Privacy Policy

1. Introduction

This privacy policy applies to MedAccess Guarantee Ltd “MedAccess”. We at MedAccess take your privacy seriously, and this policy has been drafted in accordance with the requirements of the General Data Protection Regulation (GDPR).

The policy describes how we process personal data, which personal data we collect and why we collect it, with whom we share this personal data, how we protect it, and the choices you can make about how we use your personal data. This policy applies to any personal data collected, held or processed by or on behalf of MedAccess.

The scope of this policy also includes all the websites, applications, mobile sites, and social media platforms that are owned by MedAccess, where personal data is processed.

Please check this policy periodically at www.medaccess.org/privacy-policy to inform yourself of any changes.

2. How we collect and use your information

2.1 Visitors to our website

We collect IP addresses, cookies, moments of connection from visitors to our websites, which are analysed by Google Analytics, who collect standard internet log information and details of visitor behaviour patterns. We do this to identify the number of visitors to the various sections of the site. This information is not used to identify anyone. Both MedAccess and Google do not make any attempt to discover the identities of visitors to our website. For further information about our use of cookies, please consult our cookie policy.

2.1.1 Newsletter

We will collect your name and email address if you choose to subscribe to our newsletter. We use a third-party provider, Mailchimp, to deliver our monthly e-newsletters. For more information, please see:

2.1.2 General enquires

When you submit an enquiry, we will collect your email address and comments, we will also collect your first name, surname and your company name and phone number if you choose to provide it.

Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

2.2 People who email us

When you send an email to us we may collect your IP address, email address and other data you have provided within the email or attachments. The information will only be used to address the purposes of your request, it will be recorded in our email and email security systems.

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with security best practices. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

2.3 People who call our contact points

When you call MedAccess, we collect Calling Line Identification (CLI) information which may include your telephone number. We use this information to help improve our efficiency and effectiveness. We do not record phone conversations.

2.4 Use of personal data for direct communication purpose

We will only use your personal data to send communications via electronic means (e.g. email, SMS or MMS) if we have obtained your prior consent or have a legitimate and lawful interest to do so. You can withdraw your consent or object to communications at any point in time, by contacting the Data Protection Officer (DPO) at jhutchins@medaccess.org

MedAccess will only process your personal data to achieve the purposes it was collected for, or for any other legitimate and lawful purpose.

MedAccess will notify the processing of personal data to the relevant authorities to the extent required under all applicable data protection laws and regulations.

3. Accurate data

It is important for us to maintain accurate and up to date records of your personal data. Please inform us of any changes to or errors in your personal data as soon as possible by contacting the DPO at jhutchins@medaccess.org

We will take reasonable steps to make sure that any inaccurate or out-of-date data is deleted, destroyed or amended accordingly.

4. Access and rectification

You have the right to access the personal data we hold about you and, if such personal data is inaccurate or incomplete, to request the rectification or erasure of such personal data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact the DPO at jhutchins@medaccess.org

5. Timely processing

We shall retain your personal data in a manner consistent with the applicable data protection laws and regulations. We will only retain your personal data for as long as necessary to comply with the applicable laws and regulations or for the purposes for which we process your personal data. For guidance on how long certain personal data is likely to be kept before being destroyed, please contact the DPO at jhutchins@medaccess.org

6. Data security

We shall ensure that appropriate technical and organisational security measures are taken against unlawful or unauthorised processing of personal data, and against the misuse, destruction, disclosure, acquisition, accidental loss of, or damage to personal data. Personal data shall only be processed by a third-party processor if they can demonstrate adequate compliance or certification to relevant information security standards and practices.

Maintaining data security means protecting the confidentiality, integrity and availability of the personal data:

  • Confidentiality: we will protect your personal data from unauthorised disclosure to third parties.
  • Integrity: we will protect your personal data from being modified by unauthorised third parties.
  • Availability: we will ensure that authorised parties are able to access your personal data when needed.

We have put in place security measures to prevent your data from accidental loss or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.

7. Data Protection Officer

MedAccess has taken the decision to appoint a DPO to monitor internal compliance, inform and advise on our data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and to act as a contact point for data subjects and the supervisory authority. The designated DPO for MedAccess and their contact information is as follows:

Jonathan Hutchins
MedAccess Guarantee Ltd
25 Wilton Road
London
SW1V 1LW
jhutchins@medaccess.org

If you have a query in relation to this policy or our processing of your personal data, you can contact the DPO.

8. Disclosure of personal data

8.1 Categories of recipients

For the above-mentioned purposes, we may disclose your personal data to the following categories of recipients:

  • Authorised staff members of MedAccess;
  • Corporate affiliates of MedAccess;
  • Our communication agencies: to help us deliver and analyse the effectiveness of our communications;
  • Business partners: trusted companies that may use your personal data to provide you with the services and/or the information you requested and/or that may provide you with communications (if you have consented to receiving them). We ask such companies to always act in compliance with applicable laws and this privacy policy and to pay high attention to the confidentiality of your personal data.

9. Use of social networks

MedAccess sometimes facilitates the publication of (personal) data via social media such as Twitter and Facebook. These social media have their own terms of use which you are required to consider and observe if you make use of them. Publication on social media may have (undesired) consequences, including for your privacy or that of persons whose data you share, such as the impossibility of withdrawing publication in the short term. You must estimate these consequences yourself, for you are taking the decision about the publication on these media. MedAccess does not accept any responsibility in that regard.

10. Disclosures outside the EU

Your personal data may be transferred to any of the recipients identified in this policy, some of which may be outside the EU and may be processed by us and any of these recipients in any country worldwide. The countries to which your personal data is transferred may not offer an adequate level of protection. In connection with any transfer of personal data to countries that do not offer the same level of protection as in the EU, MedAccess shall implement appropriate measures to ensure an adequate level of protection of your personal data.

11. Your choices and your rights

We want to be as transparent as possible with you, so that you can make meaningful choices about how you want us to use your information. We can contact you by post and by phone, and if you give us your prior consent to do so, by email, SMS and other electronics means.

11.1 Your choices

In this context, you can make a variety of choices about how you want to be contacted by us, through which channel (e.g. email, mail, social media, etc.), for which purpose and how frequently, by contacting jhutchins@medaccess.org

Please note that by default, if you don’t make a choice, you will receive our communications at the following frequency: at the date of publication.

11.2 Your personal information

You may always contact us by post or email to find out what personal information we have concerning you, the origin of the data and to access or receive a copy of your data.

11.3 Your corrections

If you find any mistake in your personal information or if you find it incomplete or incorrect, you can request that we correct it or complete it.

11.4 Your objections

You may also object to the use of your data for direct marketing purposes (if you prefer, you can also advise us on which channel and how frequently you prefer to be contacted by us).

11.5 Portability

You may request a copy of your personal data from us in a structured, commonly used and machine-readable format. You can also request that we transfer your personal data to another controller. Portability applies when we process your personal data in an automated means with your consent.

11.6 Erasure

Finally, you may request for us to erase any data concerning you (except in some cases, for example, where we are required to retain the data by law).

12. Contact

For any privacy issues, questions or complaints concerning the application of this policy or to exercise your rights within the context of this policy, you may contact our DPO at jhutchins@medaccess.org

Alternatively, you may write to us:
MedAccess Guarantee Ltd
25 Wilton Road
London
SW1V 1LW
United Kingdom