age of majority (under 18, in most EU countries) who have a limited ability to enter into an enforceable contract,we may be unable to process personal data on the grounds of contractual necessity. Nevertheless, when such a person uses our Site/Application, it is in our legitimate interests to provide, personalize, and improve our Site/Application and to provide non-marketing communications with them. The legitimate interests we rely on for this kind of processing are:
- to create, provide, support and maintain innovative products and features that enable people under the age of majority to benefit from the exchange of professional information and being a part of a professional society we are gathering around our Site and Application,
- to secure our Site and Application, verify accounts and activity in order to detect, prevent, combat any harmful conduct, such as spamming, intellectual property infringements or discriminatory, intimidating or other harmful behaviours, which mostly includes violations of MEDizzy Terms and Conditions and – the least but not last – to protect the safety of people under the age of majority, who are especially vulnerable users of Internet;
- compliance with a legal obligation – we are obliged to process your data when the law requires it, including, for example, if there is a valid legal request for certain data;
- protection of your vital interests or those of another person – that includes all the cases when protection of your life or physical integrity or that of others is required, and we rely on it to combat harmful conduct related to our Site/Application.
V. Time limitations for processing of personal data
- The period for which we process your personal data depends on the purpose of processing.
- Personal data collected for the purpose of and related to registration on our Site or in Application or subscribing to the newsletter are being processed for the period you are registered/subscribed – until you unregister/unsubscribe. After this period, your data will be processed for purposes related to the accountability of our activities, for which we are obliged by the mandatory provisions of law, including in particular tax and accounting regulations, regulations on the protection of personal data and the period of , which differs depending on a kind of claim (for example resulting from a simple contract, deed, tort, fraud, defamation and so on).
VI. Recipients of personal data
- We transfer your personal data only when it is necessary to perform the services that you order by using functionalities of the Site/Application. We do not sell your data, we do not make your data commercially available to third parties.
- We may pass your personal data to our partners of the following kind:
- companies that provide us with the delivery and maintenance of hosting, database software, through which we can run our service, newsletter etc.;
- marketing agencies or other entities of that kind providing measurement, analytics, and other business services that help us understand what our Users are interested in, create interesting content, offers, functionalities and help us in ongoing communication with our Users;
- entities supporting us in the provision of electronic services, i.e. those that provide payment services;
- entities that perform consulting or auditing services.
- We may also pass on your personal data to public authorities fighting against fraud and abuse.
- For each of these purposes as mentioned directly above, we only provide data that is necessary to achieve it. Wherever and whenever possible we use tools of pseudonymisation or other activities that make it impossible for our partners and subcontractors to identify you, while we have your data all the time and you are not anonymous for us.
VII. Your rights related to personal data processing
- When we process data you provide to us based on your consent, you have the right to withdraw it at any time. Please be noted, that the withdrawal will be valid and effective for future only.
- You may exercise your right to withdraw the consent by sending an e-mail to firstname.lastname@example.org by post to the following address: Craven House, Ground Floor, 40-44, Uxbridge Road, London, United Kingdom, W5 2BS, with the note “Personal Data”.
- Expressing consent for our newsletter functionality or any other commercial communication is voluntary and we do not make the use of the Site/Application conditional upon its expression by you. With this kind of communication you can unsubscribe at any time by sending a request to email@example.com or by using a special tab on the Site www.medizzy.com/unsubscribe or “Unsubscribe” button within the Application.
- Remember that once you withdraw your consent, it may take some time before the motion is accepted and all databases are synchronized. We will make every effort to ensure that these activities take place without unnecessary delay, but in no case it will last longer than one month.
- Remember that the withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal.
- Please, be also aware, that your personal data in the scope covered by the revoked consent, i.e. in the scope of the purpose for which it was requested, will cease to be processed for this purpose only. Your personal data subjected to consent may be still processed in order to fulfill our obligations under the law, including, in particular, the obligation to account for the correctness of personal data processing, or for the purposes justified by our legitimate interest.
- The personal data protection law gives you a number of other rights that you can use at any time. Unless you abuse these rights (eg. unreasonable daily requests for information), using them will be free of charge for you and should be easy to implement.
- Apart from the right to withdraw your consent, as mentioned above, your rights include:
- the right to access your personal data.
This right means that you can ask us to export from our databases the information we have about you and send it to you in one of the commonly used formats (eg XLSX, DOCX, etc.);
- the right to correct personal data.
If you find out that your personal data we process is incorrect, you may ask us to correct it and we will be obliged to do so. In this case, we have the right to ask you for a document or proof of the change;
- the right to seek restriction of personal data processing.
If, despite the fact that we adhere to the adequacy principle, that is we process only data that is necessary to achieve a given processing goal, you consider that for a specific purpose we process too wide catalogue of your personal data, you have the right to request that we restrict (limit) the scope of processing. If the request does not oppose the requirements imposed on us by applicable law, or it is not necessary for the performance of the contract, we will accept your request;
- the right to request erasure of personal data.
This right, also known as the right to be forgotten, means that you can demand that we remove any information that contains your personal information from our systems and any other records. Remember however, that we will not be able to do so if we are obliged to process your data under provisions of law (for example transaction documents for tax purposes, obligation to ensure the accountability of our activities). In each case, however, we will remove your personal data to the fullest extent possible, and where it is not possible we will ensure their pseudonymisation (which means that the data subjected cannot be identified without a corresponding key). Allowing this, your data we need to keep in line with applicable law, will be available only to a very limited group of people in our organization;
- the right to personal data portability.
In accordance with the General Data Protection Regulation, you can ask us to port the data you provided to us in the course of all our contacts and all cooperation to a separate file, for the purpose of further transfer to another data controller;
- the right to object to personal data processing.
You submit the right to object when you do not want us to process your personal data for a specific purpose (for example for marketing purposes). In evaluating an objection, we’ll evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort; if you are under the age of majority in your country and have a limited ability to enter an enforceable contract, we will take particular account of the fact that you are below the age of majority and adjust our assessment of our legitimate interests and the balancing of your interests and rights accordingly. Should your objection be deemed justified, we will continue to process your data for other processes (for other purposes), but not for the purpose for which you objected. In any case, your objection will be upheld and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
9. You may exercise all of your rights by sending an e-mail to firstname.lastname@example.org or by post to the following address: Craven House, Ground Floor, 40-44, Uxbridge Road, London, United Kingdom, W5 2BS, with the note “Personal Data”.
VIII. Right to lodge a complaint with a supervisory authority
- We wish to inform you separately, that you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of EU of your place of living, place of work or place of the alleged infringement if you feel that the processing of your personal data infringes the GDPR regulation.
- An individual authority is established by each of the EU Member State to supervise the compliance with GDPR. For the UK the Information Commissioner’s Office (ICO) will be the Supervisory Authority.
- You can contact the ICO via e-mail (email@example.com) or post (Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK). For more information see https://ico.org.uk.
The Application contains redirections (links) to other websites with a brief description, published by its users. The contents of these pages may be subject to copyright of their respective authors and are protected in accordance therewith. The MEDizzy team responds in an ongoing manner to reports regarding the violations of the rights of third parties by users of the application, taking appropriate steps and measures to remove or disable access to content published in violation of third party rights.
X. Legal disclaimer and liability
All contents contained in the Application are made available free of charge. The users as well as the MEDizzy Team bear no responsibility for any damages resulting from the use of said content. The publisher of the MEDizzy application reserves the right to remove or edit entries and to block users who violate the MEDizzy terms and conditions.
XI. Limitation of liability
The publisher of the Application does not bear any liability for the content and opinions expressed by users in the comments or descriptions, including the correctness of the information posted by the users. The contents of the application are meant for informational purposes only and may not constitute the basis for a diagnosis or for taking up treatment. The publisher of the Application bears no responsibility for medical decisions made on the basis of the content of the Application.
XII. Collection of personal data
Registration in the Application requires at least an e-mail address of the user to be provided. The publisher of the MEDizzy application processes personal data in accordance with applicable laws and regulations. E-mail addresses are in particular being used to notify users about technical issues and relevant changes to the service. Detailed information regarding the principles of the processing of personal data by MEDizzy LTD can be found in the Terms and Conditions of the Application.